[NEXUS-8821] add useful logging for siesta/wonderland/authenticate resource username mismatch - Sonatype JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.11.3
Fix Version/s: 2.11.4
Component/s: Security
Labels:
- supportant

Story Points:
0.5
Sprint:
Sprint 47

Description

When a request as follows, end user gets a 400 status response and message "Username mismatch":

curl -v -4 -H "Accept: application/json" -H "Content-Type: application/json" --data '{"u":"YWRtaW4=","p":"YWRtaW4xMjM="}' http://localhost:8081/nexus/service/siesta/wonderland/authenticate

The problem is the user was authenticated as anonymous user because credentials were only in the payload and not in Basic Auth headers. Since anonymous username != payload username, we return 400.

Problem is this is hard to diagnose without debug logging and a better understanding of what username mismatches.

For example, end user may also send basic auth header username which can authenticate, but the encoded payload values are encoded incorrectly - same problem, user is left wondering where the problem lies.

This can be improved with a simple logging adjustment.

Expected:

log at WARN the authenticated username and payload username if they do not match
log at DEBUG the decoded usernames before the match attempt

Reference: https://sonatype.zendesk.com/entries/39800446

Attachments

Activity

People

Assignee:: Mahendra Surani

Reporter:: Peter Lynch

Last Updated By:: Peter Lynch

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 06/11/15 03:38 PM

Updated:: 07/08/15 04:53 PM

Resolved:: 07/08/15 04:53 PM

Date of First Response:: 11/Jun/15 6:11 PM