From 6c98897296bc0690fcf114b5e86dd07e3ac70606 Mon Sep 17 00:00:00 2001 From: Darryn Capes-Davis Date: Thu, 21 Jun 2018 21:59:21 +1000 Subject: [PATCH] Refine logging plus group map supports multiple groups comma separated, plus default group ("*"). --- crowd/crowd.php | 108 +++++++++++++++++++++++------------------- crowdsso/crowdsso.php | 27 ++++++----- 2 files changed, 72 insertions(+), 63 deletions(-) diff --git a/crowd/crowd.php b/crowd/crowd.php index 3f94e27..f1a7815 100644 --- a/crowd/crowd.php +++ b/crowd/crowd.php @@ -18,6 +18,8 @@ class plgAuthenticationCrowd extends JPlugin { + const LOGGER_CATEGORY = 'crowd'; + /** * Constructor * @@ -30,9 +32,8 @@ class plgAuthenticationCrowd extends JPlugin */ function plgAuthenticationCrowd(& $subject, $config) { parent::__construct($subject, $config); - JLog::addLogger(array('text_file' => 'debug.crowd.log')); - JLog::add('crowd 0.01 Start logging'); - //JLog::add('crowd config params: ' . $this->params); + JLog::addLogger(array('text_file' => 'debug.crowd.log'), JLog::DEBUG, array(self::LOGGER_CATEGORY)); + JLog::add('crowd 0.01 Start logging', JLog::DEBUG, self::LOGGER_CATEGORY); } // see rules.php @@ -55,7 +56,7 @@ protected function checkDeleteUser($credentials) JLog::add('check if we have to delete user ' . $credentials['username']); $id = intval(JUserHelper::getUserId($credentials['username'])); if ($id < 1) { - JLog::add('user not known to joomla, do nothing'); + JLog::add('user not known to joomla, do nothing', JLog::DEBUG, self::LOGGER_CATEGORY); return; // no such user in joomla, nothing to do for us } @@ -63,7 +64,7 @@ protected function checkDeleteUser($credentials) $server = $this->params->get('crowd_url'); $appname = $this->params->get('crowd_app_name'); $apppass = $this->params->get('crowd_password'); - JLog::add('onUserAuthenticate: connecting to url ' . $server); + JLog::add('onUserAuthenticate: connecting to url ' . $server, JLog::DEBUG, self::LOGGER_CATEGORY); $authcode = base64_encode($appname . ":" . $apppass); // JLog::add('auth code [' . $authcode . ']'); @@ -72,14 +73,14 @@ protected function checkDeleteUser($credentials) $request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml', 'Authorization' => 'Basic ' . $authcode); $http = new JHttp; - JLog::add('request url ' . $request_url); - JLog::add('with headers ' . var_export($request_header, true)); + JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY); + JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY); $result = $http->get($request_url, $request_header); - JLog::add('response: ' . var_export($result, true)); + JLog::add('response: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY); $obj = json_decode($result->body); - JLog::add('msg: ' . $obj->reason); + JLog::add('msg: ' . $obj->reason, JLog::DEBUG, self::LOGGER_CATEGORY); if ($obj->reason != 'USER_NOT_FOUND') { - JLog::add('crowd seems to know about this user, do not delete from joomla!'); + JLog::add('crowd seems to know about this user, do not delete from joomla!', JLog::DEBUG, self::LOGGER_CATEGORY); return; } @@ -87,39 +88,39 @@ protected function checkDeleteUser($credentials) $user = JUser::getInstance(); $user->load($id); $user->delete(); - JLog::add('user deleted from joomla.'); + JLog::add('user deleted from joomla.', JLog::DEBUG, self::LOGGER_CATEGORY); } /** creates a new joomla group, returns the resulting group id */ protected function createGroup($gname) { //$db = JFactory::getDbo(); - JLog::add('createGroup not yet implemented!'); + JLog::add('createGroup not yet implemented!', JLog::DEBUG, self::LOGGER_CATEGORY); } /** Trust the sso flag, login without password */ function doSSOLogin( $credentials, $options, &$response ) { - JLog::add('crowd::onUserAuthenticate immediate login: ' . var_export($credentials, true)); + JLog::add('crowd::onUserAuthenticate immediate login: ' . var_export($credentials, true), JLog::DEBUG, self::LOGGER_CATEGORY); $response->status = JAuthentication::STATUS_SUCCESS; $response->email = $credentials['email']; $response->fullname = $credentials['fullname']; $response->username = $credentials['username']; $response->error_message = ''; - JLog::add('crowd: returning response: ' . var_export($response, true)); + JLog::add('crowd: returning response: ' . var_export($response, true), JLog::DEBUG, self::LOGGER_CATEGORY); return true; } /** checks username/password against crowd */ function doCrowdLogin( $credentials, $options, &$response ) { - JLog::add('doing regular login'); + JLog::add('doing regular login', JLog::DEBUG, self::LOGGER_CATEGORY); $server = $this->params->get('crowd_url'); $appname = $this->params->get('crowd_app_name'); $apppass = $this->params->get('crowd_password'); - JLog::add('onUserAuthenticate: connecting to url ' . $server); + JLog::add('onUserAuthenticate: connecting to url ' . $server, JLog::DEBUG, self::LOGGER_CATEGORY); $authcode = base64_encode($appname . ":" . $apppass); // JLog::add('auth code [' . $authcode . ']'); @@ -128,10 +129,10 @@ function doCrowdLogin( $credentials, $options, &$response ) $request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml', 'Authorization' => 'Basic ' . $authcode); $http = new JHttp; - JLog::add('request url ' . $request_url); - JLog::add('with headers ' . var_export($request_header, true)); + JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY); + JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY); $result = $http->get($request_url, $request_header); - JLog::add('cookie config: ' . var_export($result, true)); + JLog::add('cookie config: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY); if (!$result or $result->code != 200) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = 'Cannot fetch cookie config from crowd'; @@ -147,11 +148,11 @@ function doCrowdLogin( $credentials, $options, &$response ) $cookieDomain = $altCookieDomain; } - JLog::add('cookie name: ' . $cookieName . ', domain: ' . $cookieDomain); + JLog::add('cookie name: ' . $cookieName . ', domain: ' . $cookieDomain, JLog::DEBUG, self::LOGGER_CATEGORY); // now trying to login $request_url = $server . '/rest/usermanagement/1/session?validate-password=true'; - JLog::add('request url ' . $request_url); + JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY); $request_data = '' . '' . ' ' . $credentials['username'] . '' . @@ -166,20 +167,20 @@ function doCrowdLogin( $credentials, $options, &$response ) #JLog::add('request data: ' . $request_data); $request_header = array('Accept' => 'application/xml', 'Content-Type' => 'application/xml', 'Authorization' => 'Basic ' . $authcode); - JLog::add('with headers ' . var_export($request_header, true)); + JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY); $result = $http->post($request_url, $request_data, $request_header); - JLog::add('response: ' . var_export($result, true)); + JLog::add('response: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY); if (!$result or $result->code != 201) { - JLog::add('have not got expected code 201, login failed'); + JLog::add('have not got expected code 201, login failed', JLog::DEBUG, self::LOGGER_CATEGORY); $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = 'Login to crowd failed'; return false; } - JLog::add('fetching info from new location: ' . $result->headers['Location']); + JLog::add('fetching info from new location: ' . $result->headers['Location'], JLog::DEBUG, self::LOGGER_CATEGORY); $result = $http->get($result->headers['Location'], $request_header); - JLog::add('response: ' . var_export($result, true)); + JLog::add('response: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY); if (!