GDPR and logging stuff

[skokorin]

We need to log all successful and failed log attempts: Minimum attributes to be logged: Timestamp Source Identity Successful and Failed Authentication Successful and Failed Authorization Authorization Details (what was authorized)

I've managed to override wrapper according to it, but not sure it's a best way:

def authAction(filter: User => Future[Boolean] = { user: User => Future.successful(true) },
      autoReject: Boolean = true, requestTimeout: Duration = 1.second)
      (implicit config: Configuration, ec: ExecutionContext, ws: WSClient, materializer: Materializer,
          parser: BodyParser[AnyContent]): OAuth2Action =
    new OAuth2Action(filter, autoReject, requestTimeout)(config.underlying, ec, ws, materializer, parser) {
      override def authenticate(
          requestHeader: RequestHeader): Future[Either[AuthorizationProblem, User]] = {
        val res = super.authenticate(requestHeader)
        implicit val context: RequestContext = requestHeader
        res.foreach({
          case Left(ex) => logger.warn(
            s"Failed access from ${requestHeader.remoteAddress} to ${requestHeader.uri} with $ex.")
          case Right(user) => logger.warn(
            s"Successful access from ${requestHeader.remoteAddress} to ${requestHeader.uri} with scopes ${user.scope.keys}.")
        })(executionContext)
        res
      }
    }

[musiKk]

We do it similarly. Our wrapper overrides invokeBlock and autoRejectBehavior and logs there but your approach looks fine. I think we might even be missing something.