Add logging to user management endpoints v2

packages/cli/src/UserManagement/UserManagementHelper.ts

@@ -1,10 +1,12 @@
 /* eslint-disable @typescript-eslint/no-unused-vars */
 /* eslint-disable @typescript-eslint/no-non-null-assertion */
 /* eslint-disable import/no-cycle */
+import express = require('express');
 import { IsNull, Not } from 'typeorm';
 import { Db, GenericHelpers, ResponseHelper } from '..';
 import config = require('../../config');
 import { MAX_PASSWORD_LENGTH, MIN_PASSWORD_LENGTH, User } from '../databases/entities/User';
+import { AuthenticatedRequest } from '../requests';
 import { PublicUser } from './Interfaces';
 
 export const isEmailSetUp = Boolean(config.get('userManagement.emails.mode'));
@@ -46,3 +48,7 @@ export function sanitizeUser(user: User): PublicUser {
 	const { password, resetPasswordToken, createdAt, updatedAt, ...sanitizedUser } = user;
 	return sanitizedUser;
 }
+
+export function isAuthenticatedRequest(request: express.Request): request is AuthenticatedRequest {
+	return request.user !== undefined;
+}

packages/cli/src/UserManagement/email/NodeMailer.ts

@@ -1,5 +1,6 @@
 /* eslint-disable @typescript-eslint/no-unsafe-assignment */
 import { createTransport, Transporter } from 'nodemailer';
+import { LoggerProxy as Logger } from 'n8n-workflow';
 import config = require('../../../config');
 import { MailData, SendEmailResult, UserManagementMailerImplementation } from './Interfaces';
 
@@ -27,7 +28,9 @@ export class NodeMailer implements UserManagementMailerImplementation {
 				text: mailData.textOnly,
 				html: mailData.body,
 			});
+			Logger.verbose('Email sent successfully to', { recipients: mailData.emailRecipients });
 		} catch (error) {
+			Logger.error('Failed to send email', { recipients: mailData.emailRecipients, error });
 			return {
 				success: false,
 				error,

packages/cli/src/UserManagement/routes/index.ts

@@ -7,17 +7,18 @@ import * as passport from 'passport';
 import { Strategy } from 'passport-jwt';
 import { NextFunction, Request, Response } from 'express';
 import * as jwt from 'jsonwebtoken';
+import { LoggerProxy as Logger } from 'n8n-workflow';
 
 import { JwtPayload, N8nApp } from '../Interfaces';
 import { authenticationMethods } from './auth';
 import config = require('../../../config');
-import { User } from '../../databases/entities/User';
 import { issueCookie, resolveJwtContent } from '../auth/jwt';
 import { meNamespace } from './me';
 import { usersNamespace } from './users';
 import { passwordResetNamespace } from './passwordReset';
 import { AuthenticatedRequest } from '../../requests';
 import { ownerNamespace } from './owner';
+import { isAuthenticatedRequest } from '../UserManagementHelper';
 
 export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint: string): void {
 	this.app.use(cookieParser());
@@ -36,6 +37,7 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
 				const user = await resolveJwtContent(jwtPayload);
 				return done(null, user);
 			} catch (error) {
+				Logger.debug('Failed to extract user from JWT payload', { jwtPayload });
 				return done(null, false, { message: 'User not found' });
 			}
 		}),
@@ -78,10 +80,10 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
 		return passport.authenticate('jwt', { session: false })(req, res, next);
 	});
 
-	this.app.use((req: Request, res: Response, next: NextFunction) => {
+	this.app.use((req: Request | AuthenticatedRequest, res: Response, next: NextFunction) => {
 		// req.user is empty for public routes, so just proceed
 		// owner can do anything, so proceed as well
-		if (req.user === undefined || (req.user && (req.user as User).globalRole.name === 'owner')) {
+		if (!req.user || (isAuthenticatedRequest(req) && req.user.globalRole.name === 'owner')) {
 			next();
 			return;
 		}
@@ -98,6 +100,10 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
 			(req.method === 'POST' &&
 				new RegExp(`/${restEndpoint}/users/[^/]/reinvite+`, 'gm').test(trimmedUrl))
 		) {
+			Logger.verbose('User attempted to access endpoint without authorization', {
+				endpoint: `${req.method} ${trimmedUrl}`,
+				userId: isAuthenticatedRequest(req) ? req.user.id : 'unknown',
+			});
 			res.status(403).json({ status: 'error', message: 'Unauthorized' });
 			return;
 		}

