Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ServerTokenStoreImpl lack of proper logging #115

Closed
longirun opened this issue Jul 31, 2020 · 0 comments
Closed

ServerTokenStoreImpl lack of proper logging #115

longirun opened this issue Jul 31, 2020 · 0 comments
Assignees
@dtaimanov @maistrenkoIulia
Labels
state: fixed Fixed by the developer type: enhancement New feature or request ver: 7.2.2 ver: 7.3.0 Fixed in version
Milestone
Release 7.2

Comments

@longirun
Copy link

longirun commented Jul 31, 2020
edited by dtaimanov
Loading

Environment

Platform version: all 6.xx to 7.xx
Addon version: all

Description the enhancement

There should be ability to switch on/off the debugging logging for cases something goes wrong and we need to locate the issue. For example (spring approach is ok):

if (logger.isDebugEnabled()) {
    logger.debug("Remove access token using refresh token " + refreshTokenValue);
}

Desired methods are:

public void removeAccessToken(String tokenValue)
public void deleteExpiredTokens()
public void storeAccessToken(String tokenValue, byte[] accessTokenBytes, String authenticationKey, byte[] authenticationBytes, Date tokenExpiry, String userLogin, Locale locale, String refreshTokenValue)
public void removeRefreshToken(String refreshTokenValue)
public void storeRefreshToken(String refreshTokenValue, byte[] refreshTokenBytes, byte[] authenticationBytes, Date tokenExpiry, String userLogin)
public void removeAccessTokenUsingRefreshToken(String refreshTokenValue)
public byte[] getRefreshTokenByTokenValue(String tokenValue)
public byte[] getAuthenticationByRefreshTokenValue(String tokenValue)
Possible implementation (in our project, it is better to obfuscate active tokens): 
public class EgisServerTokenStoreImpl extends ServerTokenStoreImpl {
    @Override
    public void removeAccessToken(String tokenValue) {
        log.debug("Remove access token " + tokenValue);

        super.removeAccessToken(tokenValue);

        messagingTokenStore.removeToken(tokenValue);
    }

    @Override
    public void deleteExpiredTokens() {
        log.debug("Start deleting expired access and refresh tokens");

        super.deleteExpiredTokens();
    }

    @Override
    public void storeAccessToken(String tokenValue, byte[] accessTokenBytes, String authenticationKey, byte[] authenticationBytes, Date tokenExpiry, String userLogin, Locale locale, String refreshTokenValue) {
        log.debug("Store access token {} for user {}, expiring {}", ObfuscationHelper.obfuscateToken(tokenValue),
                ObfuscationHelper.obfuscateEmail(userLogin), tokenExpiry);

        super.storeAccessToken(tokenValue, accessTokenBytes, authenticationKey, authenticationBytes, tokenExpiry, userLogin, locale, refreshTokenValue);
    }

    @Override
    public void removeRefreshToken(String refreshTokenValue) {
        log.debug("Remove refresh token " + refreshTokenValue);

        super.removeRefreshToken(refreshTokenValue);

        clusterManagerAPI.send(new TokenStoreRemoveRefreshTokenMsg(refreshTokenValue));
    }

    @Override
    public void storeRefreshToken(String refreshTokenValue, byte[] refreshTokenBytes, byte[] authenticationBytes, Date tokenExpiry, String userLogin) {
        log.debug("Store refresh token {} for user {}, expiring {}", ObfuscationHelper.obfuscateToken(refreshTokenValue),
                ObfuscationHelper.obfuscateEmail(userLogin), tokenExpiry);

        super.storeRefreshToken(refreshTokenValue, refreshTokenBytes, authenticationBytes, tokenExpiry, userLogin);

        clusterManagerAPI.send(new TokenStoreAddRefreshTokenMsg(refreshTokenValue, refreshTokenBytes, authenticationBytes, tokenExpiry, userLogin, null));
    }

