Change new authorization logic to log a warning rather than rejecting the request

This is the first step in rolling out the changes so that we can check via logging whether turning on the logic would reject anything it should not. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149050878
2026-01-06 21:47:31 +00:00 · 2017-03-02 14:53:03 -08:00
parent b1b69656bd
commit ee2bd594c8
2 changed files with 11 additions and 2 deletions
--- a/java/google/registry/request/RequestHandler.java
+++ b/java/google/registry/request/RequestHandler.java
@@ -171,8 +171,8 @@ public class RequestHandler<C> {
    Optional<AuthResult> authResult =
        requestAuthenticator.authorize(route.get().action().auth(), req);
    if (!authResult.isPresent()) {
-      rsp.sendError(SC_FORBIDDEN);
-      return;
+      logger.warning("Request would not have been authorized");
+      // TODO(b/28219927): Change this to call rsp.sendError(SC_FORBIDDEN) and return
    }

    // Build a new request component using any modules we've constructed by this point.