From 4f06c24a576ec77c34f065f91277f68bf68ee82a Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Wed, 29 Dec 2021 12:22:21 +0000
Subject: [PATCH] DEV: Do not log API key scope and/or source-ip mismatches
 (#15423)

Using an incorrectly-scoped API key is something which should be fixed by the client - no need to log errors on the server-side.
---
 lib/auth/default_current_user_provider.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 4f369d92409..519caeae939 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -369,8 +369,7 @@ class Auth::DefaultCurrentUserProvider
     if api_key = ApiKey.active.with_key(api_key_value).includes(:user).first
       api_username = header_api_key? ? @env[HEADER_API_USERNAME] : request[API_USERNAME]
 
-      unless api_key.request_allowed?(@env)
-        Rails.logger.warn("[Unauthorized API Access] username: #{api_username}, IP address: #{request.ip}")
+      if !api_key.request_allowed?(@env)
         return nil
       end