Reduce noise on error log
* downgrade some common exceptions from error to warning * refactored to string method on httpmessage * added log level to server config Change-Id: I3f7d8a218e0fabb7c070d161e98619b85527307c
This commit is contained in:
Sebastian Marcet
parent
9db633c111
commit
6bf8de3d3e
|
|
@ -54,4 +54,6 @@ return array(
|
|||
'OAuth2SecurityPolicy_MaxInvalidRedeemAuthCodeAttempts' => 10,
|
||||
'OAuth2SecurityPolicy_MaxInvalidClientCredentialsAttempts' => 5,
|
||||
'Banning_Enable' => true,
|
||||
'FileLog_Level' => 'warning',
|
||||
'EmailLog_Level' => 'error',
|
||||
);
|
||||
|
|
@ -54,10 +54,9 @@ abstract class OAuth2Request {
|
|||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function toString()
|
||||
public function __toString()
|
||||
{
|
||||
$string = $this->message->toString();
|
||||
return $string;
|
||||
return $this->message->__toString();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -59,11 +59,6 @@ class OpenIdMessage extends HttpMessage
|
|||
return false;
|
||||
}
|
||||
|
||||
public function toString()
|
||||
{
|
||||
$string = var_export($this->container, true);
|
||||
return $string;
|
||||
}
|
||||
|
||||
protected function setMode($mode)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -161,44 +161,36 @@ final class OpenIdAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
$this->checkpoint_service->trackException($inv_assoc_type);
|
||||
$this->log_service->warning($inv_assoc_type);
|
||||
if (!is_null($this->current_request)) {
|
||||
$this->log_service->error_msg("current request: " . $this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
}
|
||||
|
||||
return new OpenIdIndirectGenericErrorResponse($inv_assoc_type->getMessage(), null, null,
|
||||
$this->current_request);
|
||||
return new OpenIdIndirectGenericErrorResponse($inv_assoc_type->getMessage(), null, null,$this->current_request);
|
||||
} catch (OpenIdInvalidRealmException $inv_realm_ex) {
|
||||
$this->checkpoint_service->trackException($inv_realm_ex);
|
||||
$this->log_service->error($inv_realm_ex);
|
||||
$this->log_service->warning($inv_realm_ex);
|
||||
if (!is_null($this->current_request)) {
|
||||
$this->log_service->error_msg("current request: " . $this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
}
|
||||
|
||||
return new OpenIdIndirectGenericErrorResponse($inv_realm_ex->getMessage(), null, null,
|
||||
$this->current_request);
|
||||
return new OpenIdIndirectGenericErrorResponse($inv_realm_ex->getMessage(), null, null, $this->current_request);
|
||||
} catch (ReplayAttackException $replay_ex) {
|
||||
$this->checkpoint_service->trackException($replay_ex);
|
||||
$this->log_service->error($replay_ex);
|
||||
$this->log_service->warning($replay_ex);
|
||||
if (!is_null($this->current_request)) {
|
||||
$this->log_service->error_msg("current request: " . $this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);;
|
||||
}
|
||||
|
||||
return new OpenIdIndirectGenericErrorResponse($replay_ex->getMessage(), null, null, $this->current_request);
|
||||
} catch (InvalidOpenIdMessageException $inv_msg_ex) {
|
||||
$this->checkpoint_service->trackException($inv_msg_ex);
|
||||
$this->log_service->error($inv_msg_ex);
|
||||
$this->log_service->warning($inv_msg_ex);
|
||||
if (!is_null($this->current_request)) {
|
||||
$this->log_service->error_msg("current request: " . $this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);;
|
||||
}
|
||||
|
||||
return new OpenIdIndirectGenericErrorResponse($inv_msg_ex->getMessage(), null, null,
|
||||
$this->current_request);
|
||||
return new OpenIdIndirectGenericErrorResponse($inv_msg_ex->getMessage(), null, null, $this->current_request);
|
||||
} catch (Exception $ex) {
|
||||
$this->checkpoint_service->trackException($ex);
|
||||
$this->log_service->error($ex);
|
||||
if (!is_null($this->current_request)) {
|
||||
$this->log_service->error_msg("current request: " . $this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);;
|
||||
}
|
||||
|
||||
return new OpenIdIndirectGenericErrorResponse("Server Error", null, null, $this->current_request);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -122,34 +122,34 @@ final class OpenIdCheckAuthenticationRequestHandler extends OpenIdMessageHandler
|
|||
