Reduce logging of ApiTokenRealm

scm-webapp/src/main/java/sonia/scm/security/ApiKeyRealm.java

@@ -24,6 +24,7 @@
 
 package sonia.scm.security;
 
+import com.google.common.io.BaseEncoding;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UsernamePasswordToken;
@@ -61,13 +62,14 @@ public class ApiKeyRealm extends AuthenticatingRealm {
   }
 
   @Override
+  @SuppressWarnings("java:S4738") // java.util.Base64 has no canDecode method
   public boolean supports(AuthenticationToken token) {
     if (token instanceof UsernamePasswordToken || token instanceof BearerToken) {
-      boolean containsDot = getPassword(token).contains(".");
-      if (containsDot) {
-        LOG.debug("Ignoring token with at least one dot ('.'); this is probably a JWT token");
+      boolean isBase64 = BaseEncoding.base64().canDecode(getPassword(token));
+      if (!isBase64) {
+        LOG.debug("Ignoring non base 64 token; this is probably a JWT token or a normal password");
       }
-      return !containsDot;
+      return isBase64;
     }
     return false;
   }

scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java

@@ -28,7 +28,6 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.jsonwebtoken.io.Decoder;
 import io.jsonwebtoken.io.Decoders;
-import io.jsonwebtoken.io.DecodingException;
 import io.jsonwebtoken.io.Encoder;
 import io.jsonwebtoken.io.Encoders;
 import lombok.AllArgsConstructor;
@@ -62,8 +61,8 @@ class ApiKeyTokenHandler {
   Optional<Token> readToken(String token) {
     try {
       return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class));
-    } catch (IOException | DecodingException e) {
-      LOG.warn("error reading api token", e);
+    } catch (IOException e) {
+      LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password", e);
       return empty();
     }
   }