fix: remove DEBUG log statements left at INFO/WARNING/ERROR level

[arnavp27]

Fixes #633

What

Removes 15 DEBUG: prefixed log statements from auth_service.py and
user_service.py that were accidentally logged at INFO, WARNING, and
ERROR level instead of DEBUG, causing them to appear in production logs.

Changes

• app/modules/auth/auth_service.py — removed 7 statements, including
  the security issue on line 104 where the first 20 characters of a Firebase
  auth token were being written to logs at INFO level on every authenticated
  request
• app/modules/users/user_service.py — removed 8 statements that were
  leaking user emails and UIDs (PII) into production logs on every user lookup

Why

These were debug statements using logging.info/warning/error("DEBUG: ...")
instead of logging.debug(...), so they bypassed log level filtering and ran
in production. Standard auth and user lookup operations don't need verbose
logging.

Summary by CodeRabbit

• Refactor
  • Removed unnecessary debug logging statements from authentication and user management services.
  • Enhanced error handling with clearer diagnostic messages for different exception types.
  • Improved separation of error logging across service methods.
  • All existing functionality preserved with cleaner internal logging.

[coderabbitai]

Walkthrough

Removed DEBUG log statements and diagnostic logging from authentication and user service modules that were running at INFO/ERROR production levels. Includes elimination of a statement logging partial auth tokens, reducing security exposure and log noise.

Changes

Cohort / File(s)	Summary
Auth Service Debug Logging app/modules/auth/auth_service.py	Removed 21 lines of DEBUG-prefixed logging statements from check_auth method without altering token verification or error handling logic.
User Service Logging & Error Handling app/modules/users/user_service.py	Removed DEBUG/info logging statements from user lookup methods; replaced with standard error logging on exceptions. Enhanced get_user_by_email error handling to distinguish SQLAlchemyError from general exceptions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Hop, hop—the logs are clean and bright,
No tokens leaked to morning light,
DEBUG whispers vanish fast,
Production hops secure at last! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removal of debug log statements that were incorrectly set at INFO/WARNING/ERROR levels instead of DEBUG.
Linked Issues check	✅ Passed	The PR addresses all requirements from issue #633: removes 15 debug log statements, prevents token credential leakage from auth_service.py, and prevents PII exposure from user_service.py.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to removing debug log statements; no unrelated modifications to authentication logic, user lookup behavior, or other functionality.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (2)

app/modules/users/user_service.py (2)

129-131: LGTM - PII correctly omitted from error message.

The error logging correctly avoids including the email address, aligning with the PR objective to prevent PII exposure.

Optional: Per static analysis (TRY400), consider using logger.exception instead of logger.error to automatically include the stack trace, which aids debugging while still reducing log verbosity compared to the removed DEBUG statements.

♻️ Optional fix

         except Exception as e:
-            logger.error(f"Error fetching user ID by email: {e}")
+            logger.exception("Error fetching user ID by email")
             return None

,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/modules/users/user_service.py` around lines 129 - 131, Replace the
logger.error call in the except block that handles failures when fetching a user
ID by email with logger.exception so the stack trace is captured while still
avoiding logging the email; locate the except Exception as e in the function
that fetches user ID by email (e.g., get_user_id_by_email /
fetch_user_id_by_email) in user_service.py and change the logging call to
logger.exception("Error fetching user ID by email", exc_info=True) or simply
logger.exception("Error fetching user ID by email") and keep the return None
unchanged.

---

157-159: LGTM - PII correctly omitted from error message.

The error logging correctly avoids including the email addresses, consistent with the other changes in this PR.

Optional: Same as above, consider using logger.exception for automatic stack trace inclusion.

♻️ Optional fix

         except Exception as e:
-            logger.error(f"Error fetching user IDs by emails: {e}")
+            logger.exception("Error fetching user IDs by emails")
             return None

,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/modules/users/user_service.py` around lines 157 - 159, The except block
catching Exception in user_service.py currently calls logger.error(f"Error
fetching user IDs by emails: {e}") without a stack trace; replace that call with
logger.exception("Error fetching user IDs by emails") (or add logger.exception
after the logger.error) so the exception handler (the except Exception as e:
block) logs the full stack trace automatically while still avoiding PII in the
message and then returns None as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@app/modules/users/user_service.py`:
- Around line 129-131: Replace the logger.error call in the except block that
handles failures when fetching a user ID by email with logger.exception so the
stack trace is captured while still avoiding logging the email; locate the
except Exception as e in the function that fetches user ID by email (e.g.,
get_user_id_by_email / fetch_user_id_by_email) in user_service.py and change the
logging call to logger.exception("Error fetching user ID by email",
exc_info=True) or simply logger.exception("Error fetching user ID by email") and
keep the return None unchanged.
- Around line 157-159: The except block catching Exception in user_service.py
currently calls logger.error(f"Error fetching user IDs by emails: {e}") without
a stack trace; replace that call with logger.exception("Error fetching user IDs
by emails") (or add logger.exception after the logger.error) so the exception
handler (the except Exception as e: block) logs the full stack trace
automatically while still avoiding PII in the message and then returns None as
before.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f38075 and bba07df.

📒 Files selected for processing (2)

• app/modules/auth/auth_service.py
• app/modules/users/user_service.py

💤 Files with no reviewable changes (1)

• app/modules/auth/auth_service.py