$result or $result->code != 200) { - JLog::add('have not got expected code 200, login failed'); + JLog::add('have not got expected code 200, login failed', JLog::DEBUG, self::LOGGER_CATEGORY); $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = 'Login to crowd failed'; return false; @@ -194,10 +195,10 @@ function doCrowdLogin( $credentials, $options, &$response ) $response->username = (string) $xml->user['name']; $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; - JLog::add('login successfull, returning: ' . var_export($response, true)); + JLog::add('login successfull, returning: ' . var_export($response, true), JLog::DEBUG, self::LOGGER_CATEGORY); // finally export our token as cookie - JLog::add('set cookie ' . $cookieName . ' = ' . $token); + JLog::add('set cookie ' . $cookieName . ' = ' . $token, JLog::DEBUG, self::LOGGER_CATEGORY); setcookie($cookieName,$token, 0, "/", $cookieDomain,false,true); return true; @@ -205,11 +206,11 @@ function doCrowdLogin( $credentials, $options, &$response ) function handleGroups( $user, $credentials, $options, &$response ) { - JLog::add('login succeeded, obtaining groups'); + JLog::add('login succeeded, obtaining groups', JLog::DEBUG, self::LOGGER_CATEGORY); $server = $this->params->get('crowd_url'); $appname = $this->params->get('crowd_app_name'); $apppass = $this->params->get('crowd_password'); - JLog::add('handleGroups: connecting to url ' . $server); + JLog::add('handleGroups: connecting to url ' . $server, JLog::DEBUG, self::LOGGER_CATEGORY); $authcode = base64_encode($appname . ":" . $apppass); // JLog::add('auth code [' . $authcode . ']'); @@ -218,10 +219,10 @@ function handleGroups( $user, $credentials, $options, &$response ) $request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml', 'Authorization' => 'Basic ' . $authcode); $http = new JHttp; - JLog::add('request url ' . $request_url); - JLog::add('with headers ' . var_export($request_header, true)); + JLog::add('request url ' . $request_url, JLog::DEBUG, self::LOGGER_CATEGORY); + JLog::add('with headers ' . var_export($request_header, true), JLog::DEBUG, self::LOGGER_CATEGORY); $result = $http->get($request_url, $request_header); - JLog::add('group config: ' . var_export($result, true)); + JLog::add('group config: ' . var_export($result, true), JLog::DEBUG, self::LOGGER_CATEGORY); if (!$result or $result->code != 200) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = 'Cannot fetch groups from crowd'; @@ -229,10 +230,10 @@ function handleGroups( $user, $credentials, $options, &$response ) } $obj = json_decode($result->body); $groups = $obj->groups; // array containing all crowd groups of this user as objects with attr 'name' - JLog::add('crowd groups: ' . var_export($groups, true)); + JLog::add('crowd groups: ' . var_export($groups, true), JLog::DEBUG, self::LOGGER_CATEGORY); $response->groups = array(); $allgroups = $this->getUserGroups(); // array of objects containing group name and joomla id as 'text' and 'value' - JLog::add('joomla groups: ' . var_export($allgroups, true)); + JLog::add('joomla groups: ' . var_export($allgroups, true), JLog::DEBUG, self::LOGGER_CATEGORY); $allgroupnames = array(); // array of joomla group names $groupmapping = explode(";",$this->params->get('crowd_group_map')); @@ -240,13 +241,13 @@ function handleGroups( $user, $credentials, $options, &$response ) foreach ($groupmapping as $gm) { $ml = explode(":",$gm); if (count($ml) != 2 || intval($ml[1]) < 1) { - JLog::add('ignored mapping entry [' . $gm . ']'); + JLog::add('ignored mapping entry [' . $gm . ']', JLog::DEBUG, self::LOGGER_CATEGORY); } else { - $groupmap[trim($ml[0])] = intval($ml[1]); + $groupmap[trim($ml[0])] = explode(",",$ml[1]); } } - JLog::add('groupmap: ' . var_export($groupmap,true)); + JLog::add('groupmap: ' . var_export($groupmap,true), JLog::DEBUG, self::LOGGER_CATEGORY); foreach ($allgroups as $jgroup) { array_push($allgroupnames, $jgroup->text); @@ -255,25 +256,32 @@ function handleGroups( $user, $credentials, $options, &$response ) // first remove user from all groups foreach ($allgroups as $group) { $res = JUserHelper::removeUserFromGroup($user->id, $group->value); - JLog::add('removed user from group ' . $group->text . ' with result ' . $res); + JLog::add('removed user from group ' . $group->text . ' with result ' . $res, JLog::DEBUG, self::LOGGER_CATEGORY); + } + + // Process Group Map default if exists + if (array_key_exists("*", $groupmap)) { + $res = JUserHelper::setUserGroups($user->id, $groupmap["*"]); + JLog::add('added user to mapped groups ' . $group->name . ':' . implode(",", $groupmap["*"]) . ' result: ' . $res, JLog::DEBUG, self::LOGGER_CATEGORY); } + // now re-add all groups we have got from crowd foreach ($groups as $group) { - JLog::add('got group: ' . $group->name); + JLog::add('got group: ' . $group->name, JLog::DEBUG, self::LOGGER_CATEGORY); array_push($response->groups, $group->name); //array_push($user->groups, $group->name); // check mapping if (array_key_exists($group->name, $groupmap)) { - $res = JUserHelper::addUserToGroup($user->id, $groupmap[$group->name]); - JLog::add('added user to mapped group ' . $group->name . ' result: ' . $res); + $res = JUserHelper::setUserGroups($user->id, $groupmap[$group->name]); + JLog::add('added user to mapped groups ' . $group->name . ':' . implode(",", $groupmap[$group->name]) . ' result: ' . $res, JLog::DEBUG, self::LOGGER_CATEGORY); continue; } // create new groups if needed if (!in_array($group->name, $allgroupnames)) { - JLog::add('create new group ' . $group->name); + JLog::add('create new group ' . $group->name, JLog::DEBUG, self::LOGGER_CATEGORY); $gid = $this->createGroup($group->name); } else { // group already exists in joomla @@ -281,9 +289,9 @@ function handleGroups( $user, $credentials, $options, &$response ) if ($g->text == $group->name) { try { JUserHelper::addUserToGroup($user->id, $g->value); - JLog::add("added user " . $user->id . ' to group ' . $g->name . ' id: ' . $g->value); + JLog::add("added user " . $user->id . ' to group ' . $g->name . ' id: ' . $g->value, JLog::DEBUG, self::LOGGER_CATEGORY); } catch (Exception $e) { - JLog::add('adding user ' . $user->id . ' to group ' . $g->name . ' caused exception: ' . $e->getMessage()); + JLog::add('adding user ' . $user->id . ' to group ' . $g->name . ' caused exception: ' . $e->getMessage(), JLog::DEBUG, self::LOGGER_CATEGORY); } } } @@ -292,7 +300,7 @@ function handleGroups( $user, $credentials, $options, &$response ) try { $user->save(); } catch (Exception $e) { - JLog::add('saving user ' . $user->id . ' caused exception: ' . $e->getMessage()); + JLog::add('saving user ' . $user->id . ' caused exception: ' . $e->getMessage(), JLog::DEBUG, self::LOGGER_CATEGORY); } } @@ -309,7 +317,7 @@ function handleGroups( $user, $credentials, $options, &$response ) */ function onUserAuthenticate( $credentials, $options, &$response ) { - JLog::add('onUserAuthenticate: auth started'); + JLog::add('onUserAuthenticate: auth started', JLog::DEBUG, self::LOGGER_CATEGORY); $response->type = 'Crowd'; $response->password_clear = ""; $login_succeeded = false; @@ -320,7 +328,7 @@ function onUserAuthenticate( $credentials, $options, &$response ) $login_succeeded = $this->doCrowdLogin($credentials, $options, $response); } if ($credentials['username'] == "admin") { - JLog::add('admin login, neither check user nor groups'); + JLog::add('admin login, neither check user nor groups', JLog::DEBUG, self::LOGGER_CATEGORY); return login_succeeded; // do not more for admin user } if (! $login_succeeded) { @@ -331,7 +339,7 @@ function onUserAuthenticate( $credentials, $options, &$response ) if ($id = intval(JUserHelper::getUserId($response->username))) { } else { - JLog::add('creating new user ' . $response->username); + JLog::add('creating new user ' . $response->username, JLog::DEBUG, self::LOGGER_CATEGORY); $user->set('id', 0); $user->set('name', $response->fullname); $user->set('username', $response->username); diff --git a/crowdsso/crowdsso.php b/crowdsso/crowdsso.php index 8cde59e..b9af535 100644 --- a/crowdsso/crowdsso.php +++ b/crowdsso/crowdsso.php @@ -37,6 +37,7 @@ class plgSystemCrowdSSO extends JPlugin { const CONFIG_DISABLEADMIN = 'disable_admin'; const CONFIG_COOKIENAME = 'cookieName'; + const