packages/cli/src/UserManagement/routes/me.ts

@@ -4,6 +4,7 @@
 import { genSaltSync, hashSync } from 'bcryptjs';
 import express = require('express');
 import validator from 'validator';
+import { LoggerProxy as Logger } from 'n8n-workflow';
 
 import { Db, ResponseHelper } from '../..';
 import { issueCookie } from '../auth/jwt';
@@ -32,10 +33,18 @@ export function meNamespace(this: N8nApp): void {
 		ResponseHelper.send(
 			async (req: MeRequest.Settings, res: express.Response): Promise<PublicUser> => {
 				if (!req.body.email) {
+					Logger.debug('Email not found in payload', {
+						userId: req.user.id,
+						payload: req.body,
+					});
 					throw new ResponseHelper.ResponseError('Email is mandatory', undefined, 400);
 				}
 
 				if (!validator.isEmail(req.body.email)) {
+					Logger.debug('Invalid email in payload', {
+						userId: req.user.id,
+						invalidEmail: req.body.email,
+					});
 					throw new ResponseHelper.ResponseError('Invalid email address', undefined, 400);
 				}
 
@@ -47,6 +56,8 @@ export function meNamespace(this: N8nApp): void {
 
 				const user = await Db.collections.User!.save(newUser);
 
+				Logger.info('User updated successfully', { userId: user.id });
+
 				await issueCookie(res, user);
 
 				return sanitizeUser(user);
@@ -80,6 +91,7 @@ export function meNamespace(this: N8nApp): void {
 			const { body: personalizationAnswers } = req;
 
 			if (!personalizationAnswers) {
+				Logger.debug('Empty survey in payload', { userId: req.user.id });
 				throw new ResponseHelper.ResponseError(
 					'Personalization answers are mandatory',
 					undefined,
@@ -92,6 +104,8 @@ export function meNamespace(this: N8nApp): void {
 				personalizationAnswers,
 			});
 
+			Logger.info('User survey updated successfully', { userId: req.user.id });
+
 			return { success: true };
 		}),
 	);

packages/cli/src/UserManagement/routes/owner.ts

@@ -3,6 +3,7 @@
 import { hashSync, genSaltSync } from 'bcryptjs';
 import * as express from 'express';
 import validator from 'validator';
+import { LoggerProxy as Logger } from 'n8n-workflow';
 
 import { Db, ResponseHelper } from '../..';
 import config = require('../../../config');
@@ -25,16 +26,19 @@ export function ownerNamespace(this: N8nApp): void {
 			const { id: userId } = req.user;
 
 			if (config.get('userManagement.hasOwner')) {
+				Logger.debug('Attempted to create owner when owner already exists', { userId });
 				throw new ResponseHelper.ResponseError('Invalid request', undefined, 400);
 			}
 
 			if (!email || !validator.isEmail(email)) {
+				Logger.debug('Invalid email in payload', { userId, invalidEmail: email });
 				throw new ResponseHelper.ResponseError('Invalid email address', undefined, 400);
 			}
 
 			const validPassword = validatePassword(password);
 
 			if (!firstName || !lastName) {
+				Logger.debug('Missing firstName or lastName in payload', { userId, payload: req.body });
 				throw new ResponseHelper.ResponseError(
 					'First and last names are mandatory',
 					undefined,
@@ -62,13 +66,17 @@ export function ownerNamespace(this: N8nApp): void {
 
 			const owner = await Db.collections.User!.save(newUser);
 
+			Logger.info('Owner updated successfully', { userId: req.user.id });
+
 			config.set('userManagement.hasOwner', true);
 
 			await Db.collections.Settings!.update(
 				{ key: 'userManagement.hasOwner' },
 				{ value: JSON.stringify(true) },
 			);
 
