Skip to content

add debug logs to the authentication flow #272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DiogoFerrao merged 2 commits into from
May 3, 2024
Merged

add debug logs to the authentication flow #272

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4de92c0
add debug logs to the authentication flow
DiogoFerrao May 3, 2024
e7d7f25
address PR comments
DiogoFerrao May 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions internal/pkg/auth/service_account.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ func AuthenticateServiceAccount(p *print.Printer, rt http.RoundTripper) (email s
return "", fmt.Errorf("get email from access token: %w", err)
}

p.Debug(print.DebugLevel, "successfully authenticated service account %s", email)

authFields[SERVICE_ACCOUNT_EMAIL] = email

sessionExpiresAtUnix, err := getStartingSessionExpiresAtUnix()
Expand Down
22 changes: 22 additions & 0 deletions internal/pkg/auth/user_login.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"os/exec"
"path/filepath"
"runtime"
"strconv"
"strings"
"time"

Expand Down Expand Up @@ -82,6 +83,7 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
// Define a handler that will get the authorization code, call the token endpoint, and close the HTTP server
var errServer error
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
p.Debug(print.DebugLevel, "received request from authentication server")
// Close the server only if there was an error
// Otherwise, it will redirect to the succesfull login page
defer func() {
Expand All @@ -98,19 +100,31 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
return
}

p.Debug(print.DebugLevel, "trading authorization code for access and refresh tokens")

// Trade the authorization code and the code verifier for access and refresh tokens
accessToken, refreshToken, err := getUserAccessAndRefreshTokens(authDomain, clientId, codeVerifier, code, redirectURL)
if err != nil {
errServer = fmt.Errorf("retrieve tokens: %w", err)
return
}

p.Debug(print.DebugLevel, "received response from the authentication server")

sessionExpiresAtUnix, err := getStartingSessionExpiresAtUnix()
if err != nil {
errServer = fmt.Errorf("compute session expiration timestamp: %w", err)
return
}

sessionExpiresAtUnixInt, err := strconv.Atoi(sessionExpiresAtUnix)
if err != nil {
p.Debug(print.ErrorLevel, "parse session expiration value \"%s\": %s", sessionExpiresAtUnix, err)
} else {
sessionExpiresAt := time.Unix(int64(sessionExpiresAtUnixInt), 0)
p.Debug(print.DebugLevel, "session expires at %s", sessionExpiresAt)
}

err = SetAuthFlow(AUTH_FLOW_USER_TOKEN)
if err != nil {
errServer = fmt.Errorf("set auth flow type: %w", err)
Expand All @@ -123,6 +137,8 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
return
}

p.Debug(print.DebugLevel, "user %s logged in successfully", email)

authFields := map[authFieldKey]string{
SESSION_EXPIRES_AT_UNIX: sessionExpiresAtUnix,
ACCESS_TOKEN: accessToken,
Expand All @@ -137,6 +153,8 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {

// Redirect the user to the successful login page
loginSuccessURL := redirectURL + loginSuccessPath

p.Debug(print.DebugLevel, "redirecting browser to login successful page")
http.Redirect(w, r, loginSuccessURL, http.StatusSeeOther)
})

Expand All @@ -163,6 +181,9 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
}
})

p.Debug(print.DebugLevel, "opening browser for authentication")
p.Debug(print.DebugLevel, "using authentication server on %s", authDomain)

// Open a browser window to the authorizationURL
err = openBrowser(authorizationURL)
if err != nil {
Expand All @@ -171,6 +192,7 @@ func AuthorizeUser(p *print.Printer, isReauthentication bool) error {

// Start the blocking web server loop
// It will exit when the handlers get fired and call server.Close()
p.Debug(print.DebugLevel, "listening for response from authentication server on %s", redirectURL)
err = server.Serve(listener)
if !errors.Is(err, http.ErrServerClosed) {
return fmt.Errorf("server for PKCE flow closed unexpectedly: %w", err)
Expand Down
2 changes: 2 additions & 0 deletions internal/pkg/auth/user_token_flow.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ func (utf *userTokenFlow) RoundTrip(req *http.Request) (*http.Response, error) {
} else if refreshTokenExpired, err := tokenExpired(utf.refreshToken); err != nil {
return nil, fmt.Errorf("check if refresh token has expired: %w", err)
} else if !refreshTokenExpired {
utf.printer.Debug(print.DebugLevel, "access token expired, refreshing...")
err = refreshTokens(utf)
if err == nil {
accessTokenValid = true
Expand All @@ -59,6 +60,7 @@ func (utf *userTokenFlow) RoundTrip(req *http.Request) (*http.Response, error) {
}

if !accessTokenValid {
utf.printer.Debug(print.DebugLevel, "user access token is not valid, reauthenticating...")
err = reauthenticateUser(utf)
if err != nil {
return nil, fmt.Errorf("reauthenticate user: %w", err)
Expand Down