github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #17831 from overleaf/msm-filter-saml-error-log

Browse source 
[web] Filter saml error logs by path

GitOrigin-RevId: 4ca9e156657afc893f38fed7ec6b00cbb7a608ef
This commit is contained in:
ilkin-overleaf 2024-05-27 16:09:23 +03:00 committed by Copybot
parent fe7de51827
commit abd57e03cf
2 changed files with 61 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
services/web/app/src/Features/SamlLog/SamlLogHandler.js
View file

@ -3,6 +3,9 @@ const SessionManager = require('../Authentication/SessionManager')
const logger = require('@overleaf/logger') const logger = require('@overleaf/logger')
const { err: errSerializer } = require('@overleaf/logger/serializers') const { err: errSerializer } = require('@overleaf/logger/serializers')
const { callbackify } = require('util') const { callbackify } = require('util')
const Settings = require('@overleaf/settings')
const ALLOWED_PATHS = Settings.saml?.logAllowList || ['/saml/']
async function log(req, data, samlAssertion) { async function log(req, data, samlAssertion) {
let providerId, sessionId let providerId, sessionId
@ -10,14 +13,18 @@ async function log(req, data, samlAssertion) {
data = data || {} data = data || {}
try { try {
const samlLog = new SamlLog()
const { path, query } = req const { path, query } = req
if (!ALLOWED_PATHS.some(allowedPath => path.startsWith(allowedPath))) {
return
}
const { saml } = req.session const { saml } = req.session
const userId = SessionManager.getLoggedInUserId(req.session) const userId = SessionManager.getLoggedInUserId(req.session)
providerId = (req.session.saml?.universityId || '').toString() providerId = (req.session.saml?.universityId || '').toString()
sessionId = (req.sessionID || '').toString().substr(0, 8) sessionId = (req.sessionID || '').toString().substr(0, 8)
const samlLog = new SamlLog()
samlLog.providerId = providerId samlLog.providerId = providerId
samlLog.sessionId = sessionId samlLog.sessionId = sessionId
samlLog.path = path samlLog.path = path

53
services/web/test/unit/src/SamlLog/SamlLogHandlerTests.js
View file

@ -34,6 +34,7 @@ describe('SamlLogHandler', function () {
{ {
session: { saml: { universityId: providerId } }, session: { saml: { universityId: providerId } },
sessionID: sessionId, sessionID: sessionId,
path: '/saml/ukamf',
}, },
data data
) )
@ -62,6 +63,7 @@ describe('SamlLogHandler', function () {
{ {
session: { saml: { universityId: providerId } }, session: { saml: { universityId: providerId } },
sessionID: sessionId, sessionID: sessionId,
path: '/saml/ukamf',
}, },
circularRef circularRef
) )
@ -91,6 +93,7 @@ describe('SamlLogHandler', function () {
{ {
session: { saml: { universityId: providerId } }, session: { saml: { universityId: providerId } },
sessionID: sessionId, sessionID: sessionId,
path: '/saml/ukamf',
}, },
data data
) )
@ -106,4 +109,54 @@ describe('SamlLogHandler', function () {
) )
}) })
}) })
describe('with /saml/group-sso path', function () {
let err
beforeEach(async function () {
err = new Error()
samlLog.save = sinon.stub().rejects(err)
await SamlLogHandler.promises.log(
{
session: { saml: { universityId: providerId } },
sessionID: sessionId,
path: '/saml/group-sso',
},
data
)
})
it('should log error', function () {
this.logger.error.should.have.been.calledOnce.and.calledWithMatch(
{
err,
sessionId: sessionId.substr(0, 8),
},
'SamlLog Error'
)
})
})
describe('with a path not in the allow list', function () {
let err
beforeEach(async function () {
err = new Error()
samlLog.save = sinon.stub().rejects(err)
await SamlLogHandler.promises.log(
{
session: { saml: { universityId: providerId } },
sessionID: sessionId,
path: '/unsupported',
},
data
)
})
it('should not log any error', function () {
this.logger.error.should.not.have.been.called
})
})
}) })