Add more log fields in 401 Unauthorized requests
What does this MR do and why?
When a user fails to authenticate with a personal access token,
previously the log message only showed a 401 status with no
details. This commit adds the meta.auth_fail_reason
and
meta.auth_fail_token_id
log fields via the ApplicationContext
.
Sample entry:
"meta.auth_fail_reason": "token_expired",
"meta.auth_fail_token_id": "PersonalAccessToken/12",
Relates to #464652 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Check out this branch.
- Go to
/-/user_settings/personal_access_tokens
and create a new token withread_api
. - In the Rails console (
bin/rails c
), change the expiration date to yesterday:
token = PersonalAccessToken.last
token.update!(expires_at: Date.yesterday)
- Attempt to use this token in the API:
curl -H "PRIVATE-TOKEN: <pat>" https://gdk.example.com/api/v4/user
- Check
log/api_json.log
. You should see themeta.auth_fail_reason
andmeta.auth_fail_token_id
fields:
"meta.caller_id": "GET /api/:version/user",
"meta.remote_ip": "127.0.0.1",
"meta.feature_category": "user_profile",
"meta.client_id": "ip/127.0.0.1",
"meta.auth_fail_reason": "token_expired",
"meta.auth_fail_token_id": "PersonalAccessToken/12",
"request_urgency": "low",
"target_duration_s": 5
Edited by Stan Hu