feat(http): improve invalid login handling (#597)

* feat(http): improve invalid login handling * fix(http): do not log password
2025-07-23 08:49:13 +00:00 · 2022-12-31 01:04:41 +01:00 · 2022-12-31 01:04:41 +01:00 · 6b1490726f
commit 6b1490726f
parent 9c16c7a4a1
2 changed files with 3 additions and 3 deletions
--- a/internal/auth/service.go
+++ b/internal/auth/service.go
@ -43,7 +43,7 @@ func (s *service) Login(ctx context.Context, username, password string) (*domain
 	u, err := s.userSvc.FindByUsername(ctx, username)
 	if err != nil {
 		s.log.Error().Err(err).Msgf("could not find user by username: %v", username)
-		return nil, err
+		return nil, errors.Wrapf(err, "invalid login: %s", username)
 	}
 	if u == nil {
@ -58,7 +58,7 @@ func (s *service) Login(ctx context.Context, username, password string) (*domain
 	if !match {
 		s.log.Error().Msg("bad credentials")
-		return nil, errors.New("bad credentials")
+		return nil, errors.Errorf("invalid login: %s", username)
 	}
 	return u, nil
--- a/internal/http/auth.go
+++ b/internal/http/auth.go
@ -75,7 +75,7 @@ func (h authHandler) login(w http.ResponseWriter, r *http.Request) {
 	_, err := h.service.Login(ctx, data.Username, data.Password)
 	if err != nil {
-		h.log.Error().Err(err).Msgf("invalid login [%s] from: %s", ReadUserIP(r))
+		h.log.Error().Err(err).Msgf("Auth: Failed login attempt username: [%s] ip: %s", data.Username, ReadUserIP(r))
 		h.encoder.StatusResponse(ctx, w, nil, http.StatusUnauthorized)
 		return
 	}