Add logger to OpenID_Connect_Generic

(also remove code parameter value in the query stirng url for better reading of the logs)

includes/openid-connect-generic-client.php

@@ -15,6 +15,9 @@ class OpenID_Connect_Generic_Client {
 	// states are only valid for 3 minutes
 	private $state_time_limit = 180;
 
+	// logger object
+	private $logger;
+
 	/**
 	 * Client constructor
 	 *
@@ -27,7 +30,7 @@ class OpenID_Connect_Generic_Client {
 	 * @param $redirect_uri
 	 * @param $state_time_limit time states are valid in seconds
 	 */
-	function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit){
+	function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit, $logger){
 		$this->client_id = $client_id;
 		$this->client_secret = $client_secret;
 		$this->scope = $scope;
@@ -36,6 +39,7 @@ class OpenID_Connect_Generic_Client {
 		$this->endpoint_token = $endpoint_token;
 		$this->redirect_uri = $redirect_uri;
 		$this->state_time_limit = $state_time_limit;
+		$this->logger = $logger;
 	}
 
 	/**
@@ -57,6 +61,7 @@ class OpenID_Connect_Generic_Client {
 			urlencode( $this->redirect_uri )
 		);
 
+		$this->logger->log( apply_filters( 'openid-connect-generic-auth-url', $url ), 'make_authentication_url' );
 		return apply_filters( 'openid-connect-generic-auth-url', $url );
 	}
 
@@ -126,6 +131,7 @@ class OpenID_Connect_Generic_Client {
 		$request = apply_filters( 'openid-connect-generic-alter-request', $request, 'get-authentication-token' );
 
 		// call the server and ask for a token
+		$this->logger->log( $this->endpoint_token, 'request_authentication_token' );
 		$response = wp_remote_post( $this->endpoint_token, $request );
 
 		if ( is_wp_error( $response ) ){
@@ -156,6 +162,7 @@ class OpenID_Connect_Generic_Client {
 		$request = apply_filters( 'openid-connect-generic-alter-request', $request, 'refresh-token' );
 
 		// call the server and ask for new tokens
+		$this->logger->log( $this->endpoint_token, 'request_new_tokens' );
 		$response = wp_remote_post( $this->endpoint_token, $request );
 
 		if ( is_wp_error( $response ) ) {
@@ -222,6 +229,7 @@ class OpenID_Connect_Generic_Client {
 		$request['headers']['Host'] = $host;
 
 		// attempt the request including the access token in the query string for backwards compatibility
+		$this->logger->log( $this->endpoint_userinfo, 'request_userinfo' );
 		$response = wp_remote_post( $this->endpoint_userinfo, $request );
 
 		if ( is_wp_error( $response ) ){

includes/openid-connect-generic-option-logger.php

@@ -142,7 +142,7 @@ class OpenID_Connect_Generic_Option_Logger {
 			'type'    => $type,
 			'time'    => time(),
 			'user_ID' => get_current_user_id(),
-			'uri'     => $_SERVER['REQUEST_URI'],
+			'uri'     => preg_replace('/code=([^&]+)/i', 'code=', $_SERVER['REQUEST_URI']),
 			'data'    => $data,
 		);
 

openid-connect-generic.php

@@ -98,7 +98,8 @@ class OpenID_Connect_Generic {
 			$this->settings->endpoint_userinfo,
 			$this->settings->endpoint_token,
 			$redirect_uri,
-			$state_time_limit
+			$state_time_limit,
+			$this->logger
 		);
 
 		$this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger );