Refactoring error logging.

2015-06-19 17:46:00 -03:00 · 2015-06-19 17:46:00 -03:00 · 68b4847219
parent 56ca4930b8
commit 68b4847219
4 changed files with 33 additions and 20 deletions
--- a/oidc_provider/lib/endpoints/authorize.py
+++ b/oidc_provider/lib/endpoints/authorize.py
@ -5,6 +5,7 @@ from oidc_provider.lib.utils.params import *
 from oidc_provider.lib.utils.token import *
 from oidc_provider.models import *

+
 logger = logging.getLogger(__name__)


@ -56,9 +57,11 @@ class AuthorizeEndpoint(object):
    def validate_params(self):

        if not self.params.redirect_uri:
+            logger.error('[Authorize] Missing redirect uri.')
            raise RedirectUriError()

        if not ('openid' in self.params.scope):
+            logger.error('[Authorize] Missing openid scope.')
            raise AuthorizeError(
                self.params.redirect_uri,
                'invalid_scope',
@ -68,16 +71,18 @@ class AuthorizeEndpoint(object):
            self.client = Client.objects.get(client_id=self.params.client_id)

            if not (self.params.redirect_uri in self.client.redirect_uris):
+                logger.error('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri)
                raise RedirectUriError()

            if not self.grant_type or not (self.params.response_type == self.client.response_type):
-
+                logger.error('[Authorize] Invalid response type: %s', self.params.response_type)
                raise AuthorizeError(
                    self.params.redirect_uri,
                    'unsupported_response_type',
                    self.grant_type)

        except Client.DoesNotExist:
+            logger.error('[Authorize] Invalid client identifier: %s', self.params.client_id)
            raise ClientIdError()

    def create_response_uri(self):
@ -122,11 +127,8 @@ class AuthorizeEndpoint(object):
                # add access_token to the fragment.
                if self.params.response_type == 'id_token token':
                    uri += '&access_token={0}'.format(token.access_token)
-        except:
-            logger.error('Authorization server error, grant_type: %s' %self.grant_type, extra={
-                'redirect_uri': self.redirect_uri,
-                'state': self.params.state
-            })
+        except Exception as error:
+            logger.error('[Authorize] Error when trying to create response uri: %s', error)
            raise AuthorizeError(
                self.params.redirect_uri,
                'server_error',
--- a/oidc_provider/lib/endpoints/token.py
+++ b/oidc_provider/lib/endpoints/token.py
@ -9,8 +9,10 @@ from oidc_provider.lib.utils.token import *
 from oidc_provider.models import *
 from oidc_provider import settings

+
 logger = logging.getLogger(__name__)

+
 class TokenEndpoint(object):

    def __init__(self, request):
@ -18,11 +20,6 @@ class TokenEndpoint(object):
        self.params = Params()
        self._extract_params()

-        logger.debug('Request %s', self.request)
-        logger.debug('TokenEndPoint request.POST --> : %s', self.request.POST)
-        logger.debug('TokenEndpoint request.GET --> : %s', self.request.GET)
-        logger.debug('TokenEndPoint extract_params --> : %s', self.params.__dict__)
-
    def _extract_params(self):
        query_dict = self.request.POST

@ -36,31 +33,35 @@ class TokenEndpoint(object):

    def validate_params(self):
        if not (self.params.grant_type == 'authorization_code'):
-            logger.error('Unsupported grant type: --> : %s', self.params.grant_type)
+            logger.error('[Token] Invalid grant type: %s', self.params.grant_type)
            raise TokenError('unsupported_grant_type')

        try:
            self.client = Client.objects.get(client_id=self.params.client_id)

            if not (self.client.client_secret == self.params.client_secret):
-                logger.error('Invalid client, client secret -->: %s', self.params.client_secret)
+                logger.error('[Token] Invalid client secret: client %s do not have secret %s',
+                             self.client.client_id, self.client.client_secret)
                raise TokenError('invalid_client')

            if not (self.params.redirect_uri in self.client.redirect_uris):
-                logger.error('Invalid client, redirect_uri --> : %s', self.params.redirect_uri)
+                logger.error('[Token] Invalid redirect uri: %s', self.params.redirect_uri)
                raise TokenError('invalid_client')

            self.code = Code.objects.get(code=self.params.code)

            if not (self.code.client == self.client) \
               or self.code.has_expired():
-                logger.error('Invalid grant, code client --> %s', self.code.client)
+                logger.error('[Token] Invalid code: invalid client or code has expired',
+                             self.params.redirect_uri)
                raise TokenError('invalid_grant')

        except Client.DoesNotExist:
+            logger.error('[Token] Client does not exist: %s', self.params.client_id)
            raise TokenError('invalid_client')

        except Code.DoesNotExist:
+            logger.error('[Token] Code does not exist: %s', self.params.code)
            raise TokenError('invalid_grant')

    def create_response_dic(self):
@ -88,7 +89,7 @@ class TokenEndpoint(object):
            'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
            'id_token': id_token,
        }
-        logger.debug('Response dictionary --> : %s', dic)
+
        return dic

    @classmethod
@ -100,6 +101,4 @@ class TokenEndpoint(object):
        response['Cache-Control'] = 'no-store'
        response['Pragma'] = 'no-cache'

-        logger.debug('JSON Response --> : %s', response.__dict__)
-
        return response
--- a/oidc_provider/lib/endpoints/userinfo.py
+++ b/oidc_provider/lib/endpoints/userinfo.py
@ -1,4 +1,5 @@
 import re
+import logging

 from django.http import HttpResponse
 from django.http import JsonResponse
@ -10,6 +11,9 @@ from oidc_provider.models import *
 from oidc_provider import settings


+logger = logging.getLogger(__name__)
+
+
 class UserInfoEndpoint(object):

    def __init__(self, request):
@ -43,12 +47,15 @@ class UserInfoEndpoint(object):
            self.token = Token.objects.get(access_token=self.params.access_token)

            if self.token.has_expired():
+                logger.error('[UserInfo] Token has expired: %s', self.params.access_token)
                raise UserInfoError('invalid_token')

            if not ('openid' in self.token.scope):
+                logger.error('[UserInfo] Missing openid scope.')
                raise UserInfoError('insufficient_scope')

        except Token.DoesNotExist:
+            logger.error('[UserInfo] Token does not exist: %s', self.params.access_token)
            raise UserInfoError('invalid_token')

    def create_response_dic(self):
@ -86,4 +93,4 @@ class UserInfoEndpoint(object):
        response = HttpResponse(status=status)
        response['WWW-Authenticate'] = 'error="{0}", error_description="{1}"'.format(code, description)

-        return response
+        return response
--- a/oidc_provider/views.py
+++ b/oidc_provider/views.py
@ -1,3 +1,5 @@
+import logging
+
 from django.contrib.auth.views import redirect_to_login
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import render
@ -12,6 +14,9 @@ from oidc_provider.lib.endpoints.userinfo import *
 from oidc_provider.lib.errors import *


+logger = logging.getLogger(__name__)
+
+
 class AuthorizeView(View):

    def get(self, request, *args, **kwargs):
@ -134,4 +139,4 @@ class ProviderInfoView(View):

        dic = ProviderInfoEndpoint.create_response_dic()

-        return JsonResponse(dic)
+        return JsonResponse(dic)