Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add trace logging to SSO methods #15803

Merged
merged 3 commits into from
May 9, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions modules/auth/sso/basic.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,12 +66,16 @@ func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store D
// Assume username is token
authToken := uname
if !isUsernameToken {
log.Trace("Basic Authorization: Attempting login for: %s", uname)
// Assume password is token
authToken = passwd
} else {
log.Trace("Basic Authorization: Attempting login with username as token")
}

uid := CheckOAuthAccessToken(authToken)
if uid != 0 {
log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
var err error
store.GetData()["IsApiToken"] = true

Expand All @@ -83,6 +87,8 @@ func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store D
}
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {
log.Trace("Basic Authorization: Valid AccessToken for user[%d]", uid)

u, err = models.GetUserByID(token.UID)
if err != nil {
log.Error("GetUserByID: %v", err)
Expand All @@ -98,6 +104,8 @@ func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store D
}

if u == nil {
log.Trace("Basic Authorization: Attempting SignIn for %s", uname)

u, err = models.UserSignIn(uname, passwd)
if err != nil {
if !models.IsErrUserNotExist(err) {
Expand All @@ -109,5 +117,7 @@ func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store D
store.GetData()["IsApiToken"] = true
}

log.Trace("Basic Authorization: Logged in user %-v", u)

return u
}
2 changes: 2 additions & 0 deletions modules/auth/sso/oauth2.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ func (o *OAuth2) VerifyAuthData(req *http.Request, w http.ResponseWriter, store
if id <= 0 {
return nil
}
log.Trace("OAuth2 Authorization: Found token for user[%d]", id)

user, err := models.GetUserByID(id)
if err != nil {
Expand All @@ -139,5 +140,6 @@ func (o *OAuth2) VerifyAuthData(req *http.Request, w http.ResponseWriter, store
return nil
}

log.Trace("OAuth2 Authorization: Logged in user %-v", user)
return user
}
2 changes: 2 additions & 0 deletions modules/auth/sso/reverseproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ func (r *ReverseProxy) VerifyAuthData(req *http.Request, w http.ResponseWriter,
if len(username) == 0 {
return nil
}
log.Trace("ReverseProxy Authorization: Found username: %s", username)

user, err := models.GetUserByName(username)
if err != nil {
Expand All @@ -75,6 +76,7 @@ func (r *ReverseProxy) VerifyAuthData(req *http.Request, w http.ResponseWriter,
return nil
}

log.Trace("ReverseProxy Authorization: Logged in user %-v", user)
return user
}

Expand Down
4 changes: 4 additions & 0 deletions modules/auth/sso/sso.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ func SessionUser(sess SessionStore) *models.User {
if uid == nil {
return nil
}
log.Trace("Session Authorization: Found user[%d]", uid)

id, ok := uid.(int64)
if !ok {
return nil
Expand All @@ -90,6 +92,8 @@ func SessionUser(sess SessionStore) *models.User {
}
return nil
}

log.Trace("Session Authorization: Logged in user %-v", user)
return user
}

Expand Down
2 changes: 2 additions & 0 deletions modules/auth/sso/sspi_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ func (s *SSPI) VerifyAuthData(req *http.Request, w http.ResponseWriter, store Da
return nil
}

log.Trace("SSPI Authorization: Attempting to authenticate")
userInfo, outToken, err := sspiAuth.Authenticate(req, w)
if err != nil {
log.Warn("Authentication failed with error: %v\n", err)
Expand Down Expand Up @@ -140,6 +141,7 @@ func (s *SSPI) VerifyAuthData(req *http.Request, w http.ResponseWriter, store Da
handleSignIn(w, req, sess, user)
}

log.Trace("SSPI Authorization: Logged in user %-v", user)
return user
}

Expand Down