This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch arm in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 0912c5c2cf4fc6625605ca87e36f15af29890662 Author: Alastair McFarlane <[email protected]> AuthorDate: Mon Feb 23 16:33:50 2026 +0000 #725 - make sure failures are logged from PAT failure and they include the user --- atr/api/__init__.py | 3 +-- atr/storage/writers/tokens.py | 13 +++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/atr/api/__init__.py b/atr/api/__init__.py index a582cffc..7929bddc 100644 --- a/atr/api/__init__.py +++ b/atr/api/__init__.py @@ -435,12 +435,11 @@ async def jwt_create(data: models.api.JwtCreateArgs) -> DictResponse: # Expects {"asfuid": "uid", "pat": "pat-token"} # Returns {"asfuid": "uid", "jwt": "jwt-token"} asf_uid = data.asfuid + log.add_context(user_id=asf_uid) async with storage.write(asf_uid) as write: wafc = write.as_foundation_committer() jwt = await wafc.tokens.issue_jwt(data.pat) - log.add_context(user_id=asf_uid) - return models.api.JwtCreateResults( endpoint="/jwt/create", asfuid=data.asfuid, diff --git a/atr/storage/writers/tokens.py b/atr/storage/writers/tokens.py index bf412286..d700dee5 100644 --- a/atr/storage/writers/tokens.py +++ b/atr/storage/writers/tokens.py @@ -27,6 +27,7 @@ import sqlmodel import atr.db as db import atr.jwtoken as jwtoken import atr.ldap as ldap +import atr.log as log import atr.mail as mail import atr.models.sql as sql import atr.storage as storage @@ -116,11 +117,23 @@ class FoundationCommitter(GeneralPublic): ) ) if (pat is None) or (pat.expires < datetime.datetime.now(datetime.UTC)): + log.warning( + "Authentication failed", + extra={ + "reason": "invalid_or_expired_pat", + }, + ) raise storage.AccessError("Authentication failed") # Verify account still exists in LDAP account_details = await ldap.account_lookup(self.__asf_uid) if (account_details is None) or ldap.is_banned(account_details): + log.warning( + "Authentication failed", + extra={ + "reason": "account_deleted_or_banned", + }, + ) raise storage.AccessError("Authentication failed") issued_jwt = jwtoken.issue(self.__asf_uid) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
