Skip to content

Commit

Permalink
Improve logs for splunk log chaining
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gcolon021
Gcolon021 committed Aug 14, 2024
1 parent cfdafd6 commit ca691a2
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 10 deletions.
9 changes: 6 additions & 3 deletions ...ces/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/impl/RASPassPortService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ public void init() {
public void validateAllUserPassports() {
Set<User> allUsersWithAPassport = this.userService.getAllUsersWithAPassport();
allUsersWithAPassport.parallelStream().forEach(user -> {
logger.info("validateAllUserPassports() ATTEMPTING TO VALIDATE PASSPORT___ USER {}", user.getSubject());
if (StringUtils.isBlank(user.getPassport())) {
logger.error("NO PASSPORT FOUND ___ uSER {}", user.getSubject());
return;
Expand All @@ -67,7 +68,7 @@ public void validateAllUserPassports() {
String encodedPassport = user.getPassport();
Optional<Passport> passportOptional = JWTUtil.parsePassportJWTV11(encodedPassport);
if (passportOptional.isEmpty()) {
logger.error("fAILED TO DECODE PASSPORT ___ USER: {}", user.getEmail());
logger.error("fAILED TO DECODE PASSPORT ___ USER: {}", user.getSubject());
user.setPassport(null);
userService.save(user);
userService.logoutUser(user);
Expand All @@ -78,7 +79,7 @@ public void validateAllUserPassports() {
for (String visa : ga4ghPassportV1) {
Optional<Ga4ghPassportV1> parsedVisa = JWTUtil.parseGa4ghPassportV1(visa);
if (parsedVisa.isEmpty()) {
logger.error("validatePassport() ga4ghPassportV1 is empty");
logger.error("validatePassport() ga4ghPassportV1 PASSPORT VISA IS EMPTY ___ USER {}", user.getSubject());
return;
}

Expand All @@ -89,8 +90,10 @@ public void validateAllUserPassports() {
if (response.isPresent()) {
boolean successfullyUpdated = handlePassportValidationResponse(response.get(), user);
if (!successfullyUpdated) {
logger.info("PASSPORT IS NO LONGER VALID ___ USER {} ___ USER LOGGED OUT", user.getSubject());
logger.info("PASSPORT VALIDATION COMPLETE __ PASSPORT IS NO LONGER VALID ___ USER {} ___ USER LOGGED OUT", user.getSubject());
break;
} else {
logger.info("PASSPORT VALIDATION COMPLETE __ PASSPORT IS VALID ___ USER {}", user.getSubject());
}
}
}
Expand Down
19 changes: 12 additions & 7 deletions .../harvard/hms/dbmi/avillach/auth/service/impl/authentication/RASAuthenticationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,37 +107,42 @@ public HashMap<String, String> authenticate(Map<String, String> authRequest, Str
User user = initializedUser.get();
Optional<Passport> rasPassport = this.rasPassPortService.extractPassport(introspectResponse);
if (rasPassport.isEmpty()) {
logger.info("LOGIN FAILED ___ NO RAS PASSPORT FOUND ___");
logger.info("LOGIN FAILED ___ NO RAS PASSPORT FOUND ___ USER: {} ___ CODE {}", user.getSubject(), authRequest.get("code"));
return null;
}

if (rasPassPortService.isExpired(rasPassport.get())) {
logger.error("validateRASPassport() LOGIN FAILED ___ PASSPORT IS EXPIRED ___ USER: {}", user.getSubject());
logger.error("validateRASPassport() LOGIN FAILED ___ PASSPORT IS EXPIRED ___ USER: {} ___ CODE {}", user.getSubject(), authRequest.get("code"));
return null;
}

if (!rasPassport.get().getIss().equals(this.rasPassportIssuer)) {
logger.error("validateRASPassport() LOGIN FAILED ___ PASSPORT ISSUER IS NOT CORRECT ___ USER: {} ___ " +
"EXPECTED ISSUER {} ___ ACTUAL ISSUER {}", user.getSubject(), this.rasPassportIssuer, rasPassport.get().getIss());
"EXPECTED ISSUER {} ___ ACTUAL ISSUER {} ___ CODE {}",
user.getSubject(), this.rasPassportIssuer, rasPassport.get().getIss(), authRequest.get("code"));
return null;
}

logger.info("RAS PASSPORT FOUND ___ USER: {} ___ PASSPORT: {}", user.getSubject(), rasPassport.get());
logger.info("RAS PASSPORT FOUND ___ USER: {} ___ PASSPORT: {} ___ CODE {}", user.getSubject(), rasPassport.get(), authRequest.get("code"));

Set<RasDbgapPermission> dbgapPermissions = this.rasPassPortService.ga4gpPassportToRasDbgapPermissions(rasPassport.get().getGa4ghPassportV1());
Optional<Set<String>> dbgapRoleNames = this.roleService.getRoleNamesForDbgapPermissions(dbgapPermissions);
if (dbgapRoleNames.isPresent()) {
user = userService.updateUserRoles(user, dbgapRoleNames.get());
logger.debug("USER {} ROLES UPDATED {}", user.getSubject(), user.getRoles().stream().map(role -> role.getName().replace("MANAGED_", "")).toArray());
logger.debug("USER {} ROLES UPDATED {} ___ CODE {}",
user.getSubject(),
user.getRoles().stream().map(role -> role.getName().replace("MANAGED_", "")).toArray(),
authRequest.get("code"));
}

String passport = introspectResponse.get("passport_jwt_v11").toString();
user.setPassport(passport);
logger.info("RAS PASSPORT SUCCESSFULLY ADDED TO USER: {}", user.getSubject());
logger.info("RAS PASSPORT SUCCESSFULLY ADDED TO USER: {} ___ CODE {}", user.getSubject(), authRequest.get("code"));
userService.save(user);
HashMap<String, String> responseMap = createUserClaims(user, idToken);
responseMap.put("oktaIdToken", idToken);
logger.info("LOGIN SUCCESS ___ USER {}:{} ___ AUTHORIZATION WILL EXPIRE AT ___ {}___", user.getSubject(), user.getUuid().toString(), responseMap.get("expirationDate"));
logger.info("LOGIN SUCCESS ___ USER {}:{} ___ AUTHORIZATION WILL EXPIRE AT ___ {} ___ CODE {}",
user.getSubject(), user.getUuid().toString(), responseMap.get("expirationDate"), authRequest.get("code"));
return responseMap;
}

Expand Down

0 comments on commit ca691a2

Please # to comment.