Merge pull request #115 from ubccr/hydra-metrics

Prometheus hydra counters
ubccr · Jan 26, 2023 · b7d3353 · b7d3353
2 parents 47acf0f + 0066ac8
commit b7d3353
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 3 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,5 +1,10 @@
 # Mokey ChangeLog
 
+## [v0.6.1] - 2023-01-26
+
+- Fix account settings update bug
+- Add hydra login prometheus counters
+
 ## [v0.6.0] - 2023-01-25
 
 - Major re-write. New login flow and template layout
@@ -108,3 +113,4 @@
 [v0.5.5]: https://github.com/ubccr/mokey/releases/tag/v0.5.5
 [v0.5.6]: https://github.com/ubccr/mokey/releases/tag/v0.5.6
 [v0.6.0]: https://github.com/ubccr/mokey/releases/tag/v0.6.0
+[v0.6.1]: https://github.com/ubccr/mokey/releases/tag/v0.6.1
diff --git a/server/account.go b/server/account.go
@@ -15,7 +15,6 @@ import (
 
 func (r *Router) AccountSettings(c *fiber.Ctx) error {
 	user := r.user(c)
-	client := r.userClient(c)
 
 	vars := fiber.Map{
 		"user": user,
@@ -29,15 +28,15 @@ func (r *Router) AccountSettings(c *fiber.Ctx) error {
 	user.Last = c.FormValue("last")
 	user.Mobile = c.FormValue("phone")
 
-	userUpdated, err := client.UserMod(user)
+	userUpdated, err := r.adminClient.UserMod(user)
 	if err != nil {
 		if ierr, ok := err.(*ipa.IpaError); ok {
 			log.WithFields(log.Fields{
 				"username": user.Username,
 				"message":  ierr.Message,
 				"code":     ierr.Code,
 			}).Error("Failed to update account settings")
-			vars["message"] = ierr.Message
+			vars["message"] = "Failed to save account settings"
 		} else {
 			log.WithFields(log.Fields{
 				"username": user.Username,

diff --git a/server/hydra.go b/server/hydra.go
@@ -27,6 +27,7 @@ func (r *Router) ConsentGet(c *fiber.Ctx) error {
 		log.WithFields(log.Fields{
 			"ip": RemoteIP(c),
 		}).Error("Consent endpoint was called without a consent challenge")
+		r.metrics.totalHydraFailedLogins.Inc()
 		return c.Status(fiber.StatusBadRequest).SendString("consent without challenge")
 	}
 
@@ -38,6 +39,7 @@ func (r *Router) ConsentGet(c *fiber.Ctx) error {
 		log.WithFields(log.Fields{
 			"error": err,
 		}).Error("Failed to validate the consent challenge")
+		r.metrics.totalHydraFailedLogins.Inc()
 		return c.Status(fiber.StatusInternalServerError).SendString("Failed to validate consent")
 	}
 
@@ -49,10 +51,12 @@ func (r *Router) ConsentGet(c *fiber.Ctx) error {
 			"error":    err,
 			"username": consent.Subject,
 		}).Warn("Failed to find User record for consent")
+		r.metrics.totalHydraFailedLogins.Inc()
 		return c.Status(fiber.StatusInternalServerError).SendString("Failed to validate consent")
 	}
 
 	if viper.GetBool("accounts.require_mfa") && !user.OTPOnly() {
+		r.metrics.totalHydraFailedLogins.Inc()
 		return c.Status(fiber.StatusUnauthorized).SendString("Access denied.")
 	}
 
@@ -78,12 +82,14 @@ func (r *Router) ConsentGet(c *fiber.Ctx) error {
 		log.WithFields(log.Fields{
 			"error": err,
 		}).Error("Failed to accept the consent challenge")
+		r.metrics.totalHydraFailedLogins.Inc()
 		return c.Status(fiber.StatusInternalServerError).SendString("Failed to accept consent")
 	}
 
 	log.WithFields(log.Fields{
 		"username": consent.Subject,
 	}).Info("AUDIT User logged in via Hydra OAuth2 successfully")
+	r.metrics.totalHydraLogins.Inc()
 
 	c.Set("HX-Redirect", *response.Payload.RedirectTo)
 	return c.Redirect(*response.Payload.RedirectTo)
@@ -124,10 +130,12 @@ func (r *Router) LoginOAuthGet(c *fiber.Ctx) error {
 				"error":    err,
 				"username": *login.Subject,
 			}).Warn("Failed to find User record for login")
+			r.metrics.totalHydraFailedLogins.Inc()
 			return c.Status(fiber.StatusInternalServerError).SendString("Failed to validate login")
 		}
 
 		if viper.GetBool("accounts.require_mfa") && !user.OTPOnly() {
+			r.metrics.totalHydraFailedLogins.Inc()
 			return c.Status(fiber.StatusUnauthorized).SendString("Access denied.")
 		}
 
@@ -143,6 +151,7 @@ func (r *Router) LoginOAuthGet(c *fiber.Ctx) error {
 			log.WithFields(log.Fields{
 				"error": err,
 			}).Error("Failed to accept the GET login challenge")
+			r.metrics.totalHydraFailedLogins.Inc()
 			return c.Status(fiber.StatusInternalServerError).SendString("Failed to accept login")
 		}
 

diff --git a/server/metrics.go b/server/metrics.go
@@ -13,6 +13,8 @@ type Metrics struct {
 	handler                       fasthttp.RequestHandler
 	totalLogins                   prometheus.Counter
 	totalFailedLogins             prometheus.Counter
+	totalHydraLogins              prometheus.Counter
+	totalHydraFailedLogins        prometheus.Counter
 	totalSignups                  prometheus.Counter
 	totalPasswordResets           prometheus.Counter
 	totalPasswordResetsSent       prometheus.Counter
@@ -30,6 +32,14 @@ func NewMetrics() *Metrics {
 			Name: "mokey_logins_failed_total",
 			Help: "The total number of failed logins",
 		}),
+		totalHydraLogins: promauto.NewCounter(prometheus.CounterOpts{
+			Name: "mokey_hydra_logins_total",
+			Help: "The total number of successful Hydra logins",
+		}),
+		totalHydraFailedLogins: promauto.NewCounter(prometheus.CounterOpts{
+			Name: "mokey_hydra_logins_failed_total",
+			Help: "The total number of failed Hydra logins",
+		}),
 		totalSignups: promauto.NewCounter(prometheus.CounterOpts{
 			Name: "mokey_signups_total",
 			Help: "The total number of new accounts created",