From 900b3f1d075b685e9a7634e980a979a46df57c54 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Wed, 23 Sep 2020 14:07:20 -0400 Subject: [PATCH] Don't log a 500 when it's a user error --- pkg/controller/verifyapi/verify.go | 2 +- pkg/database/authorized_app.go | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/pkg/controller/verifyapi/verify.go b/pkg/controller/verifyapi/verify.go index 41003327b..11822b92b 100644 --- a/pkg/controller/verifyapi/verify.go +++ b/pkg/controller/verifyapi/verify.go @@ -91,7 +91,6 @@ func (c *Controller) HandleVerify() http.Handler { // The token can be used to sign TEKs later. verificationToken, err := c.db.VerifyCodeAndIssueToken(authApp.RealmID, request.VerificationCode, acceptTypes, c.config.VerificationTokenDuration) if err != nil { - c.logger.Errorw("failed to issue verification token", "error", err) switch { case errors.Is(err, database.ErrVerificationCodeExpired): stats.Record(ctx, c.metrics.CodeVerifyExpired.M(1), c.metrics.CodeVerificationError.M(1)) @@ -106,6 +105,7 @@ func (c *Controller) HandleVerify() http.Handler { stats.Record(ctx, c.metrics.CodeVerifyInvalid.M(1), c.metrics.CodeVerificationError.M(1)) c.h.RenderJSON(w, http.StatusPreconditionFailed, api.Errorf("verification code has unsupported test type").WithCode(api.ErrUnsupportedTestType)) default: + c.logger.Errorw("failed to issue verification token", "error", err) stats.Record(ctx, c.metrics.CodeVerificationError.M(1)) c.h.RenderJSON(w, http.StatusInternalServerError, api.InternalError()) } diff --git a/pkg/database/authorized_app.go b/pkg/database/authorized_app.go index 8b30c8c82..35f1c83ab 100644 --- a/pkg/database/authorized_app.go +++ b/pkg/database/authorized_app.go @@ -138,17 +138,21 @@ func (r *Realm) CreateAuthorizedApp(db *Database, app *AuthorizedApp) (string, e // FindAuthorizedAppByAPIKey located an authorized app based on API key. func (db *Database) FindAuthorizedAppByAPIKey(apiKey string) (*AuthorizedApp, error) { + logger := db.logger.Named("FindAuthorizedAppByAPIKey") + // Determine if this is a v1 or v2 key. v2 keys have colons (v1 do not). if strings.Contains(apiKey, ".") { // v2 API keys are HMACed in the database. apiKey, realmID, err := db.VerifyAPIKeySignature(apiKey) if err != nil { - return nil, err + logger.Warnw("failed to verify api key signature", "error", err) + return nil, gorm.ErrRecordNotFound } hmacedKeys, err := db.generateAPIKeyHMACs(apiKey) if err != nil { - return nil, fmt.Errorf("failed to create hmac: %w", err) + logger.Warnw("failed to create hmac", "error", err) + return nil, gorm.ErrRecordNotFound } // Find the API key that matches the constraints. @@ -166,7 +170,8 @@ func (db *Database) FindAuthorizedAppByAPIKey(apiKey string) (*AuthorizedApp, er // The API key is either invalid or a v1 API key. hmacedKeys, err := db.generateAPIKeyHMACs(apiKey) if err != nil { - return nil, fmt.Errorf("failed to create hmac: %w", err) + logger.Warnw("failed to create hmac", "error", err) + return nil, gorm.ErrRecordNotFound } var app AuthorizedApp