Refactoring error logging.

This commit is contained in:
juanifioren 2015-06-19 17:46:00 -03:00
parent 56ca4930b8
commit 68b4847219
4 changed files with 33 additions and 20 deletions

View file

@ -5,6 +5,7 @@ from oidc_provider.lib.utils.params import *
from oidc_provider.lib.utils.token import * from oidc_provider.lib.utils.token import *
from oidc_provider.models import * from oidc_provider.models import *
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -56,9 +57,11 @@ class AuthorizeEndpoint(object):
def validate_params(self): def validate_params(self):
if not self.params.redirect_uri: if not self.params.redirect_uri:
logger.error('[Authorize] Missing redirect uri.')
raise RedirectUriError() raise RedirectUriError()
if not ('openid' in self.params.scope): if not ('openid' in self.params.scope):
logger.error('[Authorize] Missing openid scope.')
raise AuthorizeError( raise AuthorizeError(
self.params.redirect_uri, self.params.redirect_uri,
'invalid_scope', 'invalid_scope',
@ -68,16 +71,18 @@ class AuthorizeEndpoint(object):
self.client = Client.objects.get(client_id=self.params.client_id) self.client = Client.objects.get(client_id=self.params.client_id)
if not (self.params.redirect_uri in self.client.redirect_uris): if not (self.params.redirect_uri in self.client.redirect_uris):
logger.error('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri)
raise RedirectUriError() raise RedirectUriError()
if not self.grant_type or not (self.params.response_type == self.client.response_type): if not self.grant_type or not (self.params.response_type == self.client.response_type):
logger.error('[Authorize] Invalid response type: %s', self.params.response_type)
raise AuthorizeError( raise AuthorizeError(
self.params.redirect_uri, self.params.redirect_uri,
'unsupported_response_type', 'unsupported_response_type',
self.grant_type) self.grant_type)
except Client.DoesNotExist: except Client.DoesNotExist:
logger.error('[Authorize] Invalid client identifier: %s', self.params.client_id)
raise ClientIdError() raise ClientIdError()
def create_response_uri(self): def create_response_uri(self):
@ -122,11 +127,8 @@ class AuthorizeEndpoint(object):
# add access_token to the fragment. # add access_token to the fragment.
if self.params.response_type == 'id_token token': if self.params.response_type == 'id_token token':
uri += '&access_token={0}'.format(token.access_token) uri += '&access_token={0}'.format(token.access_token)
except: except Exception as error:
logger.error('Authorization server error, grant_type: %s' %self.grant_type, extra={ logger.error('[Authorize] Error when trying to create response uri: %s', error)
'redirect_uri': self.redirect_uri,
'state': self.params.state
})
raise AuthorizeError( raise AuthorizeError(
self.params.redirect_uri, self.params.redirect_uri,
'server_error', 'server_error',

