Log unauthorized access to a different user

0cfa506b · ale · 4e9a202b · 0cfa506b
Commit 0cfa506b authored Oct 27, 2018 by ale
--- a/service.go
+++ b/service.go
@@ -230,6 +230,7 @@ func (s *authService) authorizeUser(ctx context.Context, tx TX, req RequestBase)
 	// Requests are allowed if the SSO ticket corresponds to an admin, or if
 	// it identifies the same user that we're querying.
 	if !s.isAdmin(tkt) && tkt.User != req.Username {
+		log.Printf("unauthorized access from user %s to user %s", tkt.User, req.Username)
 		return nil, nil, ErrUnauthorized
 	}