From f4a61202a7b6de8a011d67896b16e14f94eb981a Mon Sep 17 00:00:00 2001 From: pablodanswer Date: Sat, 9 Nov 2024 13:41:11 -0800 Subject: [PATCH] Silence auth logs (#3098) * silence auth logs * remove unnecessary line * k --- backend/danswer/auth/users.py | 26 ++++++++++++------------- backend/danswer/main.py | 9 +++++++-- backend/danswer/server/manage/users.py | 9 +++------ web/src/app/assistants/gallery/page.tsx | 1 - 4 files changed, 22 insertions(+), 23 deletions(-) diff --git a/backend/danswer/auth/users.py b/backend/danswer/auth/users.py index 9e2761622c8..73f1ec18484 100644 --- a/backend/danswer/auth/users.py +++ b/backend/danswer/auth/users.py @@ -100,6 +100,11 @@ logger = setup_logger() +class BasicAuthenticationError(HTTPException): + def __init__(self, detail: str): + super().__init__(status_code=status.HTTP_403_FORBIDDEN, detail=detail) + + def is_user_admin(user: User | None) -> bool: if AUTH_TYPE == AuthType.DISABLED: return True @@ -463,8 +468,7 @@ async def authenticate( has_web_login = attributes.get_attribute(user, "has_web_login") if not has_web_login: - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="NO_WEB_LOGIN_AND_HAS_NO_PASSWORD", ) @@ -621,14 +625,12 @@ async def double_check_user( return None if user is None: - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User is not authenticated.", ) if user_needs_to_be_verified() and not user.is_verified: - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User is not verified.", ) @@ -637,8 +639,7 @@ async def double_check_user( and user.oidc_expiry < datetime.now(timezone.utc) and not include_expired ): - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User's OIDC token has expired.", ) @@ -664,15 +665,13 @@ async def current_curator_or_admin_user( return None if not user or not hasattr(user, "role"): - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User is not authenticated or lacks role information.", ) allowed_roles = {UserRole.GLOBAL_CURATOR, UserRole.CURATOR, UserRole.ADMIN} if user.role not in allowed_roles: - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User is not a curator or admin.", ) @@ -684,8 +683,7 @@ async def current_admin_user(user: User | None = Depends(current_user)) -> User return None if not user or not hasattr(user, "role") or user.role != UserRole.ADMIN: - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User must be an admin to perform this action.", ) diff --git a/backend/danswer/main.py b/backend/danswer/main.py index 06ce7bf4092..2ba3615dcca 100644 --- a/backend/danswer/main.py +++ b/backend/danswer/main.py @@ -25,6 +25,7 @@ from danswer.auth.schemas import UserRead from danswer.auth.schemas import UserUpdate from danswer.auth.users import auth_backend +from danswer.auth.users import BasicAuthenticationError from danswer.auth.users import fastapi_users from danswer.configs.app_configs import APP_API_PREFIX from danswer.configs.app_configs import APP_HOST @@ -194,7 +195,12 @@ async def lifespan(app: FastAPI) -> AsyncGenerator: def log_http_error(_: Request, exc: Exception) -> JSONResponse: status_code = getattr(exc, "status_code", 500) - if status_code >= 400: + + if isinstance(exc, BasicAuthenticationError): + # For BasicAuthenticationError, just log a brief message without stack trace (almost always spam) + logger.error(f"Authentication failed: {str(exc)}") + + elif status_code >= 400: error_msg = f"{str(exc)}\n" error_msg += "".join(traceback.format_tb(exc.__traceback__)) logger.error(error_msg) @@ -220,7 +226,6 @@ def get_application() -> FastAPI: else: logger.debug("Sentry DSN not provided, skipping Sentry initialization") - # Add the custom exception handler application.add_exception_handler(status.HTTP_400_BAD_REQUEST, log_http_error) application.add_exception_handler(status.HTTP_401_UNAUTHORIZED, log_http_error) application.add_exception_handler(status.HTTP_403_FORBIDDEN, log_http_error) diff --git a/backend/danswer/server/manage/users.py b/backend/danswer/server/manage/users.py index b61e8db3e72..174dc5b55c9 100644 --- a/backend/danswer/server/manage/users.py +++ b/backend/danswer/server/manage/users.py @@ -11,7 +11,6 @@ from fastapi import Depends from fastapi import HTTPException from fastapi import Request -from fastapi import status from psycopg2.errors import UniqueViolation from pydantic import BaseModel from sqlalchemy import Column @@ -27,6 +26,7 @@ from danswer.auth.noauth_user import set_no_auth_user_preferences from danswer.auth.schemas import UserRole from danswer.auth.schemas import UserStatus +from danswer.auth.users import BasicAuthenticationError from danswer.auth.users import current_admin_user from danswer.auth.users import current_curator_or_admin_user from danswer.auth.users import current_user @@ -492,13 +492,10 @@ def verify_user_logged_in( store = get_kv_store() return fetch_no_auth_user(store) - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, detail="User Not Authenticated" - ) + raise BasicAuthenticationError(detail="User Not Authenticated") if user.oidc_expiry and user.oidc_expiry < datetime.now(timezone.utc): - raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, + raise BasicAuthenticationError( detail="Access denied. User's OIDC token has expired.", ) diff --git a/web/src/app/assistants/gallery/page.tsx b/web/src/app/assistants/gallery/page.tsx index 538ab5d60a9..ccb59b95d98 100644 --- a/web/src/app/assistants/gallery/page.tsx +++ b/web/src/app/assistants/gallery/page.tsx @@ -4,7 +4,6 @@ import { fetchChatData } from "@/lib/chat/fetchChatData"; import { unstable_noStore as noStore } from "next/cache"; import { redirect } from "next/navigation"; import WrappedAssistantsGallery from "./WrappedAssistantsGallery"; -import { AssistantsProvider } from "@/components/context/AssistantsContext"; import { cookies } from "next/headers"; export default async function GalleryPage(props: {