IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

DEV: Do not log API key scope and/or source-ip mismatches (#15423)

Browse Source 
Using an incorrectly-scoped API key is something which should be fixed by the client - no need to log errors on the server-side.
This commit is contained in:
David Taylor 2021-12-29 12:22:21 +00:00 committed by GitHub
parent ad25e4103d
commit 4f06c24a57
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/auth/default_current_user_provider.rb
View File

@ -369,8 +369,7 @@ class Auth::DefaultCurrentUserProvider
if api_key = ApiKey.active.with_key(api_key_value).includes(:user).first if api_key = ApiKey.active.with_key(api_key_value).includes(:user).first
api_username = header_api_key? ? @env[HEADER_API_USERNAME] : request[API_USERNAME] api_username = header_api_key? ? @env[HEADER_API_USERNAME] : request[API_USERNAME]
unless api_key.request_allowed?(@env) if !api_key.request_allowed?(@env)
Rails.logger.warn("[Unauthorized API Access] username: #{api_username}, IP address: #{request.ip}")
return nil return nil
end end