From 5d60177d3e38f46fbfc7a641205967c4752d7d9c Mon Sep 17 00:00:00 2001 From: Ole-Martin Bratteng <1681525+omBratteng@users.noreply.github.com> Date: Sun, 5 Mar 2023 19:28:56 +0100 Subject: [PATCH] Log the difference between invalid email and not authorized session (#2010) * Log the difference between invalid email and not authorized session * Add changelog entry * Remove superfluous argument --------- Co-authored-by: Joel Speed --- CHANGELOG.md | 1 + oauthproxy.go | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4da9dd9..1b927345 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ - [#1927](https://github.com/oauth2-proxy/oauth2-proxy/pull/1927) Fix default scope settings for none oidc providers - [#1951](https://github.com/oauth2-proxy/oauth2-proxy/pull/1951) Fix validate URL, check if query string marker (?) or separator (&) needs to be appended (@miguelborges99) - [#1920](https://github.com/oauth2-proxy/oauth2-proxy/pull/1920) Make sure emailClaim is not overriden if userIDClaim is not set +- [#2010](https://github.com/oauth2-proxy/oauth2-proxy/pull/2010) Log the difference between invalid email and not authorized session - [#1988](https://github.com/oauth2-proxy/oauth2-proxy/pull/1988) Ensure sign-in page background is uniform throughout the page # V7.4.0 diff --git a/oauthproxy.go b/oauthproxy.go index 1e371e6a..d25c3c8e 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -1056,7 +1056,12 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R } if invalidEmail || !authorized { - logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authorization via session: removing session %s", session) + cause := "unauthorized" + if invalidEmail { + cause = "invalid email" + } + + logger.PrintAuthf(session.Email, req, logger.AuthFailure, "Invalid authorization via session (%s): removing session %s", cause, session) // Invalid session, clear it err := p.ClearSessionCookie(rw, req) if err != nil {