Skip to content

fix: bug authentication errors hard to investigate without extra data in logs #5029

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 17, 2025
Merged

fix: bug authentication errors hard to investigate without extra data in logs #5029

merged 4 commits into from
Jun 17, 2025

Conversation

VladimirFilonov
Copy link
Contributor

Closes #5026

πŸ“‘ Description

βœ… Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

β„Ή Additional Information

@vercel Vercel
Copy link

vercel bot commented Jun 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git β†—οΈŽ

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
keep ⬜️ Ignored (Inspect) Visit Preview Jun 17, 2025 8:45am

@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. Bug Something isn't working labels Jun 16, 2025
@VladimirFilonov VladimirFilonov force-pushed the fix/5026-bug-authentication-errors-hard-to-investigate-without-extra-data-in-logs branch from 68a14cb to a9f7ead Compare June 16, 2025 09:21
@dosubot dosubot bot added size:XS This PR changes 0-9 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Jun 16, 2025
cursor-com[bot]

This comment was marked as outdated.

Sign in to view

shahargl
shahargl previously approved these changes Jun 16, 2025
View reviewed changes
Copy link
Member

@shahargl shahargl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jun 16, 2025
@shahargl shahargl self-requested a review June 16, 2025 09:27
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. and removed size:XS This PR changes 0-9 lines, ignoring generated files. labels Jun 16, 2025
cursor-com[bot]

This comment was marked as outdated.

Sign in to view

cursor-com[bot]

This comment was marked as outdated.

Sign in to view

@VladimirFilonov VladimirFilonov force-pushed the fix/5026-bug-authentication-errors-hard-to-investigate-without-extra-data-in-logs branch from 9074df3 to 6c7b270 Compare June 16, 2025 13:58
cursor-com[bot]
cursor-com bot reviewed Jun 16, 2025
View reviewed changes
Copy link

@cursor-com cursor-com bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Sensitive Data Exposed in Authentication Logs

The request body is logged in authentication error cases, exposing sensitive data (e.g., passwords, API keys, tokens) to log files. This creates a security vulnerability by storing confidential information in an insecure location.

keep/identitymanager/authverifierbase.py#L192-L199

keep/keep/identitymanager/authverifierbase.py

Lines 192 to 199 in 6c7b270

)
self.logger.error(
"No valid authentication method found",
extra={
"headers": request.headers,
"body": body,
}
)

Fix in Cursor

Was this report helpful? Give feedback by reacting with πŸ‘ or πŸ‘Ž

@VladimirFilonov VladimirFilonov force-pushed the fix/5026-bug-authentication-errors-hard-to-investigate-without-extra-data-in-logs branch from 6c7b270 to 160c444 Compare June 17, 2025 07:17
@VladimirFilonov VladimirFilonov force-pushed the fix/5026-bug-authentication-errors-hard-to-investigate-without-extra-data-in-logs branch from 19b67fd to cd6d430 Compare June 17, 2025 08:45
shahargl
shahargl approved these changes Jun 17, 2025
View reviewed changes
Copy link
Member

@shahargl shahargl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@VladimirFilonov VladimirFilonov merged commit 8b9133f into main Jun 17, 2025
22 of 23 checks passed
@VladimirFilonov VladimirFilonov deleted the fix/5026-bug-authentication-errors-hard-to-investigate-without-extra-data-in-logs branch June 17, 2025 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor-com cursor-com[bot] cursor-com[bot] left review comments

@shahargl shahargl shahargl approved these changes

Assignees
No one assigned
Labels
Bug Something isn't working lgtm This PR has been approved by a maintainer size:S This PR changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[πŸ› Bug]: Authentication errors hard to investigate without extra data in logs
2 participants
@VladimirFilonov @shahargl