View file

@ -9,8 +9,10 @@ from oidc_provider.lib.utils.token import *
from oidc_provider.models import * from oidc_provider.models import *
from oidc_provider import settings from oidc_provider import settings
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
class TokenEndpoint(object): class TokenEndpoint(object):
def __init__(self, request): def __init__(self, request):
@ -18,11 +20,6 @@ class TokenEndpoint(object):
self.params = Params() self.params = Params()
self._extract_params() self._extract_params()
logger.debug('Request %s', self.request)
logger.debug('TokenEndPoint request.POST --> : %s', self.request.POST)
logger.debug('TokenEndpoint request.GET --> : %s', self.request.GET)
logger.debug('TokenEndPoint extract_params --> : %s', self.params.__dict__)
def _extract_params(self): def _extract_params(self):
query_dict = self.request.POST query_dict = self.request.POST
@ -36,31 +33,35 @@ class TokenEndpoint(object):
def validate_params(self): def validate_params(self):
if not (self.params.grant_type == 'authorization_code'): if not (self.params.grant_type == 'authorization_code'):
logger.error('Unsupported grant type: --> : %s', self.params.grant_type) logger.error('[Token] Invalid grant type: %s', self.params.grant_type)
raise TokenError('unsupported_grant_type') raise TokenError('unsupported_grant_type')
try: try:
self.client = Client.objects.get(client_id=self.params.client_id) self.client = Client.objects.get(client_id=self.params.client_id)
if not (self.client.client_secret == self.params.client_secret): if not (self.client.client_secret == self.params.client_secret):
logger.error('Invalid client, client secret -->: %s', self.params.client_secret) logger.error('[Token] Invalid client secret: client %s do not have secret %s',
self.client.client_id, self.client.client_secret)
raise TokenError('invalid_client') raise TokenError('invalid_client')
if not (self.params.redirect_uri in self.client.redirect_uris): if not (self.params.redirect_uri in self.client.redirect_uris):
logger.error('Invalid client, redirect_uri --> : %s', self.params.redirect_uri) logger.error('[Token] Invalid redirect uri: %s', self.params.redirect_uri)
raise TokenError('invalid_client') raise TokenError('invalid_client')
self.code = Code.objects.get(code=self.params.code) self.code = Code.objects.get(code=self.params.code)
if not (self.code.client == self.client) \ if not (self.code.client == self.client) \
or self.code.has_expired(): or self.code.has_expired():
logger.error('Invalid grant, code client --> %s', self.code.client) logger.error('[Token] Invalid code: invalid client or code has expired',
self.params.redirect_uri)
raise TokenError('invalid_grant') raise TokenError('invalid_grant')
except Client.DoesNotExist: except Client.DoesNotExist:
logger.error('[Token] Client does not exist: %s', self.params.client_id)
raise TokenError('invalid_client') raise TokenError('invalid_client')
except Code.DoesNotExist: except Code.DoesNotExist:
logger.error('[Token] Code does not exist: %s', self.params.code)
raise TokenError('invalid_grant') raise TokenError('invalid_grant')
def create_response_dic(self): def create_response_dic(self):
@ -88,7 +89,7 @@ class TokenEndpoint(object):
'expires_in': settings.get('OIDC_TOKEN_EXPIRE'), 'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
'id_token': id_token, 'id_token': id_token,
} }
logger.debug('Response dictionary --> : %s', dic)
return dic return dic
@classmethod @classmethod
@ -100,6 +101,4 @@ class TokenEndpoint(object):
response['Cache-Control'] = 'no-store' response['Cache-Control'] = 'no-store'
response['Pragma'] = 'no-cache' response['Pragma'] = 'no-cache'
logger.debug('JSON Response --> : %s', response.__dict__)
return response return response

View file

@ -1,4 +1,5 @@
import re import re
import logging
from django.http import HttpResponse from django.http import HttpResponse
from django.http import JsonResponse from django.http import JsonResponse
@ -10,6 +11,9 @@ from oidc_provider.models import *
from oidc_provider import settings from oidc_provider import settings
logger = logging.getLogger(__name__)
class UserInfoEndpoint(object): class UserInfoEndpoint(object):
def __init__(self, request): def __init__(self, request):
@ -43,12 +47,15 @@ class UserInfoEndpoint(object):
self.token = Token.objects.get(access_token=self.params.access_token) self.token = Token.objects.get(access_token=self.params.access_token)
if self.token.has_expired(): if self.token.has_expired():
logger.error('[UserInfo] Token has expired: %s', self.params.access_token)
raise UserInfoError('invalid_token') raise UserInfoError('invalid_token')
if not ('openid' in self.token.scope): if not ('openid' in self.token.scope):
logger.error('[UserInfo] Missing openid scope.')
raise UserInfoError('insufficient_scope') raise UserInfoError('insufficient_scope')
except Token.DoesNotExist: except Token.DoesNotExist:
logger.error('[UserInfo] Token does not exist: %s', self.params.access_token)
raise UserInfoError('invalid_token') raise UserInfoError('invalid_token')
def create_response_dic(self): def create_response_dic(self):

View file

@ -1,3 +1,5 @@
import logging
from django.contrib.auth.views import redirect_to_login from django.contrib.auth.views import redirect_to_login
from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
from django.shortcuts import render from django.shortcuts import render
@ -12,6 +14,9 @@ from oidc_provider.lib.endpoints.userinfo import *
from oidc_provider.lib.errors import * from oidc_provider.lib.errors import *
logger = logging.getLogger(__name__)
class AuthorizeView(View): class AuthorizeView(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):