Adapt loglevel for logs, shorten strings, fix formats, streamline

- Switched to Warn for most errors, reduces bloat, improves log control

internal/auth/auth.go

@@ -176,7 +176,7 @@ func (auth *Authentication) Login(
 		user := (*User)(nil)
 		if username != "" {
 			if user, _ = auth.GetUser(username); err != nil {
-				// log.Warnf("login of unkown user %#v", username)
+				// log.Warnf("login of unkown user %v", username)
 				_ = err
 			}
 		}
@@ -206,12 +206,12 @@ func (auth *Authentication) Login(
 			session.Values["username"] = user.Username
 			session.Values["roles"] = user.Roles
 			if err := auth.sessionStore.Save(r, rw, session); err != nil {
-				log.Errorf("session save failed: %s", err.Error())
+				log.Warnf("session save failed: %s", err.Error())
 				http.Error(rw, err.Error(), http.StatusInternalServerError)
 				return
 			}
 
-			log.Infof("login successfull: user: %#v (roles: %v)", user.Username, user.Roles)
+			log.Infof("login successfull: user: %v (roles: %v)", user.Username, user.Roles)
 			ctx := context.WithValue(r.Context(), ContextUserKey, user)
 			onsuccess.ServeHTTP(rw, r.WithContext(ctx))
 			return

internal/auth/jwt.go

@@ -45,13 +45,13 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	} else {
 		bytes, err := base64.StdEncoding.DecodeString(pubKey)
 		if err != nil {
-			log.Error("Could not decode JWT public key")
+			log.Warn("Could not decode JWT public key")
 			return err
 		}
 		ja.publicKey = ed25519.PublicKey(bytes)
 		bytes, err = base64.StdEncoding.DecodeString(privKey)
 		if err != nil {
-			log.Error("Could not decode JWT private key")
+			log.Warn("Could not decode JWT private key")
 			return err
 		}
 		ja.privateKey = ed25519.PrivateKey(bytes)
@@ -60,7 +60,7 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	if pubKey = os.Getenv("CROSS_LOGIN_JWT_HS512_KEY"); pubKey != "" {
 		bytes, err := base64.StdEncoding.DecodeString(pubKey)
 		if err != nil {
-			log.Error("Could not decode cross login JWT HS512 key")
+			log.Warn("Could not decode cross login JWT HS512 key")
 			return err
 		}
 		ja.loginTokenKey = bytes
@@ -71,7 +71,7 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 	if keyFound && pubKeyCrossLogin != "" {
 		bytes, err := base64.StdEncoding.DecodeString(pubKeyCrossLogin)
 		if err != nil {
-			log.Error("Could not decode cross login JWT public key")
+			log.Warn("Could not decode cross login JWT public key")
 			return err
 		}
 		ja.publicKeyCrossLogin = ed25519.PublicKey(bytes)
@@ -130,7 +130,7 @@ func (ja *JWTAuthenticator) Login(
 		return nil, fmt.Errorf("AUTH/JWT > unkown signing method for login token: %s (known: HS256, HS512, EdDSA)", t.Method.Alg())
 	})
 	if err != nil {
-		log.Error("Error while parsing jwt token")
+		log.Warn("Error while parsing jwt token")
 		return nil, err
 	}
 
@@ -157,7 +157,7 @@ func (ja *JWTAuthenticator) Login(
 	if user == nil {
 		user, err = ja.auth.GetUser(sub)
 		if err != nil && err != sql.ErrNoRows {
-			log.Errorf("Error while loading user '%#v'", sub)
+			log.Errorf("Error while loading user '%v'", sub)
 			return nil, err
 		} else if user == nil {
 			user = &User{
@@ -166,7 +166,7 @@ func (ja *JWTAuthenticator) Login(
 				AuthSource: AuthViaToken,
 			}
 			if err := ja.auth.AddUser(user); err != nil {
-				log.Errorf("Error while adding user '%#v' to auth from token", user.Username)
+				log.Errorf("Error while adding user '%v' to auth from token", user.Username)
 				return nil, err
 			}
 		}
@@ -231,7 +231,7 @@ func (ja *JWTAuthenticator) Auth(
 		return ja.publicKey, nil
 	})
 	if err != nil {
-		log.Error("Error while parsing token")
+		log.Warn("Error while parsing token")
 		return nil, err
 	}
 
