topaLE
/
ghostfolio
mirror of https://github.com/ghostfolio/ghostfolio
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove logging

pull/6075/head
Germán Martín 2 weeks ago
parent
970566aca1
commit
ac2836bd26
4 changed files with 1 additions and 100 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      apps/api/src/app/auth/auth.controller.ts
  2. 35
      apps/api/src/app/auth/auth.service.ts
  3. 33
      apps/api/src/app/auth/oidc-state.store.ts
  4. 10
      apps/api/src/app/auth/oidc.strategy.ts

23
apps/api/src/app/auth/auth.controller.ts
View File

@ -16,7 +16,6 @@ import {
Logger, Logger,
Param, Param,
Post, Post,
Query,
Req, Req,
Res, Res,
UseGuards, UseGuards,
@ -107,7 +106,7 @@ export class AuthController {
@Get('oidc') @Get('oidc')
@UseGuards(AuthGuard('oidc')) @UseGuards(AuthGuard('oidc'))
@Version(VERSION_NEUTRAL) @Version(VERSION_NEUTRAL)
public oidcLogin(@Query('linkMode') linkMode: string) { public oidcLogin() {
if (!this.configurationService.get('ENABLE_FEATURE_AUTH_OIDC')) { if (!this.configurationService.get('ENABLE_FEATURE_AUTH_OIDC')) {
throw new HttpException( throw new HttpException(
getReasonPhrase(StatusCodes.FORBIDDEN), getReasonPhrase(StatusCodes.FORBIDDEN),
@ -117,15 +116,6 @@ export class AuthController {
// Link mode is handled automatically by OidcStateStore.store() // Link mode is handled automatically by OidcStateStore.store()
// which extracts the token from query params and validates it // which extracts the token from query params and validates it
if (linkMode === 'true') {
Logger.log(
'OIDC link mode requested - token validation handled by OidcStateStore',
'AuthController'
);
} else {
Logger.debug('OIDC normal login flow initiated', 'AuthController');
}
// The AuthGuard('oidc') handles the redirect to the OIDC provider // The AuthGuard('oidc') handles the redirect to the OIDC provider
} }
@ -141,11 +131,6 @@ export class AuthController {
// Check if this is a link mode callback // Check if this is a link mode callback
if (result.linkState?.linkMode) { if (result.linkState?.linkMode) {
Logger.log(
`OIDC callback: Link mode detected for user ${result.linkState.userId.substring(0, 8)}...`,
'AuthController'
);
try { try {
// Link the OIDC account to the existing user // Link the OIDC account to the existing user
await this.authService.linkOidcToUser( await this.authService.linkOidcToUser(
@ -153,11 +138,6 @@ export class AuthController {
result.thirdPartyId result.thirdPartyId
); );
Logger.log(
`OIDC callback: Successfully linked OIDC to user ${result.linkState.userId.substring(0, 8)}...`,
'AuthController'
);
// Redirect to account page with success message // Redirect to account page with success message
response.redirect( response.redirect(
`${rootUrl}/${DEFAULT_LANGUAGE_CODE}/account?linkSuccess=true` `${rootUrl}/${DEFAULT_LANGUAGE_CODE}/account?linkSuccess=true`
@ -188,7 +168,6 @@ export class AuthController {
} }
// Normal OIDC login flow // Normal OIDC login flow
Logger.debug('OIDC callback: Normal login flow', 'AuthController');
const jwt: string = result.jwt; const jwt: string = result.jwt;
if (jwt) { if (jwt) {

35
apps/api/src/app/auth/auth.service.ts
View File

@ -45,11 +45,6 @@ export class AuthService {
thirdPartyId thirdPartyId
}: ValidateOAuthLoginParams): Promise<string> { }: ValidateOAuthLoginParams): Promise<string> {
try { try {
Logger.debug(
`validateOAuthLogin: Validating login for provider ${provider}, thirdPartyId ${thirdPartyId?.substring(0, 8)}...`,
'AuthService'
);
// First, search by thirdPartyId only to support linked accounts // First, search by thirdPartyId only to support linked accounts
// (users with provider ANONYMOUS but with thirdPartyId set) // (users with provider ANONYMOUS but with thirdPartyId set)
let [user] = await this.userService.users({ let [user] = await this.userService.users({
@ -57,36 +52,19 @@ export class AuthService {
}); });
if (user) { if (user) {
Logger.log(
`validateOAuthLogin: Found existing user ${user.id.substring(0, 8)}... with provider ${user.provider} for thirdPartyId`,
'AuthService'
);
return this.jwtService.sign({ return this.jwtService.sign({
id: user.id id: user.id
}); });
} }
Logger.debug(
`validateOAuthLogin: No user found with thirdPartyId, checking if signup is enabled`,
'AuthService'
);
const isUserSignupEnabled = const isUserSignupEnabled =
await this.propertyService.isUserSignupEnabled(); await this.propertyService.isUserSignupEnabled();
if (!isUserSignupEnabled) { if (!isUserSignupEnabled) {
Logger.warn(
`validateOAuthLogin: Sign up is disabled, rejecting new user`,
'AuthService'
);
throw new Error('Sign up forbidden'); throw new Error('Sign up forbidden');
} }
// Create new user if not found // Create new user if not found
Logger.log(
`validateOAuthLogin: Creating new user with provider ${provider}`,
'AuthService'
);
user = await this.userService.createUser({ user = await this.userService.createUser({
data: { data: {
provider, provider,
@ -157,18 +135,10 @@ export class AuthService {
const user = await this.userService.user({ id: userId }); const user = await this.userService.user({ id: userId });
if (!user) { if (!user) {
Logger.error(
`linkOidcToUser: User ${userId.substring(0, 8)}... not found`,
'AuthService'
);
throw new Error('User not found'); throw new Error('User not found');
} }
if (user.provider !== 'ANONYMOUS') { if (user.provider !== 'ANONYMOUS') {
Logger.error(
`linkOidcToUser: User ${userId.substring(0, 8)}... has provider ${user.provider}, expected ANONYMOUS`,
'AuthService'
);
throw new Error('Only users with token authentication can link OIDC'); throw new Error('Only users with token authentication can link OIDC');
} }
@ -178,11 +148,6 @@ export class AuthService {
data: { thirdPartyId } data: { thirdPartyId }
}); });
Logger.log(
`linkOidcToUser: Successfully linked OIDC to user ${userId.substring(0, 8)}...`,
'AuthService'
);
return this.jwtService.sign({ id: userId }); return this.jwtService.sign({ id: userId });
} }
} }

