From 78910485440be400cf132fe37ab64b571ddec78a Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Wed, 3 Jan 2024 14:45:27 +0100
Subject: [PATCH] chg: [internal] Better logging for Oidc

---
 app/Plugin/OidcAuth/Lib/Oidc.php | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/Plugin/OidcAuth/Lib/Oidc.php b/app/Plugin/OidcAuth/Lib/Oidc.php
index 11718a46b..67f712088 100644
--- a/app/Plugin/OidcAuth/Lib/Oidc.php
+++ b/app/Plugin/OidcAuth/Lib/Oidc.php
@@ -44,7 +44,7 @@ class Oidc
         if (!$user) { // User by sub not found, try to find by email
             $user = $this->_findUser($settings, ['User.email' => $mispUsername]);
             if ($user && $user['sub'] !== null && $user['sub'] !== $sub) {
-                $this->log($mispUsername, "User sub doesn't match ({$user['sub']} != $sub), could not login.");
+                $this->log($mispUsername, "User sub doesn't match ({$user['sub']} != $sub), could not login.", LOG_ERR);
                 return false;
             }
         }
@@ -66,7 +66,7 @@ class Oidc
         $roleProperty = $this->getConfig('roles_property', 'roles');
         $roles = $claims->{$roleProperty} ?? $oidc->requestUserInfo($roleProperty);
         if ($roles === null) {
-            $this->log($mispUsername, "Role property `$roleProperty` is missing in claims.");
+            $this->log($mispUsername, "Role property `$roleProperty` is missing in claims.", LOG_WARNING);
             return false;
         }
 
@@ -79,6 +79,8 @@ class Oidc
             return false;
         }
 
+        $offlineAccessEnabled = $this->getConfig('offline_access', false);
+
         if ($user) {
             $this->log($mispUsername, "Found in database with ID {$user['id']}.");
 
@@ -112,7 +114,10 @@ class Oidc
                 $user['disabled'] = false;
             }
 
-            $refreshToken = $this->getConfig('offline_access', false) ? $oidc->getRefreshToken() : null;
+            $refreshToken = $offlineAccessEnabled ? $oidc->getRefreshToken() : null;
+            if ($offlineAccessEnabled && $refreshToken === null) {
+                $this->log($mispUsername, 'Refresh token requested, but not provided.', LOG_WARNING);
+            }
             $this->storeMetadata($user['id'], $claims, $refreshToken);
 
             $this->log($mispUsername, 'Logged in.');
@@ -138,7 +143,10 @@ class Oidc
             throw new RuntimeException("Could not create user `$mispUsername` in database.");
         }
 
-        $refreshToken = $this->getConfig('offline_access', false) ? $oidc->getRefreshToken() : null;
+        $refreshToken = $offlineAccessEnabled ? $oidc->getRefreshToken() : null;
+        if ($offlineAccessEnabled && $refreshToken === null) {
+            $this->log($mispUsername, 'Refresh token requested, but not provided.', LOG_WARNING);
+        }
         $this->storeMetadata($this->User->id, $claims, $refreshToken);
 
         $this->log($mispUsername, "User created in database with ID {$this->User->id}");
@@ -518,8 +526,9 @@ class Oidc
     /**
      * @param string|null $username
      * @param string $message
+     * @param int $type
      */
-    private function log($username, $message)
+    private function log($username, $message, $type = LOG_INFO)
     {
         $log = $username ? "OIDC user `$username`" : "OIDC";
 
@@ -531,6 +540,6 @@ class Oidc
             $log .= " - $message";
         }
 
-        CakeLog::info($log);
+        CakeLog::write($type, $log);
     }
 }