chore(jwt-auth): adjust error log level to warn (#6860)

bzp2010 · web-flow · commit a22336785ce9 · 2022-04-15T18:09:01.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -61,6 +61,7 @@ title: Changelog
 
 - fix: jwt-auth error may leak secret [#6846](https://github.com/apache/apisix/pull/6846)
 - chore: upgrade lua-resty-jwt to a new version [#6847](https://github.com/apache/apisix/pull/6847)
+- chore(jwt-auth): adjust error log level to warn [#6858](https://github.com/apache/apisix/pull/6858)
 
 ## 2.13.0
 
diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua
@@ -361,7 +361,7 @@ function _M.rewrite(conf, ctx)
     local jwt_obj = jwt:load_jwt(jwt_token)
     core.log.info("jwt object: ", core.json.delay_encode(jwt_obj))
     if not jwt_obj.valid then
-        core.log.error("JWT token invalid: ", jwt_obj.reason)
+        core.log.warn("JWT token invalid: ", jwt_obj.reason)
         return 401, {message = "JWT token invalid"}
     end
 
@@ -393,8 +393,8 @@ function _M.rewrite(conf, ctx)
     core.log.info("jwt object: ", core.json.delay_encode(jwt_obj))
 
     if not jwt_obj.verified then
-        core.log.error("JWT token verify failed: ", jwt_obj.reason)
-        return 401, {message = "JWT token verify failed"}
+        core.log.warn("failed to verify jwt: ", jwt_obj.reason)
+        return 401, {message = "failed to verify jwt"}
     end
 
     consumer_mod.attach_consumer(ctx, consumer, consumer_conf)
diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md
@@ -61,6 +61,7 @@ title: CHANGELOG
 
 - 修复 jwt-auth 返回结果里可能暴露 secret 的问题 [#6846](https://github.com/apache/apisix/pull/6846)
 - 升级 lua-resty-jwt 到一个新版本 [#6847](https://github.com/apache/apisix/pull/6847)
+- 修改 jwt-auth 在响应码为503时 仍使用 error 错误等级 [#6858](https://github.com/apache/apisix/pull/6858)
 
 ## 2.13.0
 
diff --git a/t/plugin/jwt-auth.t b/t/plugin/jwt-auth.t
@@ -217,6 +217,8 @@ GET /hello?jwt=invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtl
 {"message":"JWT token invalid"}
 --- error_log
 JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
+--- no_error_log
+[error]
 
 
 
@@ -225,9 +227,11 @@ JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
 GET /hello?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2Mzg3MDUwMX0.pPNVvh-TQsdDzorRwa-uuiLYiEBODscp9wv0cwD6c68
 --- error_code: 401
 --- response_body
-{"message":"JWT token verify failed"}
+{"message":"failed to verify jwt"}
 --- error_log
-JWT token verify failed: 'exp' claim expired at Tue, 23 Jul 2019 08:28:21 GMT
+failed to verify jwt: 'exp' claim expired at Tue, 23 Jul 2019 08:28:21 GMT
+--- no_error_log
+[error]
 
 
 
@@ -281,6 +285,8 @@ Authorization: bearer invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c
 {"message":"JWT token invalid"}
 --- error_log
 JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
+--- no_error_log
+[error]
 
 
 
@@ -434,6 +440,8 @@ GET /hello?jwt=invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtl
 {"message":"JWT token invalid"}
 --- error_log
 JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
+--- no_error_log
+[error]
 
 
 
@@ -444,9 +452,11 @@ GET /hello
 Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTg3OTMxODU0MX0.fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs
 --- error_code: 401
 --- response_body
-{"message":"JWT token verify failed"}
+{"message":"failed to verify jwt"}
 --- error_log
-JWT token verify failed: signature mismatch: fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs
+failed to verify jwt: signature mismatch: fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs
+--- no_error_log
+[error]
 
 
 