33
apps/api/src/app/auth/oidc-state.store.ts
View File

@ -84,10 +84,6 @@ export class OidcStateStore {
linkMode: true, linkMode: true,
userId: decoded.id userId: decoded.id
}; };
Logger.log(
`Link mode validated for user ${decoded.id.substring(0, 8)}... from request`,
'OidcStateStore'
);
} }
} catch (error) { } catch (error) {
Logger.warn( Logger.warn(
@ -104,12 +100,6 @@ export class OidcStateStore {
} }
} }
const isLinkMode = linkState?.linkMode ?? false;
Logger.debug(
`Storing OIDC state with handle ${handle.substring(0, 8)}... (linkMode: ${isLinkMode})`,
'OidcStateStore'
);
this.stateMap.set(handle, { this.stateMap.set(handle, {
appState, appState,
ctx, ctx,
@ -146,19 +136,10 @@ export class OidcStateStore {
const data = this.stateMap.get(handle); const data = this.stateMap.get(handle);
if (!data) { if (!data) {
Logger.debug(
`OIDC state not found for handle ${handle.substring(0, 8)}...`,
'OidcStateStore'
);
return callback(null, undefined, undefined); return callback(null, undefined, undefined);
} }
if (Date.now() - data.timestamp > this.STATE_EXPIRY_MS) { if (Date.now() - data.timestamp > this.STATE_EXPIRY_MS) {
// State has expired
Logger.debug(
`OIDC state expired for handle ${handle.substring(0, 8)}...`,
'OidcStateStore'
);
this.stateMap.delete(handle); this.stateMap.delete(handle);
return callback(null, undefined, undefined); return callback(null, undefined, undefined);
} }
@ -166,19 +147,9 @@ export class OidcStateStore {
// Remove state after verification (one-time use) // Remove state after verification (one-time use)
this.stateMap.delete(handle); this.stateMap.delete(handle);
const isLinkMode = data.linkState?.linkMode ?? false;
Logger.debug(
`Verified OIDC state for handle ${handle.substring(0, 8)}... (linkMode: ${isLinkMode})`,
'OidcStateStore'
);
// Attach linkState directly to request object for retrieval in validate() // Attach linkState directly to request object for retrieval in validate()
if (data.linkState) { if (data.linkState) {
(req as any).oidcLinkState = data.linkState; (req as any).oidcLinkState = data.linkState;
Logger.log(
`Attached linkState to request for user ${data.linkState.userId.substring(0, 8)}...`,
'OidcStateStore'
);
} }
callback(null, data.ctx, data.appState); callback(null, data.ctx, data.appState);
@ -223,10 +194,6 @@ export class OidcStateStore {
*/ */
public setLinkStateForNextStore(linkState: OidcLinkState) { public setLinkStateForNextStore(linkState: OidcLinkState) {
this.pendingLinkState = linkState; this.pendingLinkState = linkState;
Logger.log(
`Link state prepared for user ${linkState.userId.substring(0, 8)}...`,
'OidcStateStore'
);
} }
/** /**

10
apps/api/src/app/auth/oidc.strategy.ts
View File

@ -44,7 +44,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
// Configure JWT secret for link mode validation // Configure JWT secret for link mode validation
if (options.jwtSecret) { if (options.jwtSecret) {
OidcStrategy.stateStore.setJwtSecret(options.jwtSecret); OidcStrategy.stateStore.setJwtSecret(options.jwtSecret);
Logger.debug('JWT secret configured for OIDC link mode', 'OidcStrategy');
} }
} }
@ -82,11 +81,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
| undefined; | undefined;
if (linkState?.linkMode) { if (linkState?.linkMode) {
Logger.log(
`OidcStrategy: Link mode detected for user ${linkState.userId.substring(0, 8)}...`,
'OidcStrategy'
);
// In link mode, we don't validate OAuth login (which would create a new user) // In link mode, we don't validate OAuth login (which would create a new user)
// Instead, we return the thirdPartyId for the controller to link // Instead, we return the thirdPartyId for the controller to link
return { return {
@ -96,10 +90,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
} }
// Normal OIDC login flow // Normal OIDC login flow
Logger.debug(
`OidcStrategy: Normal login flow for thirdPartyId ${thirdPartyId.substring(0, 8)}...`,
'OidcStrategy'
);
const jwt = await this.authService.validateOAuthLogin({ const jwt = await this.authService.validateOAuthLogin({
thirdPartyId, thirdPartyId,

Write Preview
Loading…
Cancel
Save