Skip to content

Commit

Permalink
Merge pull request #885 from nextcloud/fix/log-acs
Browse files Browse the repository at this point in the history
fix: Add more logging to the saml/acs endpoint
  • Loading branch information
blizzz authored Oct 8, 2024
2 parents 4ea5899 + e72ad44 commit a8139e3
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions lib/Controller/SAMLController.php
Original file line number Diff line number Diff line change
Expand Up @@ -361,19 +361,20 @@ public function assertionConsumerService(): Http\RedirectResponse {
$response->invalidateCookie('saml_data');
return $response;
}
$this->logger->debug('Authentication successful', ['app' => 'user_saml']);

// Check whether the user actually exists, if not redirect to an error page
// explaining the issue.
try {
$this->userData->setAttributes($auth->getAttributes());
$this->autoprovisionIfPossible();
} catch (NoUserFoundException $e) {
$this->logger->error($e->getMessage(), ['app' => $this->appName]);
$this->logger->error($e->getMessage(), ['app' => $this->appName, 'exception' => $e]);
$response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned'));
$response->invalidateCookie('saml_data');
return $response;
} catch (UserFilterViolationException $e) {
$this->logger->error($e->getMessage(), ['app' => $this->appName]);
$this->logger->error($e->getMessage(), ['app' => $this->appName, 'exception' => $e]);
$response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notPermitted'));
$response->invalidateCookie('saml_data');
return $response;
Expand All @@ -386,6 +387,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
$this->session->set('user_saml.samlNameIdSPNameQualifier', $auth->getNameIdSPNameQualifier());
$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
$this->logger->debug('Session values set', ['app' => 'user_saml']);
try {
$user = $this->userResolver->findExistingUser($this->userBackend->getCurrentUserId());
$firstLogin = $user->updateLastLoginTimestamp();
Expand All @@ -400,6 +402,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
$response->invalidateCookie('saml_data');
return $response;
}
$this->logger->debug('User found, last login timestamp updated', ['app' => 'user_saml']);

$originalUrl = $data['RelayState'] ?? $data['OriginalUrl'];
if ($originalUrl !== null && $originalUrl !== '') {
Expand Down

0 comments on commit a8139e3

Please # to comment.