Page MenuHomePhabricator
Create Task
Maniphest T246471

Login authevents should include the username
Open, Needs TriagePublic
Actions

Description

ApiLogin.php:

		LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
			'event' => 'login',
			'successful' => $authRes === 'Success',
			'loginType' => $loginType,
			'status' => $authRes,
		] );

SpecialUserLogin.php:

	protected function logAuthResult( $success, $status = null ) {
		LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
			'event' => 'login',
			'successful' => $success,
			'status' => $status,
		] );
	}

See also: T246462: SpecialCreateAccount::logAuthResult() should include the username

Related Objects

Event Timeline

Reedy created this task.Feb 28 2020, 6:20 PM
Restricted Application added a project: Platform Engineering. · View Herald TranscriptFeb 28 2020, 6:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Reedy mentioned this in T246462: SpecialCreateAccount::logAuthResult() should include the username.Feb 28 2020, 6:20 PM
Reedy updated the task description. (Show Details)
Reedy renamed this task from Login authevents should should tell the username to Login authevents should include the username.Feb 28 2020, 6:37 PM
Pchelolo moved this task from Inbox to Triage Meeting Inbox on the Platform Engineering board.Mar 2 2020, 5:42 PM
WDoranWMF moved this task from Triage Meeting Inbox to Feature Requests to Review on the Platform Engineering board.Mar 4 2020, 3:37 PM
WDoranWMF subscribed.

@Reedy Is this blocking for anything or what would you say the level or severity is?

Reedy added subscribers: Anomie, Tgr.Mar 4 2020, 3:49 PM
In T246471#5941386, @WDoranWMF wrote:

@Reedy Is this blocking for anything or what would you say the level or severity is?

Nope, it'd just be useful to have when looking at audit trails etc.

It's low priority, but it's probably also good first task (ie easy). I more filed the tasks because I didn't want to look at resolving them at the time, but wanted to get some followup

I don't think the username even needs to be in the messages, just in the parameters below. I haven't looked where the easiest place to necessarily get the username is from.

I don't know if we want to run it by @Tgr and/or @Anomie to check (as authors of most of the auth rewrite stuff) if there's any reason these events shouldn't have that information in these log events

eprodromou removed a project: Platform Engineering.Mar 12 2020, 7:05 PM
eprodromou subscribed.

This is interesting, but I don't think we're going to work on directly as a team. If you need advice from @Anomie , please let him know directly.

Anomie moved this task from Unsorted to Needs details or plan on the MediaWiki-Action-API board.Mar 16 2020, 2:24 PM

I note that these log events were created specifically for T91701: Create dashboard to track key authentication metrics before, during and after AuthManager rollout. AuthManager has more general-purpose logs including the username (but not differentiating by API vs web UI) sent to the 'authentication' log channel.

I don't know anything about those dashboards to guess if they'd be negatively affected by adding in usernames.

Tgr added a comment.Mar 16 2020, 3:15 PM

The dashboard (more specifically, the log handler which turns these log events into statsd hits) will ignore unknown fields. But in general I agree it's better to use the normal log events where possible.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:01 PM
Tgr mentioned this in T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.Oct 5 2023, 12:52 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL