Skip to content

Commit b2d2ea1

Browse files
committed
add loggers to show authentication error message from keycloak
1 parent 4e4cbae commit b2d2ea1

2 files changed

Lines changed: 12 additions & 3 deletions

File tree

app/libs/getUser.js

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,11 +45,16 @@ const getUser = async (req, res) => {
4545
try {
4646
credentials = Buffer.from(token.split(' ')[1], 'base64').toString('utf-8').split(':');
4747
} catch (err) {
48+
logger.error('The authentication header you provided was not properly formatted.');
4849
return res.status(HTTP_STATUS.BAD_REQUEST).json({message: 'The authentication header you provided was not properly formatted.'});
4950
}
5051
try {
5152
const respAccess = await keycloak.getToken(credentials[0], credentials[1]);
52-
token = respAccess.access_token;
53+
if (respAccess.error) {
54+
logger.error(`Failed to get the keycloak token "${respAccess.error}": ${respAccess.error_description}`);
55+
} else {
56+
token = respAccess.access_token;
57+
}
5358
} catch (error) {
5459
let errorDescription;
5560
try {
@@ -63,6 +68,7 @@ const getUser = async (req, res) => {
6368
}
6469
}
6570
if (!token) {
71+
logger.error('Missing required Authorization token');
6672
return res.status(HTTP_STATUS.FORBIDDEN).json({message: 'Missing required Authorization token'});
6773
}
6874

@@ -72,10 +78,12 @@ const getUser = async (req, res) => {
7278
decoded = await jwt.verify(token, pubKey, {algorithms: ['RS256']});
7379
} catch (err) {
7480
logger.debug(`token verification failed against key ${nconf.get('keycloak:keyfile')}`);
81+
logger.error(`Invalid or expired authorization token: (${err.message})`);
7582
return res.status(HTTP_STATUS.FORBIDDEN).json({message: `Invalid or expired authorization token: (${err.message})`});
7683
}
7784
// Check for IPR access
7885
if (!decoded.realm_access.roles.includes(nconf.get('keycloak:role'))) {
86+
logger.error('IPR Access Error: Keycloak role missing');
7987
return res.status(HTTP_STATUS.FORBIDDEN).json({message: 'IPR Access Error: Keycloak role missing'});
8088
}
8189
const username = decoded.preferred_username;
@@ -107,7 +115,7 @@ const getUser = async (req, res) => {
107115
include,
108116
});
109117
} catch (err) {
110-
logger.error(err);
118+
logger.error(`Invalid authorization token: ${err}`);
111119
return res.status(HTTP_STATUS.BAD_REQUEST).json({message: 'Invalid authorization token'});
112120
}
113121

app/middleware/auth.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ const {
66
module.exports = async (req, res, next) => {
77
// Get Authorization Header
88
const respUser = await getUser(req, res);
9+
if (res.headersSent) return;
910
req.user = respUser;
10-
return next();
11+
next();
1112
};

0 commit comments

Comments
 (0)