# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2018-09-13 11:19:05
# Node ID f4a398a88d6dba23c675d864963cc23d7ae80ffb
# Parent  b5d3f00dfd67a50b771cd42ca94f30f9e5984bb8

added some more logging for token auth

diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -739,13 +739,18 @@ class User(Base, BaseModel):
         plain_tokens = []
         hash_tokens = []
 
-        for token in tokens_q.all():
-            # verify scope first
+        user_tokens = tokens_q.all()
+        log.debug('Found %s user tokens to check for authentication', len(user_tokens))
+        for token in user_tokens:
+            log.debug('AUTH_TOKEN: checking if user token with id `%s` matches',
+                      token.user_api_key_id)
+            # verify scope first, since it's way faster than hash calculation of
+            # encrypted tokens
             if token.repo_id:
                 # token has a scope, we need to verify it
                 if scope_repo_id != token.repo_id:
                     log.debug(
-                        'Scope mismatch: token has a set repo scope: %s, '
+                        'AUTH_TOKEN: scope mismatch, token has a set repo scope: %s, '
                         'and calling scope is:%s, skipping further checks',
                          token.repo, scope_repo_id)
                     # token has a scope, and it doesn't match, skip token
@@ -761,7 +766,7 @@ class User(Base, BaseModel):
             return True
 
         for hashed in hash_tokens:
-            # TODO(marcink): this is expensive to calculate, but most secure
+            # NOTE(marcink): this is expensive to calculate, but most secure
             match = crypto_backend.hash_check(auth_token, hashed)
             if match:
                 return True