Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added logging of ExApp requests made on behalf of user #360

Merged
merged 2 commits into from
Aug 15, 2024
Merged

added logging of ExApp requests made on behalf of user #360

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cb7b454
added logging of ExApp request made on behalf of user
bigcat88 Aug 13, 2024
acf0e3c
Merge branch 'main' into feat/log-exapp-impersonation
bigcat88 Aug 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions lib/Service/AppAPIService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,13 @@
use OCP\Http\Client\IClientService;
use OCP\Http\Client\IPromise;
use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IRequest;
use OCP\ISession;
use OCP\IUserManager;
use OCP\IUserSession;
use OCP\L10N\IFactory;
use OCP\Log\ILogFactory;
use OCP\Security\Bruteforce\IThrottler;
use Psr\Log\LoggerInterface;

Expand All @@ -29,7 +31,9 @@ class AppAPIService {

public function __construct(
private readonly LoggerInterface $logger,
private readonly ILogFactory $logFactory,
private readonly IThrottler $throttler,
private readonly IConfig $config,
IClientService $clientService,
private readonly IUserSession $userSession,
private readonly ISession $session,
Expand Down Expand Up @@ -342,7 +346,7 @@ public function validateExAppRequestToNC(IRequest $request, bool $isDav = false)
}
}

return $this->finalizeRequestToNC($userId, $request);
return $this->finalizeRequestToNC($exApp, $userId, $request);
} else {
$this->logger->error(sprintf('Invalid signature for ExApp: %s and user: %s.', $exApp->getAppid(), $userId !== '' ? $userId : 'null'));
$this->throttler->registerAttempt(Application::APP_ID, $request->getRemoteAddress(), [
Expand All @@ -360,14 +364,15 @@ public function validateExAppRequestToNC(IRequest $request, bool $isDav = false)
* - sets active user (null if not a user context)
* - updates ExApp last response time
*/
private function finalizeRequestToNC(string $userId, IRequest $request): bool {
private function finalizeRequestToNC(ExApp $exApp, string $userId, IRequest $request): bool {
if ($userId !== '') {
$activeUser = $this->userManager->get($userId);
if ($activeUser === null) {
$this->logger->error(sprintf('Requested user does not exists: %s', $userId));
return false;
}
$this->userSession->setUser($activeUser);
$this->logImpersonatingRequest($exApp->getAppid());
} else {
$this->userSession->setUser(null);
}
Expand Down Expand Up @@ -397,6 +402,18 @@ public function passesScopeCheck(ExApp $exApp, int $apiScope): bool {
return false;
}

private function getCustomLogger(string $name): LoggerInterface {
$path = $this->config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') . '/' . $name;
return $this->logFactory->getCustomPsrLogger($path);
}

private function logImpersonatingRequest(string $appId): void {
$exAppsImpersonationLogger = $this->getCustomLogger('exapp_impersonation.log');
$exAppsImpersonationLogger->warning('impersonation request', [
'app' => $appId,
]);
}

/**
* Checks if the ExApp version changed and if it is higher, updates it in the database.
*/
Expand Down
Loading