LOGGER_CATEGORY = 'crowdsso'; /** * @param object $subject The object to observe @@ -44,8 +45,8 @@ class plgSystemCrowdSSO extends JPlugin { */ public function plgSystemCrowdSSO(&$subject, $config) { parent::__construct($subject, $config); - JLog::addLogger(array('text_file' => 'debug.crowd.log')); - JLog::add('crowd sso 0.01 created'); + JLog::addLogger(array('text_file' => 'debug.crowd.log'), JLog::DEBUG, array(self::LOGGER_CATEGORY)); + JLog::add('crowd sso 0.01 created', JLog::DEBUG, self::LOGGER_CATEGORY); } /** @@ -53,31 +54,31 @@ public function plgSystemCrowdSSO(&$subject, $config) { * when the cookie is set/unset. */ public function onAfterInitialise() { - JLog::add('crowd sso onAfterInitialise'); + JLog::add('crowd sso onAfterInitialise', JLog::DEBUG, self::LOGGER_CATEGORY); if ((bool)$this->params->get(self::CONFIG_DISABLEADMIN) && JFactory::getApplication()->isAdmin()) { return; //No SSO for administrator section } $user = JFactory::getUser(); - JLog::add("current user is: ". $user->username .", guest: " . (int)$user->guest . ", admin: " . JFactory::getApplication()->isAdmin()); + JLog::add("current user is: ". $user->username .", guest: " . (int)$user->guest . ", admin: " . JFactory::getApplication()->isAdmin(), JLog::DEBUG, self::LOGGER_CATEGORY); $token = $this->_readToken(); if ($user->guest and empty($token)) { # case 1 - JLog::add('case 1: user is guest and crowd token is empty - thats fine, do nothing'); + JLog::add('case 1: user is guest and crowd token is empty - thats fine, do nothing', JLog::DEBUG, self::LOGGER_CATEGORY); return; } else if ($user->guest and !empty($token)) { # case 2 - JLog::add('case 2: user is guest and we have a crowd token - try sso login'); + JLog::add('case 2: user is guest and we have a crowd token - try sso login', JLog::DEBUG, self::LOGGER_CATEGORY); $this->_tryLogin($token); } else if (!$user->guest and empty($token)) { # case 3 - JLog::add('case 3: user is not guest, but crowd token is empty - thats bad, logout'); + JLog::add('case 3: user is not guest, but crowd token is empty - thats bad, logout', JLog::DEBUG, self::LOGGER_CATEGORY); $this->_tryLogout($user); } else if (!$user->guest) { # case 4 - JLog::add('case 4: user is not guest and we have a token - we do nothing'); + JLog::add('case 4: user is not guest and we have a token - we do nothing', JLog::DEBUG, self::LOGGER_CATEGORY); return; # do nothing, we just keep her } else { - JLog::add('crowdsso::onAfterInitialise: unknown case, strange things going on here...'); + JLog::add('crowdsso::onAfterInitialise: unknown case, strange things going on here...', JLog::DEBUG, self::LOGGER_CATEGORY); } } @@ -96,13 +97,13 @@ protected function _tryLogin($token) { $apppass = $this->params->get('crowd_password'); $authcode = base64_encode($appname . ":" . $apppass); $request_url = $server . '/rest/usermanagement/latest/session/' . $token; - $request_header = array('Accept' => 'application/json', 'Content-type' => 'application/xml', + $request_header = array('Accept' => 'application/json', 'Content-Type' => 'application/xml', 'Authorization' => 'Basic ' . $authcode); $http = new JHttp; $result = $http->get($request_url, $request_header); - JLog::add('crowdsso response: ' . $result->code . ', data: ' . $result->body); + JLog::add('crowdsso response: ' . $result->code . ', data: ' . $result->body, JLog::DEBUG, self::LOGGER_CATEGORY); if ($result->code != 200) { - JLog::add('crowdsso login failed'); + JLog::add('crowdsso login failed', JLog::DEBUG, self::LOGGER_CATEGORY); return -1; } $obj = json_decode($result->body); @@ -137,6 +138,6 @@ function onUserLogout($user, $options = array()) { } function onUserLoginFailure($response) { - JLog::add('crowdsso::onUserLoginFailure for ' . $response['username'] . ' . because: ' . $response['error_message']); + JLog::add('crowdsso::onUserLoginFailure for ' . $response['username'] . ' . because: ' . $response['error_message'], JLog::DEBUG, self::LOGGER_CATEGORY); } }