From 31e47d4fbebab360c2667415147efa0acf84cebd Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 7 Nov 2022 12:19:58 +0100
Subject: [PATCH] do more logging during authentication

---
 restapi/index.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/restapi/index.php b/restapi/index.php
index 8774fa5ae..354b26e22 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -2639,6 +2639,7 @@ class Auth { /* {{{ */
         $logger = $this->container->logger;
         $logger->log("Access with method ".$request->getMethod()." on '".$request->getUri()->getPath()."'".(isset($this->container->environment['HTTP_ORIGIN']) ? " with origin ".$this->container->environment['HTTP_ORIGIN'] : ''), PEAR_LOG_INFO);
         if($settings->_apiOrigin && isset($this->container->environment['HTTP_ORIGIN'])) {
+            $logger->log("Checking origin", PEAR_LOG_DEBUG);
             $origins = explode(',', $settings->_apiOrigin);
             if(!in_array($this->container->environment['HTTP_ORIGIN'], $origins)) {
                 return $response->withStatus(403);
@@ -2648,9 +2649,11 @@ class Auth { /* {{{ */
          * don't even try to authorize.
          */
         if($request->getMethod() == 'OPTIONS') {
+            $logger->log("Received preflight options request", PEAR_LOG_DEBUG);
         } elseif(!in_array($request->getUri()->getPath(), array('login')) && substr($request->getUri()->getPath(), 0, 5) != 'echo/') {
             $userobj = null;
             if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) {
+            $logger->log("Authorization key: ".$this->container->environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG);
                 if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) {
                     if(!($userobj = $dms->getUser($settings->_apiUserId))) {
                         return $response->withStatus(403);