From 492b73d1ff33f1cd2a15fdfc393869aa6b07781a Mon Sep 17 00:00:00 2001 From: Dennis van der Kraan Date: Thu, 24 Apr 2025 14:09:26 +0200 Subject: [PATCH 1/2] FIX: Removed unnecessary warn logs that are part of the login flow --- .../mfa/MfaAuthenticationProvider.java | 3 +-- .../authentication/mfa/MfaRequiredException.java | 14 ++++++++++++++ .../autoconfigure/errorhandling/LogUtil.java | 8 +++++--- 3 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java diff --git a/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaAuthenticationProvider.java b/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaAuthenticationProvider.java index 9168c90..29c57fb 100644 --- a/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaAuthenticationProvider.java +++ b/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaAuthenticationProvider.java @@ -6,7 +6,6 @@ import nl._42.restsecure.autoconfigure.authentication.RegisteredUser; import nl._42.restsecure.autoconfigure.authentication.UserDetailsAdapter; -import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.core.AuthenticationException; @@ -65,7 +64,7 @@ protected void additionalAuthenticationChecks(UserDetails userDetails, UsernameP private void executeMfaVerificationSteps(MfaAuthenticationToken mfaAuthenticationToken, UserDetailsAdapter userDetailsAdapter) { // If no code supplied, indicate a code is needed. if (mfaAuthenticationToken.getVerificationCode() == null || mfaAuthenticationToken.getVerificationCode().isEmpty()) { - throw new InsufficientAuthenticationException(SERVER_MFA_CODE_REQUIRED_ERROR); + throw new MfaRequiredException(SERVER_MFA_CODE_REQUIRED_ERROR); } boolean verificationSucceeded = false; for (MfaVerificationCheck verificationCheck : verificationChecks) { diff --git a/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java b/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java new file mode 100644 index 0000000..00da065 --- /dev/null +++ b/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java @@ -0,0 +1,14 @@ +package nl._42.restsecure.autoconfigure.authentication.mfa; + +import org.springframework.security.authentication.InsufficientAuthenticationException; + +public class MfaRequiredException extends InsufficientAuthenticationException { + + public MfaRequiredException(String msg) { + super(msg); + } + + public MfaRequiredException(String msg, Throwable cause) { + super(msg, cause); + } +} diff --git a/src/main/java/nl/_42/restsecure/autoconfigure/errorhandling/LogUtil.java b/src/main/java/nl/_42/restsecure/autoconfigure/errorhandling/LogUtil.java index 72c6dcb..f57e5d2 100644 --- a/src/main/java/nl/_42/restsecure/autoconfigure/errorhandling/LogUtil.java +++ b/src/main/java/nl/_42/restsecure/autoconfigure/errorhandling/LogUtil.java @@ -1,5 +1,6 @@ package nl._42.restsecure.autoconfigure.errorhandling; +import nl._42.restsecure.autoconfigure.authentication.mfa.MfaRequiredException; import nl._42.restsecure.autoconfigure.form.LoginForm; import org.slf4j.Logger; @@ -9,10 +10,11 @@ public class LogUtil { private LogUtil() {} public static void logAuthenticationFailure(Logger log, T form, RuntimeException exception) { - if (log.isDebugEnabled()) { + // Filter out logs that are part of the login flow + if (log.isDebugEnabled() || exception instanceof MfaRequiredException || form.username == null) { log.debug("Authentication failure for user '{}'! {}", form.username, exception.getMessage(), exception); - } else { - log.warn("Authentication failure for user '{}'! {}", form.username, exception.getMessage()); + return; } + log.warn("Authentication failure for user '{}'! {}", form.username, exception.getMessage()); } } From 65fc1d94860375404cdad67e30e66556e75febf2 Mon Sep 17 00:00:00 2001 From: Dennis van der Kraan Date: Thu, 24 Apr 2025 14:40:39 +0200 Subject: [PATCH 2/2] Made MfaRequiredException extend directly from RunTimeException + removed unused constructor --- .../authentication/mfa/MfaRequiredException.java | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java b/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java index 00da065..5b198d1 100644 --- a/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java +++ b/src/main/java/nl/_42/restsecure/autoconfigure/authentication/mfa/MfaRequiredException.java @@ -1,14 +1,8 @@ package nl._42.restsecure.autoconfigure.authentication.mfa; -import org.springframework.security.authentication.InsufficientAuthenticationException; - -public class MfaRequiredException extends InsufficientAuthenticationException { +public class MfaRequiredException extends RuntimeException { public MfaRequiredException(String msg) { super(msg); } - - public MfaRequiredException(String msg, Throwable cause) { - super(msg, cause); - } }