[server] IAM: Report missing session as client error instead of system error

Author: geropl

components/server/src/auth/authenticator.ts

@@ -114,7 +114,8 @@ export class Authenticator {
             return;
         }
         if (!req.session) {
-            increaseLoginCounter("failed", authProvider.info.host);
+            // The session is missing entirely: count as client error
+            increaseLoginCounter("failed_client", authProvider.info.host);
             log.info({}, `No session.`, { "login-flow": true });
             res.redirect(this.getSorryUrl(`No session found. Please refresh the browser.`));
             return;

components/server/src/auth/generic-auth-provider.ts

@@ -336,7 +336,8 @@ export class GenericAuthProvider implements AuthProvider {
 
         // assert additional infomation is attached to current session
         if (!authFlow) {
-            increaseLoginCounter("failed", this.host);
+            // The auth flow state info is missing in the session: count as client error
+            increaseLoginCounter("failed_client", this.host);
 
             log.error(cxt, `(${strategyName}) No session found during auth callback.`, { clientInfo });
             response.redirect(this.getSorryUrl(`Please allow Cookies in your browser and try to log in again.`));

components/server/src/prometheus-metrics.ts

@@ -30,7 +30,15 @@ const loginCounter = new prometheusClient.Counter({
     labelNames: ["status", "auth_host"],
 });
 
-export function increaseLoginCounter(status: string, auth_host: string) {
+type LoginCounterStatus =
+    // The login attempt failed due to a system error (picked up by alerts)
+    | "failed"
+    // The login attempt succeeded
+    | "succeeded"
+    // The login attempt failed, because the client failed to provide complete session information, for instance.
+    | "failed_client";
+
+export function increaseLoginCounter(status: LoginCounterStatus, auth_host: string) {
     loginCounter.inc({
         status,
         auth_host,