Skip to content

add debugs logs for enrollment process #708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cpprian merged 25 commits into from
Aug 13, 2024
Merged

add debugs logs for enrollment process #708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
f5f1056
Merge pull request #650 from DefGuard/dev
t-aleksander Jun 25, 2024
7e6ad6f
Merge pull request #656 from DefGuard/dev
t-aleksander Jul 1, 2024
39015c7
Merge pull request #659 from DefGuard/dev
t-aleksander Jul 3, 2024
add6d2e
Merge pull request #664 from DefGuard/dev
t-aleksander Jul 8, 2024
8e176c1
Update README.md
teon Jul 24, 2024
63f6129
Update README.md
teon Jul 24, 2024
749ded4
Update README.md
teon Jul 24, 2024
153e436
Update README.md
teon Jul 24, 2024
92c0bb3
Update README.md
teon Jul 24, 2024
e34d568
Update README.md
teon Jul 27, 2024
77f8a03
Update README.md
teon Jul 27, 2024
bcac232
Update README.md
teon Jul 31, 2024
bb240a1
add debugs logs for enrollment process
cpprian Aug 8, 2024
d586ff2
add more debug logs for desktop activation, enrollment and create device
cpprian Aug 9, 2024
3e7e465
comment arm build
cpprian Aug 9, 2024
cda8925
cargo fmt
cpprian Aug 9, 2024
c186db6
add more debug logs v2
cpprian Aug 12, 2024
56b388d
uncomment arm build and change defguard version from 0.11.1 to 1.0.0
cpprian Aug 12, 2024
2ad80a9
Merge branch 'dev' into v0.11.1
cpprian Aug 12, 2024
fb87690
Merge branch 'dev' into v0.11.1
t-aleksander Aug 12, 2024
5db84c4
Apply suggestions from code review
cpprian Aug 13, 2024
c83c51b
apply cargo fmt
cpprian Aug 13, 2024
a775523
Merge branch 'dev' into v0.11.1
cpprian Aug 13, 2024
6a5f7fa
undo version
cpprian Aug 13, 2024
1ce0d53
Merge branch 'v0.11.1' of github.com:DefGuard/defguard into v0.11.1
cpprian Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:

jobs:
publish-docker:
runs-on: [self-hosted, Linux]
runs-on: [self-hosted, Linux, X64]
steps:
- name: Checkout
uses: actions/checkout@v4
Expand Down
116 changes: 91 additions & 25 deletions src/db/models/enrollment.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ impl From<TokenError> for Status {
}

// Representation of a user enrollment session
#[derive(Clone)]
#[derive(Clone, Debug)]
pub struct Token {
pub id: String,
pub user_id: i64,
Expand Down Expand Up @@ -161,16 +161,22 @@ impl Token {
session_timeout_seconds: u64,
) -> Result<NaiveDateTime, TokenError> {
// check if token can be used
debug!("Creating a new session.");
Comment thread
cpprian marked this conversation as resolved.
if self.is_expired() {
debug!("Token is already expired. Cannot establish a new session.");
Comment thread
cpprian marked this conversation as resolved.
return Err(TokenError::TokenExpired);
}
match self.used_at {
// session started but still valid
Some(used_at) if self.is_session_valid(session_timeout_seconds) => {
debug!("Session already exists yet it is still valid.");
Comment thread
cpprian marked this conversation as resolved.
Ok(used_at + Duration::seconds(session_timeout_seconds as i64))
}
// session expired
Some(_) => Err(TokenError::TokenUsed),
Some(_) => {
debug!("Session has expired.");
Comment thread
cpprian marked this conversation as resolved.
Err(TokenError::TokenUsed)
}
// session not yet started
None => {
let now = Utc::now().naive_utc();
Expand All @@ -179,6 +185,7 @@ impl Token {
.await?;
self.used_at = Some(now);

debug!("Generate a new session successfully.");
Comment thread
cpprian marked this conversation as resolved.
Ok(now + Duration::seconds(session_timeout_seconds as i64))
}
}
Expand All @@ -194,8 +201,14 @@ impl Token {
.fetch_optional(pool)
.await?
{
Some(enrollment) => Ok(enrollment),
None => Err(TokenError::NotFound),
Some(enrollment) => {
debug!("Fetch token {enrollment:?} from database.");
Copy link
Copy Markdown
Contributor

