From 11695f56abc37460a48e85384220695865eedbc0 Mon Sep 17 00:00:00 2001 From: SYLVAIN PAILLASSE Date: Sun, 12 Apr 2020 15:15:25 +0200 Subject: [PATCH] Add logger to OpenID_Connect_Generic (also remove code parameter value in the query stirng url for better reading of the logs) --- includes/openid-connect-generic-client.php | 10 +++++++++- includes/openid-connect-generic-option-logger.php | 2 +- openid-connect-generic.php | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/includes/openid-connect-generic-client.php b/includes/openid-connect-generic-client.php index 916ef04..eb59904 100644 --- a/includes/openid-connect-generic-client.php +++ b/includes/openid-connect-generic-client.php @@ -15,6 +15,9 @@ class OpenID_Connect_Generic_Client { // states are only valid for 3 minutes private $state_time_limit = 180; + // logger object + private $logger; + /** * Client constructor * @@ -27,7 +30,7 @@ class OpenID_Connect_Generic_Client { * @param $redirect_uri * @param $state_time_limit time states are valid in seconds */ - function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit){ + function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit, $logger){ $this->client_id = $client_id; $this->client_secret = $client_secret; $this->scope = $scope; @@ -36,6 +39,7 @@ class OpenID_Connect_Generic_Client { $this->endpoint_token = $endpoint_token; $this->redirect_uri = $redirect_uri; $this->state_time_limit = $state_time_limit; + $this->logger = $logger; } /** @@ -57,6 +61,7 @@ class OpenID_Connect_Generic_Client { urlencode( $this->redirect_uri ) ); + $this->logger->log( apply_filters( 'openid-connect-generic-auth-url', $url ), 'make_authentication_url' ); return apply_filters( 'openid-connect-generic-auth-url', $url ); } @@ -126,6 +131,7 @@ class OpenID_Connect_Generic_Client { $request = apply_filters( 'openid-connect-generic-alter-request', $request, 'get-authentication-token' ); // call the server and ask for a token + $this->logger->log( $this->endpoint_token, 'request_authentication_token' ); $response = wp_remote_post( $this->endpoint_token, $request ); if ( is_wp_error( $response ) ){ @@ -156,6 +162,7 @@ class OpenID_Connect_Generic_Client { $request = apply_filters( 'openid-connect-generic-alter-request', $request, 'refresh-token' ); // call the server and ask for new tokens + $this->logger->log( $this->endpoint_token, 'request_new_tokens' ); $response = wp_remote_post( $this->endpoint_token, $request ); if ( is_wp_error( $response ) ) { @@ -222,6 +229,7 @@ class OpenID_Connect_Generic_Client { $request['headers']['Host'] = $host; // attempt the request including the access token in the query string for backwards compatibility + $this->logger->log( $this->endpoint_userinfo, 'request_userinfo' ); $response = wp_remote_post( $this->endpoint_userinfo, $request ); if ( is_wp_error( $response ) ){ diff --git a/includes/openid-connect-generic-option-logger.php b/includes/openid-connect-generic-option-logger.php index 165863a..96ce655 100644 --- a/includes/openid-connect-generic-option-logger.php +++ b/includes/openid-connect-generic-option-logger.php @@ -142,7 +142,7 @@ class OpenID_Connect_Generic_Option_Logger { 'type' => $type, 'time' => time(), 'user_ID' => get_current_user_id(), - 'uri' => $_SERVER['REQUEST_URI'], + 'uri' => preg_replace('/code=([^&]+)/i', 'code=', $_SERVER['REQUEST_URI']), 'data' => $data, ); diff --git a/openid-connect-generic.php b/openid-connect-generic.php index d182f0f..e474d31 100644 --- a/openid-connect-generic.php +++ b/openid-connect-generic.php @@ -98,7 +98,8 @@ class OpenID_Connect_Generic { $this->settings->endpoint_userinfo, $this->settings->endpoint_token, $redirect_uri, - $state_time_limit + $state_time_limit, + $this->logger ); $this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger );