add some logging in login/auth filter

Author: derlin

src/main/kotlin/ch/derlin/bbdata/output/api/apikeys/ApikeyController.kt

@@ -15,6 +15,8 @@ import io.swagger.v3.oas.annotations.Operation
 import io.swagger.v3.oas.annotations.tags.Tag
 import org.joda.time.DateTime
 import org.joda.time.MutablePeriod
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.*
 import javax.validation.Valid
@@ -32,6 +34,8 @@ class ApikeyController(
         private val apikeyRepository: ApikeyRepository,
         private val userRepository: UserRepository) {
 
+    private val log: Logger = LoggerFactory.getLogger(ApikeyController::class.java)
+
     class LoginBody {
         @NotNull
         val username: String? = null
@@ -64,6 +68,7 @@ class ApikeyController(
                     expirationDate = DateTime().plus(AUTOLOGIN_EXPIRE)
             ))
         }
+        log.info("invalid login for username='${loginBody.username}' password='${loginBody.password}'")
         throw ForbiddenException("Wrong username or password.")
     }
 

src/main/kotlin/ch/derlin/bbdata/output/security/SecurityFilter.kt

@@ -10,6 +10,7 @@ import ch.derlin.bbdata.output.api.apikeys.ApikeyRepository
 import ch.derlin.bbdata.output.security.SecurityConstants.HEADER_TOKEN
 import ch.derlin.bbdata.output.security.SecurityConstants.HEADER_USER
 import ch.derlin.bbdata.output.security.SecurityConstants.SCOPE_WRITE
+import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
@@ -71,6 +72,7 @@ class AuthInterceptor : HandlerInterceptor {
     @Autowired
     lateinit var apikeyRepository: ApikeyRepository
 
+    private val log: Logger = LoggerFactory.getLogger(AuthInterceptor::class.java)
 
     override fun preHandle(request: HttpServletRequest, response: HttpServletResponse, handler: Any): Boolean {
 
@@ -110,12 +112,13 @@ class AuthInterceptor : HandlerInterceptor {
         bbuser.toIntOrNull()?.let { userId ->
             // check valid tokens
             val apikey = apikeyRepository.findValid(userId, bbtoken).orElseThrow {
+                log.info("wrong apikey for userId=$userId token='$bbtoken'")
                 BadApikeyException("Access denied for user $userId : bad apikey")
             }
             // check if write access is necessary
             if (apikey.readOnly && writeRequired) {
                 // check write permissions
-                throw ForbiddenException("Access denied for user $userId : this apikey is read-only")
+                throw ForbiddenException("Access denied for user $userId: this apikey is read-only")
             }
             // every checks passed !
             return true

src/test/kotlin/ch/derlin/bbdata/caching/CachingTest.kt

@@ -9,7 +9,6 @@ import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.TestMethodOrder
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.web.client.TestRestTemplate
 import org.springframework.cache.CacheManager