chore: Lower logger levels on some authentication messages (#8832)

dhis2 · Sep 27, 2021 · 5e6ae51 · 5e6ae51
1 parent d8fae6c
commit 5e6ae51
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/...ces/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java b/...ces/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java
@@ -89,7 +89,7 @@ public UserDetails loadUserByUsername( String username )
 
         if ( ObjectUtils.anyIsFalse( enabled, credentialsNonExpired, accountNonLocked, accountNonExpired ) )
         {
-            log.info( String.format(
+            log.debug( String.format(
                 "Login attempt for disabled/locked user: '%s', enabled: %b, account non-expired: %b, credentials non-expired: %b, account non-locked: %b",
                 username, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked ) );
         }

diff --git a/...-core/src/main/java/org/hisp/dhis/security/spring2fa/TwoFactorAuthenticationProvider.java b/...-core/src/main/java/org/hisp/dhis/security/spring2fa/TwoFactorAuthenticationProvider.java
@@ -115,14 +115,14 @@ public Authentication authenticate( Authentication auth )
 
             if ( securityService.isLocked( username ) )
             {
-                log.info( String.format( "Temporary lockout for user: %s and IP: %s", username, ip ) );
+                log.debug( String.format( "Temporary lockout for user: %s and IP: %s", username, ip ) );
 
                 throw new LockedException( String.format( "IP is temporarily locked: %s", ip ) );
             }
 
             if ( !LongValidator.getInstance().isValid( code ) || !SecurityUtils.verify( userCredentials, code ) )
             {
-                log.info(
+                log.debug(
                     String.format( "Two-factor authentication failure for user: %s", userCredentials.getUsername() ) );
 
                 throw new BadCredentialsException( "Invalid verification code" );

diff --git a/...is-web-api/src/main/java/org/hisp/dhis/webapi/security/config/AuthenticationListener.java b/...is-web-api/src/main/java/org/hisp/dhis/webapi/security/config/AuthenticationListener.java
@@ -76,7 +76,7 @@ public void handleAuthenticationFailure( AbstractAuthenticationFailureEvent even
         {
             TwoFactorWebAuthenticationDetails authDetails = (TwoFactorWebAuthenticationDetails) details;
 
-            log.info( String.format( "Login attempt failed for remote IP: %s", authDetails.getIp() ) );
+            log.debug( String.format( "Login attempt failed for remote IP: %s", authDetails.getIp() ) );
         }
 
         if ( OAuth2LoginAuthenticationToken.class.isAssignableFrom( auth.getClass() ) )
@@ -93,7 +93,7 @@ public void handleAuthenticationFailure( AbstractAuthenticationFailureEvent even
             WebAuthenticationDetails tokenDetails = (WebAuthenticationDetails) authenticationToken.getDetails();
             String remoteAddress = tokenDetails.getRemoteAddress();
 
-            log.info( String.format( "OIDC login attempt failed for remote IP: %s", remoteAddress ) );
+            log.debug( String.format( "OIDC login attempt failed for remote IP: %s", remoteAddress ) );
         }
 
         securityService.registerFailedLogin( username );