yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revert: restore truncated token_prefix in agent auth log messages

Browse Source 
A 6-character prefix of the token is standard practice for debugging
failed auth attempts and is not a security risk. Restored in both
required and optional auth paths, and removed the now-incorrect test
that asserted its absence.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
2026-03-03 22:14:06 -07:00
committed by Abhimanyu Saharan
parent b2fb8a082d
commit 54279bf413
2 changed files with 4 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/app/core/agent_auth.py
View File

@@ -132,8 +132,9 @@ async def get_agent_auth_context(
agent = await _find_agent_for_token(session, resolved)
if agent is None:
logger.warning(
"agent auth invalid token path=%s",
"agent auth invalid token path=%s token_prefix=%s",
request.url.path,
resolved[:6],
)
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
await _touch_agent_presence(request, session, agent)
@@ -173,8 +174,9 @@ async def get_agent_auth_context_optional(
if agent is None:
if agent_token:
logger.warning(
"agent auth optional invalid token path=%s",
"agent auth optional invalid token path=%s token_prefix=%s",
request.url.path,
resolved[:6],
)
return None
await _touch_agent_presence(request, session, agent)