@@ -286,7 +286,7 @@ func (ja *JWTAuthenticator) Auth(
 		session.Values["roles"] = roles
 
 		if err := ja.auth.sessionStore.Save(r, rw, session); err != nil {
-			log.Errorf("session save failed: %s", err.Error())
+			log.Warnf("session save failed: %s", err.Error())
 			http.Error(rw, err.Error(), http.StatusInternalServerError)
 			return nil, err
 		}

internal/auth/ldap.go

@@ -39,7 +39,7 @@ func (la *LdapAuthenticator) Init(
 	if la.config != nil && la.config.SyncInterval != "" {
 		interval, err := time.ParseDuration(la.config.SyncInterval)
 		if err != nil {
-			log.Errorf("Could not parse duration for sync interval: %#v", la.config.SyncInterval)
+			log.Warnf("Could not parse duration for sync interval: %v", la.config.SyncInterval)
 			return err
 		}
 
@@ -78,7 +78,7 @@ func (la *LdapAuthenticator) Login(
 
 	l, err := la.getLdapConnection(false)
 	if err != nil {
-		log.Error("Error while getting ldap connection")
+		log.Warn("Error while getting ldap connection")
 		return nil, err
 	}
 	defer l.Close()
@@ -108,14 +108,14 @@ func (la *LdapAuthenticator) Sync() error {
 	users := map[string]int{}
 	rows, err := la.auth.db.Query(`SELECT username FROM user WHERE user.ldap = 1`)
 	if err != nil {
-		log.Error("Error while querying LDAP users")
+		log.Warn("Error while querying LDAP users")
 		return err
 	}
 
 	for rows.Next() {
 		var username string
 		if err := rows.Scan(&username); err != nil {
-			log.Errorf("Error while scanning for user '%s'", username)
+			log.Warnf("Error while scanning for user '%s'", username)
 			return err
 		}
 
@@ -133,7 +133,7 @@ func (la *LdapAuthenticator) Sync() error {
 		la.config.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		la.config.UserFilter, []string{"dn", "uid", "gecos"}, nil))
 	if err != nil {
-		log.Error("LDAP search error")
+		log.Warn("LDAP search error")
 		return err
 	}
 
@@ -155,14 +155,14 @@ func (la *LdapAuthenticator) Sync() error {
 
 	for username, where := range users {
 		if where == IN_DB && la.config.SyncDelOldUsers {
-			log.Debugf("sync: remove %#v (does not show up in LDAP anymore)", username)
+			log.Debugf("sync: remove %v (does not show up in LDAP anymore)", username)
 			if _, err := la.auth.db.Exec(`DELETE FROM user WHERE user.username = ?`, username); err != nil {
 				log.Errorf("User '%s' not in LDAP anymore: Delete from DB failed", username)
 				return err
 			}
 		} else if where == IN_LDAP {
 			name := newnames[username]
-			log.Debugf("sync: add %#v (name: %#v, roles: [user], ldap: true)", username, name)
+			log.Debugf("sync: add %v (name: %v, roles: [user], ldap: true)", username, name)
 			if _, err := la.auth.db.Exec(`INSERT INTO user (username, ldap, name, roles) VALUES (?, ?, ?, ?)`,
 				username, 1, name, "[\""+RoleUser+"\"]"); err != nil {
 				log.Errorf("User '%s' new in LDAP: Insert into DB failed", username)
@@ -180,14 +180,14 @@ func (la *LdapAuthenticator) getLdapConnection(admin bool) (*ldap.Conn, error) {
 
 	conn, err := ldap.DialURL(la.config.Url)
 	if err != nil {
-		log.Error("LDAP URL dial failed")
+		log.Warn("LDAP URL dial failed")
 		return nil, err
 	}
 
 	if admin {
 		if err := conn.Bind(la.config.SearchDN, la.syncPassword); err != nil {
 			conn.Close()
-			log.Error("LDAP connection bind failed")
+			log.Warn("LDAP connection bind failed")
 			return nil, err
 		}
 	}

internal/auth/users.go

@@ -25,7 +25,7 @@ func (auth *Authentication) GetUser(username string) (*User, error) {
 	if err := sq.Select("password", "ldap", "name", "roles", "email").From("user").
 		Where("user.username = ?", username).RunWith(auth.db).
 		QueryRow().Scan(&hashedPassword, &user.AuthSource, &name, &rawRoles, &email); err != nil {
-		log.Errorf("Error while querying user '%#v' from database", username)
+		log.Warnf("Error while querying user '%v' from database", username)
 		return nil, err
 	}
 
