Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

24653 - Changes to enable forbidden error logging for AUTH #3177

Merged
merged 2 commits into from
Dec 12, 2024
Merged

24653 - Changes to enable forbidden error logging for AUTH #3177

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9afbe3
Changes to enable forbidden error logging for AUTH
seeker25 Dec 12, 2024
cc47b73
put in vaults
seeker25 Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 20 additions & 1 deletion auth-api/src/auth_api/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
import os
import traceback

from flask import Flask
from flask import Flask, request
from flask_cors import CORS
from flask_migrate import Migrate, upgrade
from sbc_common_components.utils.camel_case_response import convert_to_camel
Expand All @@ -33,6 +33,7 @@
from auth_api.services.gcp_queue import queue
from auth_api.utils.auth import jwt
from auth_api.utils.cache import cache
from auth_api.utils.user_context import _get_context

logger = StructuredLogging.get_logger()

Expand Down Expand Up @@ -62,13 +63,31 @@ def create_app(run_mode=os.getenv("DEPLOYMENT_ENV", "production")):
app.after_request(convert_to_camel)

ExceptionHandler(app)
setup_403_logging(app)
setup_jwt_manager(app, jwt)
register_shellcontext(app)
build_cache(app)

return app


def setup_403_logging(app):
"""Log setup for forbidden."""
if app.config.get("ENABLE_403_LOGGING") is True:

@app.errorhandler(403)
def handle_403_error(error):
user_context = _get_context()

user_name = user_context.user_name[:5] + "..."
roles = user_context.roles
app.logger.error(f"403 Forbidden - {request.method} {request.url} - {user_name} - {roles}")

message = {"message": getattr(error, "message", error.description)}
headers = {"Content-Type": "application/json", "Access-Control-Allow-Origin": "*"}
return message, error.code, headers


def execute_migrations(app):
"""Execute the database migrations."""
try:
Expand Down
1 change: 1 addition & 0 deletions auth-api/src/auth_api/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ class _Config: # pylint: disable=too-few-public-methods

# LaunchDarkly SDK key
AUTH_LD_SDK_KEY = os.getenv("AUTH_LD_SDK_KEY", None)
ENABLE_403_LOGGING = os.getenv("ENABLE_403_LOGGING", "False").lower() == "true"


class DevConfig(_Config): # pylint: disable=too-few-public-methods
Expand Down
Loading