search

SURFscz / SBS

Samenwerking Beheer Systeem ↣ Collaboration Management System
Apache License 2.0
3 stars 2 forks source link

SBS should log more info about failed queries #299

Closed baszoetekouw closed 1 year ago

baszoetekouw commented 2 years ago

When a pam-weblogin service uses a wrong config, it is currently hard to debug what exactly is going wrong.

For example, we only see errors like:

werkzeug.exceptions.Unauthorized: 401 Unauthorized: The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required.
SBS: 2022-09-02 07:41:33,379 base ERROR user: ext_api, <Response 248 bytes [500 INTERNAL SERVER ERROR]>
Traceback (most recent call last):
  File "/opt/sbs/sbs/server/api/base.py", line 130, in wrapper
    body, status = f(*args, **kwargs)
  File "/opt/sbs/sbs/server/api/pam_websso.py", line 63, in start
    service = validate_service_token("pam_web_sso_enabled")
  File "/opt/sbs/sbs/server/auth/tokens.py", line 21, in validate_service_token
    raise Unauthorized()

In such a case, it would make sense to see the json body of the request to debug the error.

baszoetekouw commented 1 year ago

Confirmed! this call

╰─▶ curl -v -H "Authorization: Bearer abcde_fout" -H "Content-Type: application/json"  -X POST -d '{"hallo": "bla"}' https://test.sram.surf.nl/pam-weblogin/start

gives this error:

Feb 27 15:07:25 app1-tf1 nginx[616]: 10.24.0.20 145.90.230.170 - [27/Feb/2023:15:07:25 +0000] "test.sram.surf.nl" "POST /pam-weblogin/start HTTP/1.1" 401 121 "-" "curl/7.86.0"
Feb 27 15:07:39 app1-tf1 python[448032]: WARNI [validate_service_token] user: ext_api, Invalid service_token: {'hallo': 'bla'}
Feb 27 15:07:39 app1-tf1 python[448032]: ERROR [base] user: ext_api, <Response 121 bytes [401 UNAUTHORIZED]>
Feb 27 15:07:39 app1-tf1 python[448032]: Traceback (most recent call last):
Feb 27 15:07:39 app1-tf1 python[448032]:   File "/opt/sbs/sbs/server/api/base.py", line 161, in wrapper
Feb 27 15:07:39 app1-tf1 python[448032]:     body, status = f(*args, **kwargs)
Feb 27 15:07:39 app1-tf1 python[448032]:   File "/opt/sbs/sbs/server/api/pam_websso.py", line 75, in start
Feb 27 15:07:39 app1-tf1 python[448032]:     service = validate_service_token("pam_web_sso_enabled")
Feb 27 15:07:39 app1-tf1 python[448032]:   File "/opt/sbs/sbs/server/auth/tokens.py", line 29, in validate_service_token
Feb 27 15:07:39 app1-tf1 python[448032]:     raise Unauthorized()
Feb 27 15:07:39 app1-tf1 python[448032]: werkzeug.exceptions.Unauthorized: 401 Unauthorized: Unauthorized 401: http://test.sram.surf.nl/pam-weblogin/start. IP: 145.90.230.170, 10.24.0.20