diff --git a/package.json b/package.json index 26e7dbb..c275fad 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/rpx-xui-node-lib", - "version": "2.29.2-output-stdout", + "version": "2.29.3-logging", "description": "Common nodejs library components for XUI", "main": "dist/index", "types": "dist/index.d.ts", diff --git a/src/auth/messaging.constants.ts b/src/auth/messaging.constants.ts index 3194d7a..a5e0f9a 100644 --- a/src/auth/messaging.constants.ts +++ b/src/auth/messaging.constants.ts @@ -1 +1 @@ -export const VERIFY_ERROR_MESSAGE_NO_ACCESS_ROLES = 'User does not have any access roles.' +export const VERIFY_ERROR_MESSAGE_NO_ACCESS_ROLES = 'User does not have any IDAM roles.' diff --git a/src/auth/models/strategy.class.ts b/src/auth/models/strategy.class.ts index e6d0240..d2504fe 100644 --- a/src/auth/models/strategy.class.ts +++ b/src/auth/models/strategy.class.ts @@ -105,7 +105,7 @@ export abstract class Strategy extends events.EventEmitter { resolve(true) }) } else { - this.logger.warn('resolved promise, state not saved') + this.logger.warn('resolved promise, no session key, state not saved') resolve(false) } }) @@ -123,13 +123,14 @@ export abstract class Strategy extends events.EventEmitter { state, } as any, (error: any, user: any, info: any) => { + this.logger.log('authenticate callback user', JSON.stringify(user)); /* istanbul ignore next */ if (error) { - this.logger.error('error => ', JSON.stringify(error)) + this.logger.error('authenticate callback error ', JSON.stringify(error)) } /* istanbul ignore next */ if (info) { - this.logger.info(info) + this.logger.info('authenticate callback',info) } /* istanbul ignore next */ if (!user) { @@ -140,7 +141,7 @@ export abstract class Strategy extends events.EventEmitter { )(req, res, next) /* istanbul ignore next */ } catch (error) { - this.logger.error(error, this.strategyName) + this.logger.error('authentication exception', error, this.strategyName) next(error) return Promise.reject(error) } @@ -196,13 +197,13 @@ export abstract class Strategy extends events.EventEmitter { } const redirect = req.query.redirect ? req.query.redirect : AUTH.ROUTE.LOGIN - this.logger.log('redirecting to => ', redirect) + this.logger.log('logout redirecting to ', redirect) // 401 is when no accessToken res.redirect(redirect as string) /* istanbul ignore next */ } catch (e) { - this.logger.error('error => ', e) + this.logger.error('logout exception ', e) res.status(401).redirect(AUTH.ROUTE.DEFAULT_REDIRECT) } this.logger.log('logout end') @@ -262,7 +263,7 @@ export abstract class Strategy extends events.EventEmitter { /* istanbul ignore next */ public callbackHandler = (req: Request, res: Response, next: NextFunction): void => { - this.logger.log('inside callbackHandler') + this.logger.log('inside callbackHandler for ', req.originalUrl); const INVALID_STATE_ERROR = 'Invalid authorization request state.' const reqSession = req.session as MySessionData @@ -284,8 +285,7 @@ export abstract class Strategy extends events.EventEmitter { } as any, (error: any, user: any, info: any) => { const errorMessages: string[] = [] - this.logger.log('inside passport authenticate') - + this.logger.log('in passport authenticate callback') if (error) { switch (error.name) { case 'TimeoutError': @@ -305,8 +305,7 @@ export abstract class Strategy extends events.EventEmitter { if (info.message === INVALID_STATE_ERROR) { errorMessages.push(INVALID_STATE_ERROR) } - - this.logger.info(info) + this.logger.info('callbackHandler authenticate info', info) } if (!user) { @@ -315,9 +314,9 @@ export abstract class Strategy extends events.EventEmitter { this.logger.log(message) emitAuthenticationFailure(errorMessages) + this.logger.info('redirecting to ' + AUTH.ROUTE.LOGIN); return res.redirect(AUTH.ROUTE.LOGIN) } - emitAuthenticationFailure(errorMessages) this.verifyLogin(req, user, next, res) }, @@ -403,12 +402,12 @@ export abstract class Strategy extends events.EventEmitter { } if (this.options.allowRolesRegex && !arrayPatternMatch(roles, this.options.allowRolesRegex)) { this.logger.error( - `User has no application access, as they do not have a ${this.options.allowRolesRegex} role.