mirror of https://github.com/MISP/MISP
chg: [internal] Better logging for Oidc
parent
746ea25045
commit
7891048544
|
@ -44,7 +44,7 @@ class Oidc
|
|||
if (!$user) { // User by sub not found, try to find by email
|
||||
$user = $this->_findUser($settings, ['User.email' => $mispUsername]);
|
||||
if ($user && $user['sub'] !== null && $user['sub'] !== $sub) {
|
||||
$this->log($mispUsername, "User sub doesn't match ({$user['sub']} != $sub), could not login.");
|
||||
$this->log($mispUsername, "User sub doesn't match ({$user['sub']} != $sub), could not login.", LOG_ERR);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -66,7 +66,7 @@ class Oidc
|
|||
$roleProperty = $this->getConfig('roles_property', 'roles');
|
||||
$roles = $claims->{$roleProperty} ?? $oidc->requestUserInfo($roleProperty);
|
||||
if ($roles === null) {
|
||||
$this->log($mispUsername, "Role property `$roleProperty` is missing in claims.");
|
||||
$this->log($mispUsername, "Role property `$roleProperty` is missing in claims.", LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -79,6 +79,8 @@ class Oidc
|
|||
return false;
|
||||
}
|
||||
|
||||
$offlineAccessEnabled = $this->getConfig('offline_access', false);
|
||||
|
||||
if ($user) {
|
||||
$this->log($mispUsername, "Found in database with ID {$user['id']}.");
|
||||
|
||||
|
@ -112,7 +114,10 @@ class Oidc
|
|||
$user['disabled'] = false;
|
||||
}
|
||||
|
||||
$refreshToken = $this->getConfig('offline_access', false) ? $oidc->getRefreshToken() : null;
|
||||
$refreshToken = $offlineAccessEnabled ? $oidc->getRefreshToken() : null;
|
||||
if ($offlineAccessEnabled && $refreshToken === null) {
|
||||
$this->log($mispUsername, 'Refresh token requested, but not provided.', LOG_WARNING);
|
||||
}
|
||||
$this->storeMetadata($user['id'], $claims, $refreshToken);
|
||||
|
||||
$this->log($mispUsername, 'Logged in.');
|
||||
|
@ -138,7 +143,10 @@ class Oidc
|
|||
throw new RuntimeException("Could not create user `$mispUsername` in database.");
|
||||
}
|
||||
|
||||
$refreshToken = $this->getConfig('offline_access', false) ? $oidc->getRefreshToken() : null;
|
||||
$refreshToken = $offlineAccessEnabled ? $oidc->getRefreshToken() : null;
|
||||
if ($offlineAccessEnabled && $refreshToken === null) {
|
||||
$this->log($mispUsername, 'Refresh token requested, but not provided.', LOG_WARNING);
|
||||
}
|
||||
$this->storeMetadata($this->User->id, $claims, $refreshToken);
|
||||
|
||||
$this->log($mispUsername, "User created in database with ID {$this->User->id}");
|
||||
|
@ -518,8 +526,9 @@ class Oidc
|
|||
/**
|
||||
* @param string|null $username
|
||||
* @param string $message
|
||||
* @param int $type
|
||||
*/
|
||||
private function log($username, $message)
|
||||
private function log($username, $message, $type = LOG_INFO)
|
||||
{
|
||||
$log = $username ? "OIDC user `$username`" : "OIDC";
|
||||
|
||||
|
@ -531,6 +540,6 @@ class Oidc
|
|||
$log .= " - $message";
|
||||
}
|
||||
|
||||
CakeLog::info($log);
|
||||
CakeLog::write($type, $log);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue