Merge pull request #15491 from overleaf/jel-token-hash-log-user-id

[web] Log the user ID on token hash prefix mismatches

GitOrigin-RevId: 78d298051a9c1794ed38422bef24c852dcee3bb2
This commit is contained in:
Jessica Lawshe 2023-10-30 08:52:25 -05:00 committed by Copybot
parent a3251394e1
commit 1054b2d6fa
4 changed files with 36 additions and 9 deletions

View file

@ -233,7 +233,12 @@ async function grantTokenAccessReadAndWrite(req, res, next) {
}
const tokenType = TokenAccessHandler.TOKEN_TYPES.READ_AND_WRITE
TokenAccessHandler.checkTokenHashPrefix(token, tokenHashPrefix, tokenType)
TokenAccessHandler.checkTokenHashPrefix(
token,
tokenHashPrefix,
tokenType,
userId
)
try {
const [project, action] = await checkAndGetProjectOrResponseAction(
@ -298,7 +303,12 @@ async function grantTokenAccessReadOnly(req, res, next) {
const tokenType = TokenAccessHandler.TOKEN_TYPES.READ_ONLY
TokenAccessHandler.checkTokenHashPrefix(token, tokenHashPrefix, tokenType)
TokenAccessHandler.checkTokenHashPrefix(
token,
tokenHashPrefix,
tokenType,
userId
)
const docPublishedInfo =
await TokenAccessHandler.promises.getV1DocPublishedInfo(token)

View file

@ -287,7 +287,7 @@ const TokenAccessHandler = {
return hash.digest('hex').slice(0, 6)
},
checkTokenHashPrefix(token, tokenHashPrefix, type) {
checkTokenHashPrefix(token, tokenHashPrefix, type, userId) {
let hashPrefixStatus
if (tokenHashPrefix) {
@ -307,7 +307,7 @@ const TokenAccessHandler = {
if (hashPrefixStatus === 'mismatch') {
logger.info(
{ tokenHashPrefix, hashPrefixStatus },
{ tokenHashPrefix, hashPrefixStatus, userId },
'mismatched token hash prefix'
)
}

View file

@ -109,7 +109,12 @@ describe('TokenAccessController', function () {
it('checks token hash', function () {
expect(
this.TokenAccessHandler.checkTokenHashPrefix
).to.have.been.calledWith(this.token, 'prefix', 'readAndWrite')
).to.have.been.calledWith(
this.token,
'prefix',
'readAndWrite',
this.user._id
)
})
})
@ -153,7 +158,12 @@ describe('TokenAccessController', function () {
it('sends missing hash to metrics', function () {
expect(
this.TokenAccessHandler.checkTokenHashPrefix
).to.have.been.calledWith(this.token, undefined, 'readAndWrite')
).to.have.been.calledWith(
this.token,
undefined,
'readAndWrite',
this.user._id
)
})
})
})
@ -192,7 +202,12 @@ describe('TokenAccessController', function () {
it('sends checks if hash prefix matches', function () {
expect(
this.TokenAccessHandler.checkTokenHashPrefix
).to.have.been.calledWith(this.token, 'prefix', 'readOnly')
).to.have.been.calledWith(
this.token,
'prefix',
'readOnly',
this.user._id
)
})
})

View file

@ -650,6 +650,7 @@ describe('TokenAccessHandler', function () {
})
describe('checkTokenHashPrefix', function () {
const userId = 'abc123'
it('sends "match" to metrics when prefix matches the prefix of the hash of the token', function () {
const token = 'zxpxjrwdtsgd'
const prefix = this.TokenAccessHandler.createTokenHashPrefix(token)
@ -674,7 +675,8 @@ describe('TokenAccessHandler', function () {
this.TokenAccessHandler.checkTokenHashPrefix(
'anothertoken',
`#${prefix}`,
'readOnly'
'readOnly',
userId
)
expect(this.Metrics.inc).to.have.been.calledWith(
@ -685,7 +687,7 @@ describe('TokenAccessHandler', function () {
}
)
expect(this.logger.info).to.have.been.calledWith(
{ tokenHashPrefix: prefix, hashPrefixStatus: 'mismatch' },
{ tokenHashPrefix: prefix, hashPrefixStatus: 'mismatch', userId },
'mismatched token hash prefix'
)
})