$this->log_service->warning($inv_assoc_ex);
|
||||
$response = new OpenIdDirectGenericErrorResponse($inv_assoc_ex->getMessage());
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->error_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (ReplayAttackException $replay_ex) {
|
||||
$this->checkpoint_service->trackException($replay_ex);
|
||||
$this->log_service->warning($replay_ex);
|
||||
$response = new OpenIdDirectGenericErrorResponse($replay_ex->getMessage());
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->error_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (InvalidNonce $inv_nonce_ex) {
|
||||
$this->checkpoint_service->trackException($inv_nonce_ex);
|
||||
$this->log_service->error($inv_nonce_ex);
|
||||
$response = new OpenIdDirectGenericErrorResponse($inv_nonce_ex->getMessage());
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->error_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (InvalidOpenIdMessageException $inv_msg_ex) {
|
||||
$this->checkpoint_service->trackException($inv_msg_ex);
|
||||
$this->log_service->error($inv_msg_ex);
|
||||
$response = new OpenIdDirectGenericErrorResponse($inv_msg_ex->getMessage());
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->error_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (Exception $ex) {
|
||||
$this->checkpoint_service->trackException($ex);
|
||||
$this->log_service->error($ex);
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->error_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return new OpenIdDirectGenericErrorResponse("Server Error");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,8 +62,8 @@ abstract class OpenIdMessageHandler
|
|||
} else if (isset($this->successor) && !is_null($this->successor)) {
|
||||
return $this->successor->handleMessage($message);
|
||||
}
|
||||
$this->log_service->warning_msg(sprintf(OpenIdErrorMessages::UnhandledMessage, $message->toString()));
|
||||
$ex = new InvalidOpenIdMessageException(sprintf(OpenIdErrorMessages::UnhandledMessage, $message->toString()));
|
||||
$this->log_service->warning_msg(sprintf(OpenIdErrorMessages::UnhandledMessage, $message));
|
||||
$ex = new InvalidOpenIdMessageException(sprintf(OpenIdErrorMessages::UnhandledMessage, $message));
|
||||
$this->checkpoint_service->trackException($ex);
|
||||
throw $ex;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,28 +46,28 @@ final class OpenIdSessionAssociationRequestHandler extends OpenIdMessageHandler
|
|||
$response = new OpenIdAssociationSessionUnsuccessfulResponse($inv_session_ex->getMessage());
|
||||
$this->log_service->warning($inv_session_ex);
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (InvalidAssociationTypeException $inv_assoc_ex) {
|
||||
$this->checkpoint_service->trackException($inv_assoc_ex);
|
||||
$response = new OpenIdAssociationSessionUnsuccessfulResponse($inv_assoc_ex->getMessage());
|
||||
$this->log_service->warning($inv_assoc_ex);
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (InvalidOpenIdMessageException $inv_msg_ex) {
|
||||
$response = new OpenIdDirectGenericErrorResponse($inv_msg_ex->getMessage());
|
||||
$this->checkpoint_service->trackException($inv_msg_ex);
|
||||
$this->log_service->warning($inv_msg_ex);
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
} catch (Exception $ex) {
|
||||
$this->checkpoint_service->trackException($ex);
|
||||
$response = new OpenIdDirectGenericErrorResponse('Server Error');
|
||||
$this->log_service->error($ex);
|
||||
if(!is_null($this->current_request))
|
||||
$this->log_service->error_msg("current request: ".$this->current_request->toString());
|
||||
$this->log_service->warning_msg("current request: ".$this->current_request);
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,19 +63,23 @@ class OpenIdAuthenticationRequest extends OpenIdRequest
|
|||
*/
|
||||
public function isValid()
|
||||
{
|
||||
|
||||
$return_to = $this->getReturnTo();
|
||||
$claimed_id = $this->getClaimedId();
|
||||
$identity = $this->getIdentity();
|
||||
$mode = $this->getMode();
|
||||
$realm = $this->getRealm();
|
||||
$valid_id = $this->isValidIdentifier($claimed_id, $identity);
|
||||
$valid_realm = OpenIdUriHelper::checkRealm($realm, $return_to);
|
||||
$return_to = $this->getReturnTo();
|
||||
$claimed_id = $this->getClaimedId();
|
||||
$identity = $this->getIdentity();
|
||||
$mode = $this->getMode();
|
||||
$realm = $this->getRealm();
|
||||
$valid_id = $this->isValidIdentifier($claimed_id, $identity);
|
||||
$valid_return_to = OpenIdUriHelper::checkReturnTo($return_to);
|
||||
$valid_realm = OpenIdUriHelper::checkRealm($realm, $return_to);
|
||||
|
||||
if (empty($return_to)) {
|
||||
throw new InvalidOpenIdMessageException('return_to is empty.');
|
||||
}
|
||||
|
||||
if (!$valid_return_to) {
|
||||
throw new InvalidOpenIdMessageException(sprintf('invalid return_to %s', $return_to));
|
||||
}
|
||||
|
||||
if (empty($realm)) {
|
||||
throw new InvalidOpenIdMessageException('realm is empty.');
|
||||
}
|
||||
|
|
@ -111,9 +115,7 @@ class OpenIdAuthenticationRequest extends OpenIdRequest
|
|||
|
||||
public function getReturnTo()
|
||||
{
|
||||
$return_to = $this->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo);
|
||||
|
||||
return (OpenIdUriHelper::checkReturnTo($return_to)) ? $return_to : "";
|
||||
return $this->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo);
|
||||
}
|
||||
|
||||
public function getClaimedId()
|
||||
|
|
|
|||
|
|
@ -41,9 +41,11 @@ abstract class OpenIdRequest
|
|||
return $this->message->getParam($param);
|
||||
}
|
||||
|
||||
public function toString()
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function __toString()
|
||||
{
|
||||
$string = $this->message->toString();
|
||||
return $string;
|
||||
return $this->message->__toString();
|
||||
}
|
||||
}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace utils\http;
|
||||
|
||||
use utils\IPHelper;
|
||||
|
||||
/**
|
||||
* Class HttpMessage
|
||||
* @package utils\http
|
||||
|
|
@ -23,8 +25,9 @@ class HttpMessage implements \ArrayAccess
|
|||
}
|
||||
|
||||
/**
|
||||
* arrayaccess methods
|
||||
* */
|
||||
* @param mixed $offset
|
||||
* @param mixed $value
|
||||
*/
|
||||
public function offsetSet($offset, $value)
|
||||
{
|
||||
if (is_null($offset)) {
|
||||
|
|
@ -34,18 +37,38 @@ class HttpMessage implements \ArrayAccess
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $offset
|
||||
* @return bool
|
||||
*/
|
||||
public function offsetExists($offset)
|
||||
{
|
||||
return isset($this->container[$offset]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $offset
|
||||
*/
|
||||
public function offsetUnset($offset)
|
||||
{
|
||||
unset($this->container[$offset]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $offset
|
||||
* @return null
|
||||
*/
|
||||
public function offsetGet($offset)
|
||||
{
|
||||
return isset($this->container[$offset]) ? $this->container[$offset] : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function __toString()
|
||||
{
|
||||
$string = var_export(array_merge(array('from_ip' => IPHelper::getUserIp()), $this->container), true);
|
||||
return (string)$string;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,10 +14,9 @@ use openid\exceptions\InvalidOpenIdMessageException;
|
|||
use utils\services\ServiceLocator;
|
||||
use utils\services\UtilsServiceCatalog;
|
||||
use oauth2\exceptions\InvalidOAuth2Request;
|
||||
use Monolog\Logger;
|
||||
use Monolog\Handler\NativeMailerHandler;
|
||||
use Illuminate\Support\Facades\App;
|
||||
|
||||
use Illuminate\Support\Facades\Config;
|
||||
|
||||
ClassLoader::addDirectories(array(
|
||||
app_path() . '/commands',
|
||||
|
|
@ -39,7 +38,7 @@ ClassLoader::addDirectories(array(
|
|||
|
||||
$logFile = 'log-' . php_sapi_name() . '.txt';
|
||||
|
||||
Log::useDailyFiles(storage_path() . '/logs/' . $logFile, $days = 0, $level = 'debug');
|
||||
Log::useDailyFiles(storage_path() . '/logs/' . $logFile, $days = 0, Config::get('server.FileLog_Level', 'warning'));
|
||||
|
||||
//set email log
|
||||
$to = Config::get('log.to_email');
|
||||
|
|
@ -48,7 +47,8 @@ $from = Config::get('log.from_email');
|
|||
if(!empty($to) && !empty($from)){
|
||||
$subject = 'openstackid error';
|
||||
$mono_log = Log::getMonolog();
|
||||
$handler = new NativeMailerHandler($to, $subject, $from, $level = Logger::ERROR);
|
||||
$handler = new NativeMailerHandler($to, $subject, $from);
|
||||
$handler->setLevel(Config::get('server.EmailLog_Level', 'error'));
|
||||
$mono_log->pushHandler($handler);
|
||||
}
|
||||
|
||||
|
|
@ -91,7 +91,6 @@ if (Config::get('database.log', false)){
|
|||
|
|
||||
*/
|
||||
|
||||
|
||||
App::error(function (Exception $exception, $code) {
|
||||
Log::error($exception);
|
||||
if(!App::runningInConsole()) {
|
||||
|
|
@ -103,9 +102,8 @@ App::error(function (Exception $exception, $code) {
|
|||
}
|
||||
});
|
||||
|
||||
|
||||
App::error(function (InvalidOpenIdMessageException $exception, $code) {
|
||||
Log::error($exception);
|
||||
Log::warning($exception);
|
||||
if(!App::runningInConsole()) {
|
||||
$checkpoint_service = ServiceLocator::getInstance()->getService(UtilsServiceCatalog::CheckPointService);
|
||||
if ($checkpoint_service) {
|
||||
|
|
@ -115,8 +113,29 @@ App::error(function (InvalidOpenIdMessageException $exception, $code) {
|
|||
}
|
||||
});
|
||||
|
||||
App::error(function(\Symfony\Component\HttpKernel\Exception\NotFoundHttpException $exception, $code){
|
||||
Log::warning($exception);
|
||||
if(!App::runningInConsole()) {
|
||||
return Response::view('404', array(), 404);
|
||||
}
|
||||
});
|
||||
|
||||
App::error(function(\Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException $exception, $code){
|
||||
Log::warning($exception);
|
||||
if(!App::runningInConsole()) {
|
||||
return Response::view('404', array(), 404);
|
||||
}
|
||||
});
|
||||
|
||||
App::error(function(Illuminate\Session\TokenMismatchException $exception, $code){
|
||||
Log::warning($exception);
|
||||
if(!App::runningInConsole()) {
|
||||
return Response::view('404', array(), 404);
|
||||
}
|
||||
});
|
||||
|
||||
App::error(function (InvalidOAuth2Request $exception, $code) {
|
||||
Log::error($exception);
|
||||
Log::warning($exception);
|
||||
if(!App::runningInConsole()) {
|
||||
$checkpoint_service = ServiceLocator::getInstance()->getService(UtilsServiceCatalog::CheckPointService);
|
||||
if ($checkpoint_service) {
|
||||
|
|
@ -126,8 +145,6 @@ App::error(function (InvalidOAuth2Request $exception, $code) {
|
|||
}
|
||||
});
|
||||
|
||||
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Maintenance Mode Handler
|
||||
|
|
|
|||
|
|
@ -365,6 +365,44 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest
|
|||
|
||||
}
|
||||
|
||||
public function testAuthenticationSetupModeSessionAssociationDHSha1InvalidParamsFromWWWSite()
|
||||
{
|
||||
|
||||
$params = array(
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType,
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_Mode) => OpenIdProtocol::AssociateMode,
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_AssocType) => OpenIdProtocol::SignatureAlgorithmHMAC_SHA1,
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_SessionType) => OpenIdProtocol::AssociationSessionTypeDHSHA1,
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIdProtocol_DHGen) => 'AQ==',
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIdProtocol_DHModulus) => 'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=',
|
||||
OpenIdProtocol::param(OpenIdProtocol::OpenIdProtocol_DHConsumerPublic) => 'AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=',
|
||||
);
|
||||
|
||||
$response = $this->action("POST", "OpenIdProviderController@endpoint", $params);
|
||||
|
||||
$this->assertResponseStatus(400);
|
||||
}
|
||||
|
||||
public function testAuthenticationInvalidParamsFromWWWSite()
|
||||
{
|
||||
|
||||
$params = array(
|
||||
'openid_ns' => 'http://specs.openid.net/auth/2.0',
|
||||
'openid_ns_sreg' => 'http://openid.net/extensions/sreg/1.1',
|
||||
'openid_sreg_required' => 'email,fullname',
|
||||
'openid_sreg_optional' => 'country,language',
|
||||
'openid_realm' => '../index.html',
|
||||
'openid_mode' => 'checkid_setup',
|
||||
'openid_return_to' => 'badlogin.html?url=/OpenStackIdAuthenticator&BackURL=%2Fsummit%2Faustin-2016%2Fcall-for-speakers%2Fshow%2F8234',
|
||||
'openid_identity' => 'http://specs.openid.net/auth/2.0/identifier_select',
|
||||
'openid_claimed_id' => 'http://specs.openid.net/auth/2.0/identifier_select',
|
||||
);
|
||||
|
||||
$response = $this->action("POST", "OpenIdProviderController@endpoint", $params);
|
||||
|
||||
$this->assertResponseStatus(400);
|
||||
}
|
||||
|
||||
public function testAuthenticationCheckImmediateAuthenticationPrivateSession()
|
||||
{
|
||||
//set login info
|
||||
|
|
|
|||
Loading…
Reference in New Issue