+			Logger.debug('Setting hasOwner updated successfully', { userId: req.user.id });
+
 			await issueCookie(res, owner);
 
 			return sanitizeUser(owner);

packages/cli/src/UserManagement/routes/passwordReset.ts

@@ -7,6 +7,7 @@ import { URL } from 'url';
 import { genSaltSync, hashSync } from 'bcryptjs';
 import validator from 'validator';
 import { IsNull, Not } from 'typeorm';
+import { LoggerProxy as Logger } from 'n8n-workflow';
 
 import { Db, ResponseHelper } from '../..';
 import { N8nApp } from '../Interfaces';
@@ -35,17 +36,20 @@ export function passwordResetNamespace(this: N8nApp): void {
 			const { email } = req.body;
 
 			if (!email) {
+				Logger.debug('Missing email in payload', { payload: req.body });
 				throw new ResponseHelper.ResponseError('Email is mandatory', undefined, 400);
 			}
 
 			if (!validator.isEmail(email)) {
+				Logger.debug('Invalid email in payload', { invalidEmail: email });
 				throw new ResponseHelper.ResponseError('Invalid email address', undefined, 400);
 			}
 
 			// User should just be able to reset password if one is already present
 			const user = await Db.collections.User!.findOne({ email, password: Not(IsNull()) });
 
 			if (!user) {
+				Logger.debug('User not found for email', { invalidEmail: email });
 				return;
 			}
 
@@ -60,13 +64,15 @@ export function passwordResetNamespace(this: N8nApp): void {
 			url.searchParams.append('userId', id);
 			url.searchParams.append('token', resetPasswordToken);
 
-			void UserManagementMailer.getInstance().passwordReset({
+			await UserManagementMailer.getInstance().passwordReset({
 				email,
 				firstName,
 				lastName,
 				passwordResetUrl: url.toString(),
 				domain: baseUrl,
 			});
+
+			Logger.info('Sent password reset email successfully', { userId: user.id, email });
 		}),
 	);
 
@@ -79,14 +85,23 @@ export function passwordResetNamespace(this: N8nApp): void {
 			const { token: resetPasswordToken, userId: id } = req.query;
 
 			if (!resetPasswordToken || !id) {
+				Logger.debug('Missing password reset token or user ID in query string', {
+					queryString: req.query,
+				});
 				throw new ResponseHelper.ResponseError('', undefined, 400);
 			}
 
 			const user = await Db.collections.User!.findOne({ resetPasswordToken, id });
 
 			if (!user) {
+				Logger.debug('User not found for user ID and reset password token', {
+					userId: id,
+					resetPasswordToken,
+				});
 				throw new ResponseHelper.ResponseError('', undefined, 404);
 			}
+
+			Logger.info('Reset-password token resolved successfully', { userId: id });
 		}),
 	);
 
@@ -99,6 +114,9 @@ export function passwordResetNamespace(this: N8nApp): void {
 			const { token: resetPasswordToken, userId, password } = req.body;
 
 			if (!resetPasswordToken || !userId || !password) {
+				Logger.debug('User ID or password or reset password token missing from payload', {
+					payload: req.body,
+				});
 				throw new ResponseHelper.ResponseError('Parameter missing', undefined, 400);
 			}
 
@@ -107,6 +125,10 @@ export function passwordResetNamespace(this: N8nApp): void {
 			const user = await Db.collections.User!.findOne({ id: userId, resetPasswordToken });
 
 			if (!user) {
+				Logger.debug('User not found for user ID and reset password token', {
+					userId,
+					resetPasswordToken,
+				});
 				throw new ResponseHelper.ResponseError('', undefined, 404);
 			}
 
@@ -115,6 +137,8 @@ export function passwordResetNamespace(this: N8nApp): void {
 				resetPasswordToken: null,
 			});
 
+			Logger.info('User password updated successfully', { userId });
+
 			await issueCookie(res, user);
 		}),
 	);