`, + `User has no application access, roles ${roles.join(' ')} don't match ${this.options.allowRolesRegex} role.`, ) return this.logout(req, res) } if (!this.listenerCount(AUTH.EVENT.AUTHENTICATE_SUCCESS)) { - this.logger.log(`redirecting, no listener count: ${AUTH.EVENT.AUTHENTICATE_SUCCESS}`) + this.logger.log(`no listener count, redirecting to: ${AUTH.ROUTE.DEFAULT_REDIRECT}`) res.redirect(AUTH.ROUTE.DEFAULT_REDIRECT) } else { req.isRefresh = false diff --git a/src/auth/oidc/models/openid.class.ts b/src/auth/oidc/models/openid.class.ts index c04790a..7b23f34 100644 --- a/src/auth/oidc/models/openid.class.ts +++ b/src/auth/oidc/models/openid.class.ts @@ -108,16 +108,17 @@ export class OpenID extends AuthStrategy { reqsession.passport.user.tokenset = this.convertTokenSet(tokenSet) if (!this.listenerCount(AUTH.EVENT.AUTHENTICATE_SUCCESS)) { - this.logger.log(`refresh: no listener count: ${AUTH.EVENT.AUTHENTICATE_SUCCESS}`) + this.logger.log(`refresh: no listeners: ${AUTH.EVENT.AUTHENTICATE_SUCCESS}`) return next() } else { req.isRefresh = true + this.logger.log('refresh: success') this.emit(AUTH.EVENT.AUTHENTICATE_SUCCESS, req, res, next) return } } } catch (e) { - this.logger.error('refresh error => ', e) + this.logger.error('refresh exception ', e) next(e) } } @@ -160,7 +161,7 @@ export class OpenID extends AuthStrategy { this.logger.warn(VERIFY_ERROR_MESSAGE_NO_ACCESS_ROLES) return done(null, false, { message: VERIFY_ERROR_MESSAGE_NO_ACCESS_ROLES }) } - this.logger.info('verify okay, user:', userinfo) + this.logger.info('verify success, user:', userinfo) return done(null, { tokenset: this.convertTokenSet(tokenset), userinfo }) } @@ -234,7 +235,7 @@ export class OpenID extends AuthStrategy { if (req.session && this.options?.sessionKey) { reqsession[this.options?.sessionKey] = { state } req.session.save(() => { - this.logger.log('resolved promise, nonce & state saved') + this.logger.log('resolved promise, state saved') resolve(true) }) } else { @@ -246,7 +247,7 @@ export class OpenID extends AuthStrategy { try { await promise - this.logger.log('calling passport authenticate') + this.logger.log('OAuth2 calling passport authenticate') return passport.authenticate( this.strategyName, @@ -256,28 +257,27 @@ export class OpenID extends AuthStrategy { state, } as any, (error: any, user: any, info: any) => { - this.logger.log('passport authenticate') - + this.logger.log('OAuth2 passport authenticate callback') if (error) { this.logger.error('loginHandler error: ', JSON.stringify(error)) } /* istanbul ignore next */ if (info) { - this.logger.info(info) + this.logger.info('OAuth2 info', info) } /* istanbul ignore next */ if (user) { - const message = 'loginHandler User details returned by passport authenticate' + const message = 'OAuth2 loginHandler User details from passport authenticate' this.logger.log(message) } if (!user) { - const message = 'loginHandler no User details returned by passport authenticate' + const message = 'OAuth2 loginHandler no User details returned by passport authenticate' this.logger.log(message) } }, )(req, res, next) } catch (error) { - this.logger.error('this should not throw an error') + this.logger.error('OAuth2 loginHandler unexpected error', error) throw new Error(`this should not throw an ${error}`) } }