Improve authentication logs

This commit is contained in:
Michał Gątkowski 2022-08-05 22:44:20 +02:00
parent 53d0ba0410
commit bd435d1a13

View File

@ -274,13 +274,13 @@ func loadCred(cred string) error {
reader := bufio.NewReader(file) reader := bufio.NewReader(file)
for lineno := 1; true; lineno++ { for lineno := 1; true; lineno++ {
line, err := reader.ReadBytes('\n') line, err := reader.ReadBytes('\n')
zap.L().Debug("Credentials: " + string(line))
if err != nil { if err != nil {
if err == io.EOF { if err == io.EOF {
break break
} }
return errors.Wrapf(err, "while reading line %d", lineno) return errors.Wrapf(err, "while reading line %d", lineno)
} }
line = line[:len(line)-1] // strip '\n' line = line[:len(line)-1] // strip '\n'
/* The following regex checks if the line satisfies the following conditions: /* The following regex checks if the line satisfies the following conditions:
@ -297,7 +297,6 @@ func loadCred(cred string) error {
if !re.Match(line) { if !re.Match(line) {
return fmt.Errorf("on line %d: format should be: <USERNAME>:<BCRYPT HASH>, instead got: %s", lineno, line) return fmt.Errorf("on line %d: format should be: <USERNAME>:<BCRYPT HASH>, instead got: %s", lineno, line)
} }
tokens := bytes.Split(line, []byte(":")) tokens := bytes.Split(line, []byte(":"))
opts.Credentials[string(tokens[0])] = tokens[1] opts.Credentials[string(tokens[0])] = tokens[1]
} }
@ -310,7 +309,7 @@ func loadCred(cred string) error {
// //
// Most web browser display a dialog with something like: // Most web browser display a dialog with something like:
// //
// The website says: "<realm>" // The website says: "<realm>"
// //
// Which is really stupid so you may want to set the realm to a message rather than // Which is really stupid so you may want to set the realm to a message rather than
// an actual realm. // an actual realm.
@ -333,12 +332,14 @@ func BasicAuth(handler http.HandlerFunc, realm string) http.HandlerFunc {
hashedPassword, ok := opts.Credentials[username] hashedPassword, ok := opts.Credentials[username]
opts.CredentialsRWMutex.RUnlock() opts.CredentialsRWMutex.RUnlock()
if !ok { // User not found if !ok { // User not found
zap.L().Error("User \"" + string(username) + "\" not found!")
authenticate(w, realm) authenticate(w, realm)
return return
} }
if err := bcrypt.CompareHashAndPassword(hashedPassword, []byte(password)); err != nil { // Wrong password if err := bcrypt.CompareHashAndPassword(hashedPassword, []byte(password)); err != nil { // Wrong password
authenticate(w, realm) authenticate(w, realm)
zap.L().Error("Wrong password provided!")
return return
} }