@t-aleksander t-aleksander Aug 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
debug!("Fetch token {enrollment:?} from database.");
debug!("Fetched token {enrollment:?} from database.");

Ok(enrollment)
}
None => {
debug!("Token with id {} does not exist in database.", id);
Err(TokenError::NotFound)
}
}
}

Expand All @@ -214,34 +227,37 @@ impl Token {
where
E: PgExecutor<'e>,
{
debug!("Fetching user for enrollment");
debug!("Find user by id {}.", self.user_id);
Copy link
Copy Markdown
Contributor

@t-aleksander t-aleksander Aug 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
debug!("Find user by id {}.", self.user_id);
debug!("Finding user by id {} for enrollment.", self.user_id);

let Some(user) = User::find_by_id(executor, self.user_id).await? else {
error!("User not found for enrollment token {}", self.id);
return Err(TokenError::UserNotFound);
};
debug!("Fetched user {user:?}.");
Copy link
Copy Markdown
Contributor

@t-aleksander t-aleksander Aug 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
debug!("Fetched user {user:?}.");
debug!("Fetched user {user:?} (id: {}) for enrollment.", self.user_id);

Ok(user)
}

pub async fn fetch_admin<'e, E>(&self, executor: E) -> Result<Option<User>, TokenError>
where
E: PgExecutor<'e>,
{
debug!("Fetching admin for enrollment");
debug!("Fetch admin data.");
Copy link
Copy Markdown
Contributor

@t-aleksander t-aleksander Aug 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ten log siฤ™ wydawaล‚ okej, chyba ลผe jest jakiล› powรณd dla ktรณrego unikamy sล‚owa enrollment tutaj?

Suggested change
debug!("Fetch admin data.");
debug!("Fetching admin data for enrollment.");

if self.admin_id.is_none() {
debug!("Admin don't have id. Stop fetching data...");
Copy link
Copy Markdown
Contributor

@t-aleksander t-aleksander Aug 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
debug!("Admin don't have id. Stop fetching data...");
debug!("Admin id not present in the token. Stopping fetching their data...");

return Ok(None);
}

let admin_id = self.admin_id.unwrap();
debug!("Trying to find admin using id {admin_id}");
let user = User::find_by_id(executor, admin_id).await?;
info!("Fetched admin id {} for enrollment", admin_id);
debug!("Fetched admin {user:?}.");
Ok(user)
}

pub async fn delete_unused_user_tokens(
transaction: &mut PgConnection,
user_id: i64,
) -> Result<(), TokenError> {
debug!("Deleting unused enrollment tokens for user {user_id}");
debug!("Deleting unused tokens for the user.");
let result = query!(
"DELETE FROM token \
WHERE user_id = $1 \
Expand All @@ -251,7 +267,7 @@ impl Token {
.execute(transaction)
.await?;
info!(
"Deleted {} unused enrollment tokens for user {user_id}",
"Deleted {} unused enrollment tokens for the user.",
result.rows_affected()
);

Expand Down Expand Up @@ -376,13 +392,23 @@ impl User {
mail_tx: UnboundedSender<Mail>,
) -> Result<String, TokenError> {
info!(
"User {} starting enrollment for user {}, notification enabled: {send_user_notification}",
"User {} started a new enrollment process for user {}.",
admin.username, self.username
);
debug!(
"Notify user by mail about the enrollment process: {}",
send_user_notification
);
debug!("Check if {} has a password.", self.username);
if self.has_password() {
debug!(
"User {} that you want to start enrollment process for already has a password.",
self.username
);
return Err(TokenError::AlreadyActive);
}

debug!("Verify that {} is an active user.", self.username);
if !self.is_active {
warn!(
"Can't create enrollment token for disabled user {}",
Expand All @@ -397,19 +423,25 @@ impl User {
self.clear_unused_enrollment_tokens(&mut *transaction)
.await?;