@@ -34,7 +34,7 @@ func (auth *Authentication) GetUser(username string) (*User, error) {
 	user.Email = email.String
 	if rawRoles.Valid {
 		if err := json.Unmarshal([]byte(rawRoles.String), &user.Roles); err != nil {
-			log.Error("Error while unmarshaling raw roles from DB")
+			log.Warn("Error while unmarshaling raw roles from DB")
 			return nil, err
 		}
 	}
@@ -67,11 +67,11 @@ func (auth *Authentication) AddUser(user *User) error {
 	}
 
 	if _, err := sq.Insert("user").Columns(cols...).Values(vals...).RunWith(auth.db).Exec(); err != nil {
-		log.Errorf("Error while inserting new user '%#v' into DB", user.Username)
+		log.Errorf("Error while inserting new user '%v' into DB", user.Username)
 		return err
 	}
 
-	log.Infof("new user %#v created (roles: %s, auth-source: %d)", user.Username, rolesJson, user.AuthSource)
+	log.Infof("new user %v created (roles: %s, auth-source: %d)", user.Username, rolesJson, user.AuthSource)
 	return nil
 }
 
@@ -91,7 +91,7 @@ func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error) {
 
 	rows, err := q.RunWith(auth.db).Query()
 	if err != nil {
-		log.Error("Error while querying user list")
+		log.Warn("Error while querying user list")
 		return nil, err
 	}
 
@@ -102,12 +102,12 @@ func (auth *Authentication) ListUsers(specialsOnly bool) ([]*User, error) {
 		user := &User{}
 		var name, email sql.NullString
 		if err := rows.Scan(&user.Username, &name, &email, &rawroles); err != nil {
-			log.Error("Error while scanning user list")
+			log.Warn("Error while scanning user list")
 			return nil, err
 		}
 
 		if err := json.Unmarshal([]byte(rawroles), &user.Roles); err != nil {
-			log.Error("Error while unmarshaling raw role list")
+			log.Warn("Error while unmarshaling raw role list")
 			return nil, err
 		}
 
@@ -125,17 +125,17 @@ func (auth *Authentication) AddRole(
 
 	user, err := auth.GetUser(username)
 	if err != nil {
-		log.Errorf("Could not load user '%s'", username)
+		log.Warnf("Could not load user '%s'", username)
 		return err
 	}
 
 	if role != RoleAdmin && role != RoleApi && role != RoleUser && role != RoleSupport {
-		return fmt.Errorf("AUTH/USERS > invalid user role: %#v", role)
+		return fmt.Errorf("Invalid user role: %v", role)
 	}
 
 	for _, r := range user.Roles {
 		if r == role {
-			return fmt.Errorf("AUTH/USERS > user %#v already has role %#v", username, role)
+			return fmt.Errorf("User %v already has role %v", username, role)
 		}
 	}
 
@@ -150,12 +150,12 @@ func (auth *Authentication) AddRole(
 func (auth *Authentication) RemoveRole(ctx context.Context, username string, role string) error {
 	user, err := auth.GetUser(username)
 	if err != nil {
-		log.Errorf("Could not load user '%s'", username)
+		log.Warnf("Could not load user '%s'", username)
 		return err
 	}
 
 	if role != RoleAdmin && role != RoleApi && role != RoleUser && role != RoleSupport {
-		return fmt.Errorf("AUTH/USERS > invalid user role: %#v", role)
+		return fmt.Errorf("Invalid user role: %v", role)
 	}
 
 	var exists bool
@@ -176,7 +176,7 @@ func (auth *Authentication) RemoveRole(ctx context.Context, username string, rol
 		}
 		return nil
 	} else {
-		return fmt.Errorf("AUTH/USERS > user %#v already does not have role %#v", username, role)
+		return fmt.Errorf("User '%v' already does not have role: %v", username, role)
 	}
 }
 
@@ -191,11 +191,13 @@ func FetchUser(ctx context.Context, db *sqlx.DB, username string) (*model.User,
 	if err := sq.Select("name", "email").From("user").Where("user.username = ?", username).
 		RunWith(db).QueryRow().Scan(&name, &email); err != nil {
 		if err == sql.ErrNoRows {
-			log.Errorf("User '%s' Not found in DB", username)
+			/* This warning will be logged *often* for non-local users, i.e. users mentioned only in job-table or archive, */
+			/* since FetchUser will be called to retrieve full name and mail for every job in query/list									 */
+			// log.Warnf("User '%s' Not found in DB", username)
 			return nil, nil
 		}
 
-		log.Errorf("Error while fetching user '%s'", username)
+		log.Warnf("Error while fetching user '%s'", username)
 		return nil, err
 	}