    @Override
    public void removeAccessTokenUsingRefreshToken(String refreshTokenValue) {
        log.debug("Remove access token using refresh token " + refreshTokenValue);

        super.removeAccessTokenUsingRefreshToken(refreshTokenValue);
    }

    @Override
    public byte[] getRefreshTokenByTokenValue(String tokenValue) {
        log.debug("Get refresh token by value " + ObfuscationHelper.obfuscateToken(tokenValue));

        return super.getRefreshTokenByTokenValue(tokenValue);
    }

    @Override
    public byte[] getAuthenticationByRefreshTokenValue(String tokenValue) {
        log.debug("Get auth by Refresh token " + ObfuscationHelper.obfuscateToken(tokenValue));

        byte[] auth = super.getAuthenticationByRefreshTokenValue(tokenValue);
        if (auth == null) {
            log.warn("Auth bytes not found for refresh token " + ObfuscationHelper.obfuscateToken(tokenValue));

            super.getRefreshTokenByTokenValue(tokenValue);
            auth = super.getAuthenticationByRefreshTokenValue(tokenValue);
        }

        return auth;
    }
}

Implementation:

  • Logging has been added to desired methods.
  • Two protected methods added into ServerTokenStoreImpl.java for obfuscation tuning:
protected String obfuscateToken(String token) //uses RestTokenMasker to mask token by default; considers "cuba.rest.tokenMaskingEnabled" setting
protected String obfuscateUser(String user) //default implementation does nothing: same user returned

QA Notes

  1. Use project with restapi addon and enable debug logging for com.haulmont.addon.restapi.store. e.g add in logback.xml:
    <logger name="com.haulmont.addon.restapi.store" level="DEBUG">
        <appender-ref ref="Console"/>
        <appender-ref ref="File"/>
    </logger>
  1. Check logs for bean ServerTokenStoreImpl after user authorisation
    ER: logs in app.log about
public void storeAccessToken(String tokenValue, byte[] accessTokenBytes, String authenticationKey, byte[] authenticationBytes, Date tokenExpiry, String userLogin, Locale locale, String refreshTokenValue)
public void storeRefreshToken(String refreshTokenValue, byte[] refreshTokenBytes, byte[] authenticationBytes, Date tokenExpiry, String userLogin)
  1. Create JMX-bean/screen to invoke methods and check logs for:
public void removeAccessToken(String tokenValue)
public void deleteExpiredTokens()
public void removeRefreshToken(String refreshTokenValue)
public void removeAccessTokenUsingRefreshToken(String refreshTokenValue)
public byte[] getRefreshTokenByTokenValue(String tokenValue)
public byte[] getAuthenticationByRefreshTokenValue(String tokenValue)
@knstvk knstvk added the type: enhancement New feature or request label Aug 3, 2020
@knstvk knstvk added this to the Release 7.2 milestone Aug 3, 2020
@andreysubbotin andreysubbotin assigned dtaimanov and unassigned t2-cuba Aug 27, 2020
dtaimanov added a commit that referenced this issue Sep 2, 2020
@dtaimanov
ServerTokenStoreImpl lack of proper logging #115
8758907
dtaimanov added a commit that referenced this issue Sep 4, 2020
@dtaimanov
ServerTokenStoreImpl lack of proper logging #115
483ffc6
dtaimanov added a commit that referenced this issue Sep 4, 2020
@dtaimanov
ServerTokenStoreImpl lack of proper logging #115
55197a2
@dtaimanov dtaimanov added ver: 7.2.2 ver: 7.3.0 Fixed in version labels Sep 4, 2020
@natfirst natfirst assigned maistrenkoIulia and unassigned natfirst Sep 4, 2020
@maistrenkoIulia maistrenkoIulia added the state: fixed Fixed by the developer label Sep 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dtaimanov dtaimanov

@maistrenkoIulia maistrenkoIulia

Labels
state: fixed Fixed by the developer type: enhancement New feature or request ver: 7.2.2 ver: 7.3.0 Fixed in version
Projects
None yet
Milestone
Release 7.2
Development

No branches or pull requests
6 participants
@knstvk @natfirst @longirun @dtaimanov @t2-cuba @maistrenkoIulia