Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Don't log a 500 when it's a user error #647

Merged
merged 1 commit into from
Sep 23, 2020
Merged

Don't log a 500 when it's a user error #647

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pkg/controller/verifyapi/verify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,6 @@ func (c *Controller) HandleVerify() http.Handler {
// The token can be used to sign TEKs later.
verificationToken, err := c.db.VerifyCodeAndIssueToken(authApp.RealmID, request.VerificationCode, acceptTypes, c.config.VerificationTokenDuration)
if err != nil {
c.logger.Errorw("failed to issue verification token", "error", err)
switch {
case errors.Is(err, database.ErrVerificationCodeExpired):
stats.Record(ctx, c.metrics.CodeVerifyExpired.M(1), c.metrics.CodeVerificationError.M(1))
Expand All @@ -106,6 +105,7 @@ func (c *Controller) HandleVerify() http.Handler {
stats.Record(ctx, c.metrics.CodeVerifyInvalid.M(1), c.metrics.CodeVerificationError.M(1))
c.h.RenderJSON(w, http.StatusPreconditionFailed, api.Errorf("verification code has unsupported test type").WithCode(api.ErrUnsupportedTestType))
default:
c.logger.Errorw("failed to issue verification token", "error", err)
stats.Record(ctx, c.metrics.CodeVerificationError.M(1))
c.h.RenderJSON(w, http.StatusInternalServerError, api.InternalError())
}
Expand Down
11 changes: 8 additions & 3 deletions pkg/database/authorized_app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,17 +138,21 @@ func (r *Realm) CreateAuthorizedApp(db *Database, app *AuthorizedApp) (string, e

// FindAuthorizedAppByAPIKey located an authorized app based on API key.
func (db *Database) FindAuthorizedAppByAPIKey(apiKey string) (*AuthorizedApp, error) {
logger := db.logger.Named("FindAuthorizedAppByAPIKey")

// Determine if this is a v1 or v2 key. v2 keys have colons (v1 do not).
if strings.Contains(apiKey, ".") {
// v2 API keys are HMACed in the database.
apiKey, realmID, err := db.VerifyAPIKeySignature(apiKey)
if err != nil {
return nil, err
logger.Warnw("failed to verify api key signature", "error", err)
return nil, gorm.ErrRecordNotFound
}

hmacedKeys, err := db.generateAPIKeyHMACs(apiKey)
if err != nil {
return nil, fmt.Errorf("failed to create hmac: %w", err)
logger.Warnw("failed to create hmac", "error", err)
return nil, gorm.ErrRecordNotFound
}

// Find the API key that matches the constraints.
Expand All @@ -166,7 +170,8 @@ func (db *Database) FindAuthorizedAppByAPIKey(apiKey string) (*AuthorizedApp, er
// The API key is either invalid or a v1 API key.
hmacedKeys, err := db.generateAPIKeyHMACs(apiKey)
if err != nil {
return nil, fmt.Errorf("failed to create hmac: %w", err)
logger.Warnw("failed to create hmac", "error", err)
return nil, gorm.ErrRecordNotFound
}

var app AuthorizedApp
Expand Down