wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-06-04 23:04:47 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Extra logs for auth providers (#5840)

Browse Source 
Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
This commit is contained in:
Denis Bykhov 2024-06-18 10:15:08 +05:00 committed by GitHub
parent d1f6a9de7f
commit 279b04f5b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 92 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pods/authProviders/src/github.ts
View File

@ -35,6 +35,7 @@ export function registerGithub (
router.get('/auth/github', async (ctx, next) => { router.get('/auth/github', async (ctx, next) => {
const state = ctx.query?.inviteId const state = ctx.query?.inviteId
measureCtx.info('try auth via', { provider: 'github' })
passport.authenticate('github', { scope: ['user:email'], session: true, state })(ctx, next) passport.authenticate('github', { scope: ['user:email'], session: true, state })(ctx, next)
}) })
@ -45,6 +46,7 @@ export function registerGithub (
try { try {
const email = ctx.state.user.emails?.[0]?.value ?? `github:${ctx.state.user.username}` const email = ctx.state.user.emails?.[0]?.value ?? `github:${ctx.state.user.username}`
const [first, last] = ctx.state.user.displayName?.split(' ') ?? [ctx.state.user.username, ''] const [first, last] = ctx.state.user.displayName?.split(' ') ?? [ctx.state.user.username, '']
measureCtx.info('Provider auth handler', { email, type: 'github' })
if (email !== undefined) { if (email !== undefined) {
if (ctx.query?.state != null) { if (ctx.query?.state != null) {
const loginInfo = await joinWithProvider( const loginInfo = await joinWithProvider(
@ -71,11 +73,12 @@ export function registerGithub (
ctx.session.loginInfo = loginInfo ctx.session.loginInfo = loginInfo
} }
} }
measureCtx.info('Success auth, redirect', { email, type: 'github' })
// Successful authentication, redirect to your application // Successful authentication, redirect to your application
ctx.redirect(concatLink(frontUrl, '/login/auth')) ctx.redirect(concatLink(frontUrl, '/login/auth'))
} }
} catch (err: any) { } catch (err: any) {
measureCtx.error('failed to auth', err) measureCtx.error('failed to auth', { err, type: 'github', user: ctx.state?.user })
} }
await next() await next()
} }

5
pods/authProviders/src/google.ts
View File

@ -35,6 +35,7 @@ export function registerGoogle (
router.get('/auth/google', async (ctx, next) => { router.get('/auth/google', async (ctx, next) => {
const state = ctx.query?.inviteId const state = ctx.query?.inviteId
measureCtx.info('try auth via', { provider: 'google' })
passport.authenticate('google', { scope: ['profile', 'email'], session: true, state })(ctx, next) passport.authenticate('google', { scope: ['profile', 'email'], session: true, state })(ctx, next)
}) })
@ -45,6 +46,7 @@ export function registerGoogle (
const email = ctx.state.user.emails?.[0]?.value const email = ctx.state.user.emails?.[0]?.value
const first = ctx.state.user.name.givenName const first = ctx.state.user.name.givenName
const last = ctx.state.user.name.familyName const last = ctx.state.user.name.familyName
measureCtx.info('Provider auth handler', { email, type: 'google' })
if (email !== undefined) { if (email !== undefined) {
try { try {
if (ctx.query?.state != null) { if (ctx.query?.state != null) {
@ -69,9 +71,10 @@ export function registerGoogle (
} }
// Successful authentication, redirect to your application // Successful authentication, redirect to your application
measureCtx.info('Success auth, redirect', { email, type: 'google' })
ctx.redirect(concatLink(frontUrl, '/login/auth')) ctx.redirect(concatLink(frontUrl, '/login/auth'))
} catch (err: any) { } catch (err: any) {
measureCtx.error('failed to auth', err) measureCtx.error('failed to auth', { err, type: 'google', user: ctx.state?.user })
} }
} }
await next() await next()

