mirror of
https://github.com/danswer-ai/danswer.git
synced 2025-06-26 16:01:09 +02:00
Silence auth logs (#3098)
* silence auth logs * remove unnecessary line * k
This commit is contained in:
pablodanswer
GitHub
parent
a1b95df3b8
commit
cc2f584321
@ -100,6 +100,11 @@ from shared_configs.contextvars import CURRENT_TENANT_ID_CONTEXTVAR
|
|||||||
logger = setup_logger()
|
logger = setup_logger()
|
||||||
|
|
||||||
|
|
||||||
|
class BasicAuthenticationError(HTTPException):
|
||||||
|
def __init__(self, detail: str):
|
||||||
|
super().__init__(status_code=status.HTTP_403_FORBIDDEN, detail=detail)
|
||||||
|
|
||||||
|
|
||||||
def is_user_admin(user: User | None) -> bool:
|
def is_user_admin(user: User | None) -> bool:
|
||||||
if AUTH_TYPE == AuthType.DISABLED:
|
if AUTH_TYPE == AuthType.DISABLED:
|
||||||
return True
|
return True
|
||||||
@ -463,8 +468,7 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
|
|||||||
has_web_login = attributes.get_attribute(user, "has_web_login")
|
has_web_login = attributes.get_attribute(user, "has_web_login")
|
||||||
|
|
||||||
if not has_web_login:
|
if not has_web_login:
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="NO_WEB_LOGIN_AND_HAS_NO_PASSWORD",
|
detail="NO_WEB_LOGIN_AND_HAS_NO_PASSWORD",
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -621,14 +625,12 @@ async def double_check_user(
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
if user is None:
|
if user is None:
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User is not authenticated.",
|
detail="Access denied. User is not authenticated.",
|
||||||
)
|
)
|
||||||
|
|
||||||
if user_needs_to_be_verified() and not user.is_verified:
|
if user_needs_to_be_verified() and not user.is_verified:
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User is not verified.",
|
detail="Access denied. User is not verified.",
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -637,8 +639,7 @@ async def double_check_user(
|
|||||||
and user.oidc_expiry < datetime.now(timezone.utc)
|
and user.oidc_expiry < datetime.now(timezone.utc)
|
||||||
and not include_expired
|
and not include_expired
|
||||||
):
|
):
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User's OIDC token has expired.",
|
detail="Access denied. User's OIDC token has expired.",
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -664,15 +665,13 @@ async def current_curator_or_admin_user(
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
if not user or not hasattr(user, "role"):
|
if not user or not hasattr(user, "role"):
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User is not authenticated or lacks role information.",
|
detail="Access denied. User is not authenticated or lacks role information.",
|
||||||
)
|
)
|
||||||
|
|
||||||
allowed_roles = {UserRole.GLOBAL_CURATOR, UserRole.CURATOR, UserRole.ADMIN}
|
allowed_roles = {UserRole.GLOBAL_CURATOR, UserRole.CURATOR, UserRole.ADMIN}
|
||||||
if user.role not in allowed_roles:
|
if user.role not in allowed_roles:
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User is not a curator or admin.",
|
detail="Access denied. User is not a curator or admin.",
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -684,8 +683,7 @@ async def current_admin_user(user: User | None = Depends(current_user)) -> User
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
if not user or not hasattr(user, "role") or user.role != UserRole.ADMIN:
|
if not user or not hasattr(user, "role") or user.role != UserRole.ADMIN:
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User must be an admin to perform this action.",
|
detail="Access denied. User must be an admin to perform this action.",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@ -25,6 +25,7 @@ from danswer.auth.schemas import UserCreate
|
|||||||
from danswer.auth.schemas import UserRead
|
from danswer.auth.schemas import UserRead
|
||||||
from danswer.auth.schemas import UserUpdate
|
from danswer.auth.schemas import UserUpdate
|
||||||
from danswer.auth.users import auth_backend
|
from danswer.auth.users import auth_backend
|
||||||
|
from danswer.auth.users import BasicAuthenticationError
|
||||||
from danswer.auth.users import fastapi_users
|
from danswer.auth.users import fastapi_users
|
||||||
from danswer.configs.app_configs import APP_API_PREFIX
|
from danswer.configs.app_configs import APP_API_PREFIX
|
||||||
from danswer.configs.app_configs import APP_HOST
|
from danswer.configs.app_configs import APP_HOST
|
||||||
@ -194,7 +195,12 @@ async def lifespan(app: FastAPI) -> AsyncGenerator:
|
|||||||
|
|
||||||
