From 68b484721902ec555737d8ee060332c144342a33 Mon Sep 17 00:00:00 2001 From: juanifioren Date: Fri, 19 Jun 2015 17:46:00 -0300 Subject: [PATCH] Refactoring error logging. --- oidc_provider/lib/endpoints/authorize.py | 14 ++++++++------ oidc_provider/lib/endpoints/token.py | 23 +++++++++++------------ oidc_provider/lib/endpoints/userinfo.py | 9 ++++++++- oidc_provider/views.py | 7 ++++++- 4 files changed, 33 insertions(+), 20 deletions(-) diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py index 0ae86d9..b057a1d 100644 --- a/oidc_provider/lib/endpoints/authorize.py +++ b/oidc_provider/lib/endpoints/authorize.py @@ -5,6 +5,7 @@ from oidc_provider.lib.utils.params import * from oidc_provider.lib.utils.token import * from oidc_provider.models import * + logger = logging.getLogger(__name__) @@ -56,9 +57,11 @@ class AuthorizeEndpoint(object): def validate_params(self): if not self.params.redirect_uri: + logger.error('[Authorize] Missing redirect uri.') raise RedirectUriError() if not ('openid' in self.params.scope): + logger.error('[Authorize] Missing openid scope.') raise AuthorizeError( self.params.redirect_uri, 'invalid_scope', @@ -68,16 +71,18 @@ class AuthorizeEndpoint(object): self.client = Client.objects.get(client_id=self.params.client_id) if not (self.params.redirect_uri in self.client.redirect_uris): + logger.error('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri) raise RedirectUriError() if not self.grant_type or not (self.params.response_type == self.client.response_type): - + logger.error('[Authorize] Invalid response type: %s', self.params.response_type) raise AuthorizeError( self.params.redirect_uri, 'unsupported_response_type', self.grant_type) except Client.DoesNotExist: + logger.error('[Authorize] Invalid client identifier: %s', self.params.client_id) raise ClientIdError() def create_response_uri(self): @@ -122,11 +127,8 @@ class AuthorizeEndpoint(object): # add access_token to the fragment. if self.params.response_type == 'id_token token': uri += '&access_token={0}'.format(token.access_token) - except: - logger.error('Authorization server error, grant_type: %s' %self.grant_type, extra={ - 'redirect_uri': self.redirect_uri, - 'state': self.params.state - }) + except Exception as error: + logger.error('[Authorize] Error when trying to create response uri: %s', error) raise AuthorizeError( self.params.redirect_uri, 'server_error', diff --git a/oidc_provider/lib/endpoints/token.py b/oidc_provider/lib/endpoints/token.py index ef05ec4..34fa7e7 100644 --- a/oidc_provider/lib/endpoints/token.py +++ b/oidc_provider/lib/endpoints/token.py @@ -9,8 +9,10 @@ from oidc_provider.lib.utils.token import * from oidc_provider.models import * from oidc_provider import settings + logger = logging.getLogger(__name__) + class TokenEndpoint(object): def __init__(self, request): @@ -18,11 +20,6 @@ class TokenEndpoint(object): self.params = Params() self._extract_params() - logger.debug('Request %s', self.request) - logger.debug('TokenEndPoint request.POST --> : %s', self.request.POST) - logger.debug('TokenEndpoint request.GET --> : %s', self.request.GET) - logger.debug('TokenEndPoint extract_params --> : %s', self.params.__dict__) - def _extract_params(self): query_dict = self.request.POST @@ -36,31 +33,35 @@ class TokenEndpoint(object): def validate_params(self): if not (self.params.grant_type == 'authorization_code'): - logger.error('Unsupported grant type: --> : %s', self.params.grant_type) + logger.error('[Token] Invalid grant type: %s', self.params.grant_type) raise TokenError('unsupported_grant_type') try: self.client = Client.objects.get(client_id=self.params.client_id) if not (self.client.client_secret == self.params.client_secret): - logger.error('Invalid client, client secret -->: %s', self.params.client_secret) + logger.error('[Token] Invalid client secret: client %s do not have secret %s', + self.client.client_id, self.client.client_secret) raise TokenError('invalid_client') if not (self.params.redirect_uri in self.client.redirect_uris): - logger.error('Invalid client, redirect_uri --> : %s', self.params.redirect_uri) + logger.error('[Token] Invalid redirect uri: %s', self.params.redirect_uri) raise TokenError('invalid_client') self.code = Code.objects.get(code=self.params.code) if not (self.code.client == self.client) \ or self.code.has_expired(): - logger.error('Invalid grant, code client --> %s', self.code.client) + logger.error('[Token] Invalid code: invalid client or code has expired', + self.params.redirect_uri) raise TokenError('invalid_grant') except Client.DoesNotExist: + logger.error('[Token] Client does not exist: %s', self.params.client_id) raise TokenError('invalid_client') except Code.DoesNotExist: + logger.error('[Token] Code does not exist: %s', self.params.code) raise TokenError('invalid_grant') def create_response_dic(self): @@ -88,7 +89,7 @@ class TokenEndpoint(object): 'expires_in': settings.get('OIDC_TOKEN_EXPIRE'), 'id_token': id_token, } - logger.debug('Response dictionary --> : %s', dic) + return dic @classmethod @@ -100,6 +101,4 @@ class TokenEndpoint(object): response['Cache-Control'] = 'no-store' response['Pragma'] = 'no-cache' - logger.debug('JSON Response --> : %s', response.__dict__) - return response diff --git a/oidc_provider/lib/endpoints/userinfo.py b/oidc_provider/lib/endpoints/userinfo.py index 77f5e7a..9a67c89 100644 --- a/oidc_provider/lib/endpoints/userinfo.py +++ b/oidc_provider/lib/endpoints/userinfo.py @@ -1,4 +1,5 @@ import re +import logging from django.http import HttpResponse from django.http import JsonResponse @@ -10,6 +11,9 @@ from oidc_provider.models import * from oidc_provider import settings +logger = logging.getLogger(__name__) + + class UserInfoEndpoint(object): def __init__(self, request): @@ -43,12 +47,15 @@ class UserInfoEndpoint(object): self.token = Token.objects.get(access_token=self.params.access_token) if self.token.has_expired(): + logger.error('[UserInfo] Token has expired: %s', self.params.access_token) raise UserInfoError('invalid_token') if not ('openid' in self.token.scope): + logger.error('[UserInfo] Missing openid scope.') raise UserInfoError('insufficient_scope') except Token.DoesNotExist: + logger.error('[UserInfo] Token does not exist: %s', self.params.access_token) raise UserInfoError('invalid_token') def create_response_dic(self): @@ -86,4 +93,4 @@ class UserInfoEndpoint(object): response = HttpResponse(status=status) response['WWW-Authenticate'] = 'error="{0}", error_description="{1}"'.format(code, description) - return response \ No newline at end of file + return response diff --git a/oidc_provider/views.py b/oidc_provider/views.py index 85f783f..e49a81f 100644 --- a/oidc_provider/views.py +++ b/oidc_provider/views.py @@ -1,3 +1,5 @@ +import logging + from django.contrib.auth.views import redirect_to_login from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.shortcuts import render @@ -12,6 +14,9 @@ from oidc_provider.lib.endpoints.userinfo import * from oidc_provider.lib.errors import * +logger = logging.getLogger(__name__) + + class AuthorizeView(View): def get(self, request, *args, **kwargs): @@ -134,4 +139,4 @@ class ProviderInfoView(View): dic = ProviderInfoEndpoint.create_response_dic() - return JsonResponse(dic) \ No newline at end of file + return JsonResponse(dic)