Fix logging of user in /jwt/auth (!31541) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-fix-user-logging-for-jwt-controller into master May 10, 2020

Previously the user_id and username would be logged as null in production_json.log for any user that accessed the container registry, which calls the /jwt/auth endpoint.

Unlike other descendants of ApplicationController that use Devise, JwtController authenticates users via @authentication_result. We now override auth_user to get this information in the logs.

This was found in an investigation into #23644 (closed).

Example log

{
  "method": "GET",
  "path": "/jwt/auth",
  "format": "html",
  "controller": "JwtController",
  "action": "auth",
  "status": 200,
  "unpermitted_params": [
    "scope"
  ],
  "time": "2020-05-10T07:16:03.497Z",
  "params": [
    {
      "key": "account",
      "value": "gitlab-ci-token"
    },
    {
      "key": "scope",
      "value": "repository:root/simple-ci:pull"
    },
    {
      "key": "service",
      "value": "container_registry"
    }
  ],
  "remote_ip": "127.0.0.1",
  "user_id": 1,
  "username": "root",
  "ua": "docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.19.76-linuxkit os/linux arch/amd64 UpstreamClient(Go-http-client/1.1)",
  "queue_duration_s": null,
  "redis_calls": 1,
  "redis_duration_s": 0.00061,
  "correlation_id": "JYRyVcppup3",
  "cpu_s": 0.16,
  "db_duration_s": 0.00284,
  "view_duration_s": 0.00014,
  "duration_s": 0.0267
}

Edited May 10, 2020 by Stan Hu

Fix logging of user in /jwt/auth

Example log

Merge request reports