def log_http_error(_: Request, exc: Exception) -> JSONResponse:
|
def log_http_error(_: Request, exc: Exception) -> JSONResponse:
|
||||||
status_code = getattr(exc, "status_code", 500)
|
status_code = getattr(exc, "status_code", 500)
|
||||||
if status_code >= 400:
|
|
||||||
|
if isinstance(exc, BasicAuthenticationError):
|
||||||
|
# For BasicAuthenticationError, just log a brief message without stack trace (almost always spam)
|
||||||
|
logger.error(f"Authentication failed: {str(exc)}")
|
||||||
|
|
||||||
|
elif status_code >= 400:
|
||||||
error_msg = f"{str(exc)}\n"
|
error_msg = f"{str(exc)}\n"
|
||||||
error_msg += "".join(traceback.format_tb(exc.__traceback__))
|
error_msg += "".join(traceback.format_tb(exc.__traceback__))
|
||||||
logger.error(error_msg)
|
logger.error(error_msg)
|
||||||
@ -220,7 +226,6 @@ def get_application() -> FastAPI:
|
|||||||
else:
|
else:
|
||||||
logger.debug("Sentry DSN not provided, skipping Sentry initialization")
|
logger.debug("Sentry DSN not provided, skipping Sentry initialization")
|
||||||
|
|
||||||
# Add the custom exception handler
|
|
||||||
application.add_exception_handler(status.HTTP_400_BAD_REQUEST, log_http_error)
|
application.add_exception_handler(status.HTTP_400_BAD_REQUEST, log_http_error)
|
||||||
application.add_exception_handler(status.HTTP_401_UNAUTHORIZED, log_http_error)
|
application.add_exception_handler(status.HTTP_401_UNAUTHORIZED, log_http_error)
|
||||||
application.add_exception_handler(status.HTTP_403_FORBIDDEN, log_http_error)
|
application.add_exception_handler(status.HTTP_403_FORBIDDEN, log_http_error)
|
||||||
|
|||||||
@ -11,7 +11,6 @@ from fastapi import Body
|
|||||||
from fastapi import Depends
|
from fastapi import Depends
|
||||||
from fastapi import HTTPException
|
from fastapi import HTTPException
|
||||||
from fastapi import Request
|
from fastapi import Request
|
||||||
from fastapi import status
|
|
||||||
from psycopg2.errors import UniqueViolation
|
from psycopg2.errors import UniqueViolation
|
||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from sqlalchemy import Column
|
from sqlalchemy import Column
|
||||||
@ -27,6 +26,7 @@ from danswer.auth.noauth_user import fetch_no_auth_user
|
|||||||
from danswer.auth.noauth_user import set_no_auth_user_preferences
|
from danswer.auth.noauth_user import set_no_auth_user_preferences
|
||||||
from danswer.auth.schemas import UserRole
|
from danswer.auth.schemas import UserRole
|
||||||
from danswer.auth.schemas import UserStatus
|
from danswer.auth.schemas import UserStatus
|
||||||
|
from danswer.auth.users import BasicAuthenticationError
|
||||||
from danswer.auth.users import current_admin_user
|
from danswer.auth.users import current_admin_user
|
||||||
from danswer.auth.users import current_curator_or_admin_user
|
from danswer.auth.users import current_curator_or_admin_user
|
||||||
from danswer.auth.users import current_user
|
from danswer.auth.users import current_user
|
||||||
@ -492,13 +492,10 @@ def verify_user_logged_in(
|
|||||||
store = get_kv_store()
|
store = get_kv_store()
|
||||||
return fetch_no_auth_user(store)
|
return fetch_no_auth_user(store)
|
||||||
|
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(detail="User Not Authenticated")
|
||||||
status_code=status.HTTP_403_FORBIDDEN, detail="User Not Authenticated"
|
|
||||||
)
|
|
||||||
|
|
||||||
if user.oidc_expiry and user.oidc_expiry < datetime.now(timezone.utc):
|
if user.oidc_expiry and user.oidc_expiry < datetime.now(timezone.utc):
|
||||||
raise HTTPException(
|
raise BasicAuthenticationError(
|
||||||
status_code=status.HTTP_403_FORBIDDEN,
|
|
||||||
detail="Access denied. User's OIDC token has expired.",
|
detail="Access denied. User's OIDC token has expired.",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@ import { fetchChatData } from "@/lib/chat/fetchChatData";
|
|||||||
import { unstable_noStore as noStore } from "next/cache";
|
import { unstable_noStore as noStore } from "next/cache";
|
||||||
import { redirect } from "next/navigation";
|
import { redirect } from "next/navigation";
|
||||||
import WrappedAssistantsGallery from "./WrappedAssistantsGallery";
|
import WrappedAssistantsGallery from "./WrappedAssistantsGallery";
|
||||||
import { AssistantsProvider } from "@/components/context/AssistantsContext";
|
|
||||||
import { cookies } from "next/headers";
|
import { cookies } from "next/headers";
|
||||||
|
|
||||||
export default async function GalleryPage(props: {
|
export default async function GalleryPage(props: {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user