Merge pull request #2070 from cyberark/info-auth-err-trace

Print authentication error stack-trace in INFO level
cyberark · Mar 24, 2021 · 4c9e329 · 4c9e329
2 parents d8234d4 + ce3d0b2
commit 4c9e329
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   [cyberark/conjur#2052](https://github.com/cyberark/conjur/issues/2052)
 - When a user checks permissions of a non-existing role or a non-existing resource, Conjur now audits a failure message.
   [cyberark/conjur#2059](https://github.com/cyberark/conjur/issues/2059)
+- Print login and authentication error stack trace to the log in INFO level.
+  [cyberark/conjur#2080](https://github.com/cyberark/conjur/issues/2080)
 
 ### Changed
 - The secrets batch retrieval endpoint now refers to the `Accept-Encoding` header rather than `Accept` to determine the response encoding

diff --git a/app/controllers/authenticate_controller.rb b/app/controllers/authenticate_controller.rb
@@ -200,7 +200,12 @@ def handle_authentication_error(err)
 
   def log_backtrace(err)
     err.backtrace.each do |line|
-      logger.debug(line)
+      # We want to print a minimal stack trace in INFO level so that it is easier
+      # to understand the issue. To do this, we filter the trace output to only
+      # Conjur application code, and not code from the Gem dependencies.
+      # We still want to print the full stack trace (including the Gem dependencies
+      # code) so we print it in DEBUG level.
+      line.include?(ENV['GEM_HOME']) ? logger.debug(line) : logger.info(line)
     end
   end