From bef0bea2ee815ce5a605df0cbb6499baeef54e38 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 29 Oct 2018 11:35:24 +0000
Subject: [PATCH] Improve logging for exchange failures

---
 server/http.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/server/http.go b/server/http.go
index c5df44b..93cc0b6 100644
--- a/server/http.go
+++ b/server/http.go
@@ -290,8 +290,13 @@ func (h *Server) handleExchange(w http.ResponseWriter, req *http.Request) {
 	reqGroups := strings.Split(req.FormValue("new_groups"), ",")
 
 	token, err := h.loginService.Exchange(curToken, curService, curNonce, newService, newNonce, reqGroups)
-	if err != nil {
-		log.Printf("exchange error: %v", err)
+	switch {
+	case err == ErrUnauthorized:
+		log.Printf("unauthorized exchange request (%s -> %s)", curService, newService)
+		http.Error(w, "Forbidden", http.StatusForbidden)
+		return
+	case err != nil:
+		log.Printf("exchange error (%s -> %s): %v", curService, newService, err)
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
-- 
GitLab