Merge pull request 'feature/lower-log-level-for-authentication-except…

…ion' (#110) from feature/lower-log-level-for-authentication-exception into hotfix/v3.0.1
ONLYOFFICE · Dec 2, 2024 · baa6bce · baa6bce
2 parents 1aef5fc + 0e55d47
commit baa6bce
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 8 deletions.
diff --git a/common/ASC.Api.Core/Log/CustomExceptionHandlerLogger.cs b/common/ASC.Api.Core/Log/CustomExceptionHandlerLogger.cs
@@ -30,4 +30,7 @@ internal static partial class CustomExceptionHandlerLogger
 {
     [LoggerMessage(LogLevel.Critical, "error during executing {RequestMethod}: {PathValue}")]
     public static partial void CriticalError(this ILogger<CustomExceptionHandler> logger, string RequestMethod, string PathValue, Exception exception);
+
+    [LoggerMessage(LogLevel.Information, "error during executing {RequestMethod}: {PathValue} {ExceptionMessage} {InnerExceptionMessage}")]
+    public static partial void InformationError(this ILogger<CustomExceptionHandler> logger, string RequestMethod, string PathValue, string ExceptionMessage, string InnerExceptionMessage);
 }
diff --git a/common/ASC.Api.Core/Middleware/ResponseWrapper.cs b/common/ASC.Api.Core/Middleware/ResponseWrapper.cs
@@ -41,6 +41,7 @@ public async ValueTask<bool> TryHandleAsync(HttpContext context, Exception excep
         }
 
         var withStackTrace = true;
+        var criticalException = true;
 
         switch (exception)
         {
@@ -64,6 +65,7 @@ public async ValueTask<bool> TryHandleAsync(HttpContext context, Exception excep
             case AuthenticationException:
                 status = HttpStatusCode.Unauthorized;
                 withStackTrace = false;
+                criticalException = false;
                 break;
             case InvalidOperationException:
                 status = HttpStatusCode.Forbidden;
@@ -82,7 +84,14 @@ public async ValueTask<bool> TryHandleAsync(HttpContext context, Exception excep
                 break;
         }
 
-        logger.CriticalError(context.Request.Method, context.Request.Path.Value, exception);
+        if (criticalException)
+        {
+            logger.CriticalError(context.Request.Method, context.Request.Path.Value, exception);
+        }
+        else
+        {
+            logger.InformationError(context.Request.Method, context.Request.Path.Value, exception.Message, exception.InnerException?.Message);
+        }
 
         var result = new ErrorApiResponse(status, exception, message, withStackTrace);
 

diff --git a/web/ASC.Web.Api/Api/AuthenticationController.cs b/web/ASC.Web.Api/Api/AuthenticationController.cs
@@ -159,8 +159,7 @@ await messageService.SendAsync(user.DisplayUserName(false, displayUserSettingsHe
                                                                           ? MessageAction.LoginFailViaApiSms
                                                                           : MessageAction.LoginFailViaApiTfa,
                                 MessageTarget.Create(user.Id));
-            logger.ErrorWithException(ex);
-            throw new AuthenticationException("User authentication failed");
+            throw new AuthenticationException("User authentication failed", ex);
         }
         finally
         {
@@ -275,8 +274,7 @@ public async Task<AuthenticationTokenDto> AuthenticateMeAsync(AuthRequestsDto in
         catch (Exception ex)
         {
             await messageService.SendAsync(user.DisplayUserName(false, displayUserSettingsHelper), viaEmail ? MessageAction.LoginFailViaApi : MessageAction.LoginFailViaApiSocialAccount);
-            logger.ErrorWithException(ex);
-            throw new AuthenticationException("User authentication failed");
+            throw new AuthenticationException("User authentication failed", ex);
         }
         finally
         {
@@ -519,8 +517,7 @@ await loginProfileTransport.FromTransport(inDto.SerializedProfile) :
         catch (Exception ex)
         {
             await messageService.SendAsync(!string.IsNullOrEmpty(inDto.UserName) ? inDto.UserName : AuditResource.EmailNotSpecified, action);
-            logger.ErrorWithException(ex);
-            throw new AuthenticationException("User authentication failed");
+            throw new AuthenticationException("User authentication failed", ex);
         }
         wrapper.UserInfo = user;
         return wrapper;

diff --git a/web/ASC.Web.Core/BruteForceLoginManager.cs b/web/ASC.Web.Core/BruteForceLoginManager.cs
@@ -154,7 +154,7 @@ public async Task<UserInfo> AttemptAsync(string login, RecaptchaType recaptchaTy
 
             if (user == null || !userManager.UserExists(user))
             {
-                throw new Exception("user not found");
+                throw new AuthenticationException("user not found");
             }
 
             if (recaptchaPassed)