Use log debug instead of warning
Setting the default project is merely provided for convenience, does not need exist project and grant any actual authorization on it, This shouldn't be a warning. At the same time, if the log message exposes to the users, they know the identity authentication has already passed and the used password is valid, which could be useful to an attacker. Log warnings is not necessarily as locked down as debug log, I think this would be fine as a debug log. Change-Id: I85ed00ad3d08ed52b159d4da1526a006d72d9677
This commit is contained in:
parent
bebd7056ad
commit
3fbdadafe7
|
@ -199,24 +199,24 @@ class Auth(controller.V3Controller):
|
|||
" default project %(project_id)s. The token"
|
||||
" will be unscoped rather than scoped to the"
|
||||
" project.")
|
||||
LOG.warning(msg,
|
||||
{'user_id': user_ref['id'],
|
||||
'project_id': default_project_id})
|
||||
LOG.debug(msg,
|
||||
{'user_id': user_ref['id'],
|
||||
'project_id': default_project_id})
|
||||
else:
|
||||
msg = ("User %(user_id)s's default project %(project_id)s"
|
||||
" is disabled. The token will be unscoped rather"
|
||||
" than scoped to the project.")
|
||||
LOG.warning(msg,
|
||||
{'user_id': user_ref['id'],
|
||||
'project_id': default_project_id})
|
||||
LOG.debug(msg,
|
||||
{'user_id': user_ref['id'],
|
||||
'project_id': default_project_id})
|
||||
except (exception.ProjectNotFound, exception.DomainNotFound):
|
||||
# default project or default project domain doesn't exist,
|
||||
# will issue unscoped token instead
|
||||
msg = ("User %(user_id)s's default project %(project_id)s not"
|
||||
" found. The token will be unscoped rather than"
|
||||
" scoped to the project.")
|
||||
LOG.warning(msg, {'user_id': user_ref['id'],
|
||||
'project_id': default_project_id})
|
||||
LOG.debug(msg, {'user_id': user_ref['id'],
|
||||
'project_id': default_project_id})
|
||||
|
||||
def authenticate(self, request, auth_info, auth_context):
|
||||
"""Authenticate user."""
|
||||
|
|
Loading…
Reference in New Issue