Details
Description
When a request as follows, end user gets a 400 status response and message "Username mismatch":
curl -v -4 -H "Accept: application/json" -H "Content-Type: application/json" --data '{"u":"YWRtaW4=","p":"YWRtaW4xMjM="}' http://localhost:8081/nexus/service/siesta/wonderland/authenticate
The problem is the user was authenticated as anonymous user because credentials were only in the payload and not in Basic Auth headers. Since anonymous username != payload username, we return 400.
Problem is this is hard to diagnose without debug logging and a better understanding of what username mismatches.
For example, end user may also send basic auth header username which can authenticate, but the encoded payload values are encoded incorrectly - same problem, user is left wondering where the problem lies.
This can be improved with a simple logging adjustment.
Expected:
- log at WARN the authenticated username and payload username if they do not match
- log at DEBUG the decoded usernames before the match attempt