debug!("Create a new enrollment token for user {}.", self.username);
let enrollment = Token::new(
user_id,
Some(admin_id),
email.clone(),
token_timeout_seconds,
Some(ENROLLMENT_TOKEN_TYPE.to_string()),
);
debug!("Saving a new enrollment token...");
enrollment.save(&mut *transaction).await?;
debug!(
"Saved a new enrollment token with id {} for user {}.",
enrollment.id, self.username
);

if send_user_notification {
if let Some(email) = email {
debug!(
"Sending enrollment start mail for user {} to {email}",
"Sending an enrollment mail for user {} to {email}.",
self.username
);
let base_message_context = enrollment
Expand All @@ -423,7 +455,14 @@ impl User {
enrollment_service_url,
&enrollment.id,
)
.map_err(|err| TokenError::NotificationError(err.to_string()))?,
.map_err(|err| {
debug!(
"Cannot send an email to the user {} due to the error {}.",
self.username,
err.to_string()
);
TokenError::NotificationError(err.to_string())
})?,
attachments: Vec::new(),
result_tx: None,
};
Expand All @@ -441,6 +480,10 @@ impl User {
}
}
}
info!(
"New enrollment token has been generated for {}.",
self.username
);

Ok(enrollment.id)
}
Expand All @@ -458,40 +501,55 @@ impl User {
mail_tx: UnboundedSender<Mail>,
) -> Result<String, TokenError> {
info!(
"User {} starting desktop configuration for user {}, notification enabled: {send_user_notification}",
"User {} starting a new desktop activation for user {}",
admin.username, self.username
);
debug!(
"Notify {} by mail about the enrollment process: {}",
self.username, send_user_notification
);

let user_id = self.id.expect("User without ID");
let admin_id = admin.id.expect("Admin user without ID");

debug!("Verify that {} is an active user.", self.username);
if !self.is_active {
warn!(
"Can't create desktop configuration enrollment token for disabled user {}",
"Can't create desktop activation token for disabled user {}.",
self.username
);
return Err(TokenError::UserDisabled);
}

self.clear_unused_enrollment_tokens(&mut *transaction)
.await?;
debug!("Cleared unused tokens for {}.", self.username);

let enrollment = Token::new(
debug!(
"Create a new desktop activation token for user {}.",
self.username
);
let desktop_configuration = Token::new(
user_id,
Some(admin_id),
email.clone(),
token_timeout_seconds,
Some(ENROLLMENT_TOKEN_TYPE.to_string()),
);
enrollment.save(&mut *transaction).await?;
debug!("Saving a new desktop configuration token...");
desktop_configuration.save(&mut *transaction).await?;
debug!(
"Saved a new desktop activation token with id {} for user {}.",
desktop_configuration.id, self.username
);

if send_user_notification {
if let Some(email) = email {
debug!(
"Sending desktop configuration start mail for user {} to {email}",
"Sending a desktop configuration mail for user {} to {email}",
self.username
);
let base_message_context = enrollment
let base_message_context = desktop_configuration
.get_welcome_message_context(&mut *transaction)
.await?;
let mail = Mail {
Expand All @@ -500,9 +558,16 @@ impl User {
content: templates::desktop_start_mail(
base_message_context,
&enrollment_service_url,
&enrollment.id,
&desktop_configuration.id,
)
.map_err(|err| TokenError::NotificationError(err.to_string()))?,
.map_err(|err| {
debug!(
"Cannot send an email to the user {} due to the error {}.",
self.username,
err.to_string()
);
TokenError::NotificationError(err.to_string())
})?,
attachments: Vec::new(),
result_tx: None,
};
Expand All @@ -519,19 +584,20 @@ impl User {
}
}
}
info!(
"New desktop activation token has been generated for {}.",
self.username
);

Ok(enrollment.id)
Ok(desktop_configuration.id)
}

// Remove unused tokens when triggering user enrollment
async fn clear_unused_enrollment_tokens(
&self,
transaction: &mut PgConnection,
) -> Result<(), TokenError> {
info!(
"Removing unused enrollment tokens for user {}",
self.username
);
info!("Removing unused tokens for user {}.", self.username);
Token::delete_unused_user_tokens(transaction, self.id.expect("Missing user ID")).await
}

Expand Down
Loading