157
server/account/src/operations.ts
View File

@ -2064,35 +2064,61 @@ export async function joinWithProvider (
inviteId: ObjectId, inviteId: ObjectId,
extra?: Record<string, string> extra?: Record<string, string>
): Promise<WorkspaceLoginInfo | LoginInfo> { ): Promise<WorkspaceLoginInfo | LoginInfo> {
const email = cleanEmail(_email) try {
const invite = await getInvite(db, inviteId) const email = cleanEmail(_email)
const workspace = await checkInvite(ctx, invite, email) const invite = await getInvite(db, inviteId)
if (last == null) { const workspace = await checkInvite(ctx, invite, email)
last = '' if (last == null) {
} last = ''
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
} }
let account = await getAccount(db, email)
const token = generateToken(email, getWorkspaceId('', productId), getExtra(account)) if (account == null && extra !== undefined) {
const ws = await getWorkspaceById(db, productId, workspace.name) account = await getAccountByQuery(db, extra)
}
if (ws?.accounts.includes(account._id) ?? false) { if (account !== null) {
const result = { // we should clean password if account is not confirmed
endpoint: getEndpoint(), if (account.confirmed === false) {
email, await updatePassword(db, account, null)
token
} }
const token = generateToken(email, getWorkspaceId('', productId), getExtra(account))
const ws = await getWorkspaceById(db, productId, workspace.name)
if (ws?.accounts.includes(account._id) ?? false) {
const result = {
endpoint: getEndpoint(),
email,
token
}
return result
}
const wsRes = await assignWorkspace(
ctx,
db,
productId,
branding,
email,
workspace.name,
invite?.role ?? AccountRole.User,
invite?.personId
)
const result = await selectWorkspace(
ctx,
db,
productId,
branding,
token,
wsRes.workspaceUrl ?? wsRes.workspace,
false
)
await useInvite(db, inviteId)
return result return result
} }
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const wsRes = await assignWorkspace( const token = generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
const ws = await assignWorkspace(
ctx, ctx,
db, db,
productId, productId,
@ -2102,37 +2128,16 @@ export async function joinWithProvider (
invite?.role ?? AccountRole.User, invite?.role ?? AccountRole.User,
invite?.personId invite?.personId
) )
const result = await selectWorkspace( const result = await selectWorkspace(ctx, db, productId, branding, token, ws.workspaceUrl ?? ws.workspace, false)
ctx,
db,
productId,
branding,
token,
wsRes.workspaceUrl ?? wsRes.workspace,
false
)
await useInvite(db, inviteId) await useInvite(db, inviteId)
return result return result
} catch (err: any) {
Analytics.handleError(err)
ctx.error('joinWithProvider error', { email: _email, ...extra, err })
throw err
} }
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const token = generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
const ws = await assignWorkspace(
ctx,
db,
productId,
branding,
email,
workspace.name,
invite?.role ?? AccountRole.User,
invite?.personId
)
const result = await selectWorkspace(ctx, db, productId, branding, token, ws.workspaceUrl ?? ws.workspace, false)
await useInvite(db, inviteId)
return result
} }
export async function loginWithProvider ( export async function loginWithProvider (
@ -2145,34 +2150,40 @@ export async function loginWithProvider (
last: string, last: string,
extra?: Record<string, string> extra?: Record<string, string>
): Promise<LoginInfo> { ): Promise<LoginInfo> {
const email = cleanEmail(_email) try {
if (last == null) { const email = cleanEmail(_email)
last = '' if (last == null) {
} last = ''
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
} }
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
}
const result = {
endpoint: getEndpoint(),
email,
token: generateToken(email, getWorkspaceId('', productId), getExtra(account))
}
return result
}
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const result = { const result = {
endpoint: getEndpoint(), endpoint: getEndpoint(),
email, email,
token: generateToken(email, getWorkspaceId('', productId), getExtra(account)) token: generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
} }
return result return result
} catch (err: any) {
Analytics.handleError(err)
ctx.error('loginWithProvider error', { email: _email, ...extra, err })
throw err
} }
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const result = {
endpoint: getEndpoint(),
email,
token: generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
}
return result
} }
/** /**