Task #99354
closed
Harmonize password reset log messages with other auth-related log messages
100%
Description
Currently I am logging a lot of auth stuff specifically and stumbled over an irregularity in the "password reset successful" log message in contrast to the rest.
Most auth related messages use "username" as primary reference and replace the field in the message, "password reset successful" uses userid and leaves a placeholder, examples from FileWriter:
[NOTICE] request="a" component="TYPO3.CMS.Core.Authentication.AuthenticationService": Login-attempt from 198.51.100.1, username 'john.doe', password not accepted!
[INFO] request="b" component="TYPO3.CMS.Backend.Authentication.PasswordReset": Sent password reset email to email address john.doe@example.org for user john.doe - {"email":"john.doe@example.org","username":"john.doe"}
[INFO] request="d" component="TYPO3.CMS.Backend.Authentication.PasswordReset": Password reset successful for user {user_id) - {"user_id":1234}
[NOTICE] request="e" component="TYPO3.CMS.Core.Authentication.AuthenticationService": BE Authentication successful for username 'john.doe'
[INFO] request="e" component="TYPO3.CMS.Core.Authentication.BackendUserAuthentication": User john.doe logged in from 198.51.100.1 - {"username":"john.doe","ip":"198.51.100.1"}
There is an additional discrepancy in when quotation is used in the log string to encapsulated values and when not. While the aim is not to fix all of them in one PR, the change here should probably adhere to a preferred standard. The documentation doesn't explicitly give a decision, however the example for using placeholders removes the quotation, so is suggestive into the direction of having no quotes. I'd prefer quotes. From the majority of core log messages I think that having quotes and a value array is the current best practice for string based content like username or email while e.g. IP dresses are done without.
Thus I propose to change the password reset success message to include username instead of ID and to do that in the message.
Before: Password reset successful for user {user_id) - {"user_id":1234}
After: Password reset successful for user 'john.doe' - {"username":"john.doe"}
Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79758
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79758
Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79758
Updated by Gerrit Code Review over 1 year ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79758
Updated by Gerrit Code Review over 1 year ago
Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79824
Updated by Torben Hansen over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset f16cfa143246679da658c3ec00c43dc70a41c65a.
Updated by