does sugar log failed api requests for tokens?

Does Sugar log failed requests for API tokens?

I'd like to see if there were any token requests that failed the authentication step.

thank you,

Francesca

Parents
  • Hi Francesca, 

    To see these logs in Sugar you'll need to increase the log level to Error and then they will be caught in sugarcrm.log like this

    Wrong password error:
    Wed Nov 16 09:43:54 2022 [23][-none-][ERROR] An exception happened: ( 401: need_login)You must specify a valid username and password.


    Wrong platform error: 
    Wed Nov 16 09:44:43 2022 [23][-none-][ERROR] An exception happened: ( 422: invalid_parameter)Invalid platform specified.



    To understand which is the user, the only way I find is to increase the log level to info and observe the queries performed in Sugar against the users table.

    Wed Nov 16 10:05:02 2022 [18][-none-][INFO] Query: SELECT users.id FROM users WHERE (users.user_name = ?) AND (users.deleted = ?) LIMIT 1\nParams: {"1":"ThisWastheUserTryingToLogIn","2":0}\nTypes: {"1":2,"2":5}

    I understand this is not optimal but I hope it helps. 

    André

  • Thank you Andre, I was hoping to backtrace the number of attempted token requests by a given user after a password change. So it's too late to change the log level.

  • Hello Francesca, 

    In the user_preferences table Sugar stores the failed login attempts for each user. 

    Base64 Decode the contents and search for the loginfailed parameter. 

    From my tests this is incremental and it does not reset after a user has a successful login.

  • So there is only one entry, in the category = global, an it's:

    s:11:loginfailed

    Does that mean that it failed only once? I suppose there is no way to know when it failed.

  • Hi Francesca,

    The s:11 is the separator, after that you'll have the number of times that the login failed: 

    I am afraid there is no way to know when it failed. However, this parameter is set to "0" when you change the password, so it is safe to assume that it shows the failed logins since the last password change. 

    You can test this with your user with the endpoint:

    GET: http://<sugarurl>/rest/v11/me/preferences

    You can also get this value via code for any user like this: 

    $failedlogins=$user->getPreference('loginfailed');

    I can't find an out-of-the-box endpoint to retrieve preferences for other users, but you could create a custom one should you need it. 
    I hope this helps. 
Reply
  • Hi Francesca,

    The s:11 is the separator, after that you'll have the number of times that the login failed: 

    I am afraid there is no way to know when it failed. However, this parameter is set to "0" when you change the password, so it is safe to assume that it shows the failed logins since the last password change. 

    You can test this with your user with the endpoint:

    GET: http://<sugarurl>/rest/v11/me/preferences

    You can also get this value via code for any user like this: 

    $failedlogins=$user->getPreference('loginfailed');

    I can't find an out-of-the-box endpoint to retrieve preferences for other users, but you could create a custom one should you need it. 
    I hope this helps. 
Children
No Data