improve impersonation logging slightly (#4758)

Co-authored-by: Richard Kuo (Onyx) <rkuo@onyx.app>
2025-08-28 06:34:34 +02:00 · 2025-05-22 11:17:27 -07:00
parent 3b64793d4b
commit 6c349687da
2 changed files with 14 additions and 3 deletions
--- a/backend/ee/onyx/server/tenants/admin_api.py
+++ b/backend/ee/onyx/server/tenants/admin_api.py
@@ -2,6 +2,7 @@ from fastapi import APIRouter
 from fastapi import Depends
 from fastapi import HTTPException
 from fastapi import Response
+from fastapi_users import exceptions

 from ee.onyx.auth.users import current_cloud_superuser
 from ee.onyx.server.tenants.models import ImpersonateRequest
@@ -24,14 +25,24 @@ async def impersonate_user(
    _: User = Depends(current_cloud_superuser),
 ) -> Response:
    """Allows a cloud superuser to impersonate another user by generating an impersonation JWT token"""
-    tenant_id = get_tenant_id_for_email(impersonate_request.email)
+    try:
+        tenant_id = get_tenant_id_for_email(impersonate_request.email)
+    except exceptions.UserNotExists:
+        detail = f"User has no tenant mapping: {impersonate_request.email=}"
+        logger.warning(detail)
+        raise HTTPException(status_code=422, detail=detail)

    with get_session_with_tenant(tenant_id=tenant_id) as tenant_session:
        user_to_impersonate = get_user_by_email(
            impersonate_request.email, tenant_session
        )
        if user_to_impersonate is None:
-            raise HTTPException(status_code=404, detail="User not found")
+            detail = (
+                f"User not found in tenant: {impersonate_request.email=} {tenant_id=}"
+            )
+            logger.warning(detail)
+            raise HTTPException(status_code=422, detail=detail)
+
        token = await get_redis_strategy().write_token(user_to_impersonate)

    response = await auth_backend.transport.get_login_response(token)
--- a/backend/ee/onyx/server/tenants/user_mapping.py
+++ b/backend/ee/onyx/server/tenants/user_mapping.py
@@ -47,10 +47,10 @@ def get_tenant_id_for_email(email: str) -> str:
                    mapping.active = True
                    db_session.commit()
                    tenant_id = mapping.tenant_id
-
    except Exception as e:
        logger.exception(f"Error getting tenant id for email {email}: {e}")
        raise exceptions.UserNotExists()
+
    if tenant_id is None:
        raise exceptions.UserNotExists()
    return tenant_id