Skip to content
This repository was archived by the owner on Nov 24, 2025. It is now read-only.

Missing user in logs bug #7282

Merged
srijeet0406 merged 13 commits into from
Jan 27, 2023
Merged

Missing user in logs bug #7282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1e747cf
Created catch and parse for user from "access_token" in wrappers.go W…
kdamichie Jan 6, 2023
ec1d94f
Created constant names in cookie.go for MojoCookie, AccessToken, and …
kdamichie Jan 10, 2023
edd933f
Added name Cookie to HTTP Headers list in http.go
kdamichie Jan 10, 2023
6cf1586
Added additional logic to extract user from requests when using mojol…
kdamichie Jan 10, 2023
cc76c50
Configured use of cookie variables form cookies.go: AccessToken, Bear…
kdamichie Jan 17, 2023
8a68f52
Updated a couple missed constant cookie names in wrappers.go. Created…
kdamichie Jan 23, 2023
4d2f450
Modified error logging to fail fast
kdamichie Jan 24, 2023
9619786
Made TestGetCookieToken in wrappers_test.go more versatile and robust…
kdamichie Jan 25, 2023
1a8257c
Organized imports
kdamichie Jan 26, 2023
df06bab
Fixed indentation issue on imports
kdamichie Jan 26, 2023
b9cfb5d
Arranged imports
kdamichie Jan 27, 2023
3242ef0
Merge branch 'master' into missing_user_in_logs_bug
kdamichie Jan 27, 2023
1eb1f57
CHANGELOG.md updated with fix
kdamichie Jan 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
- [#7182](https://github.com/apache/trafficcontrol/pull/7182) *Traffic Control Cache Config (t3c)* Sort peers used in strategy.yaml to prevent false positive for reload.
- [#7204](https://github.com/apache/trafficcontrol/pull/7204) *Traffic Control Cache Config (t3c)* strategies.yaml hash_key only for consistent_hash
- [#7277](https://github.com/apache/trafficcontrol/pull/7277) *Traffic Control Cache Config (t3c)* remapdotconfig: remove skip check at mids for nocache/live
- [#7282](https://github.com/apache/trafficcontrol/pull/7282) *Traffic Ops* Fixed issue with user getting correctly logged when using an access or bearer token authentication.

## [7.0.0] - 2022-07-19
### Added
Expand Down
1 change: 1 addition & 0 deletions lib/go-rfc/http.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ const (
Age = "Age" // RFC7234§5.1
Location = "Location" // RFC7231§7.1.2
Authorization = "Authorization" // RFC7235§4.2
Cookie = "Cookie" // RFC7873
)

// These are (some) valid values for content encoding and MIME types, for
Expand Down
40 changes: 34 additions & 6 deletions traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ import (
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/auth"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/tocookie"

"github.com/lestrrat-go/jwx/jwt"
)

// DefaultRequestTimeout is the default request timeout, if no timeout is configured.
Expand Down Expand Up @@ -188,19 +190,45 @@ func GetWrapAccessLog(secret string) Middleware {
}
}

func getCookieToken(r *http.Request) string {
cookie, err := r.Cookie(tocookie.Name)
if err == nil && cookie != nil {
return cookie.Value
} else if r.Header.Get(rfc.Cookie) != "" && strings.Contains(r.Header.Get(rfc.Cookie), tocookie.AccessToken) {
cookie, err := r.Cookie(tocookie.AccessToken)
if err == nil && cookie != nil {
decodedToken, err := jwt.Parse([]byte(cookie.Value))
if err == nil && cookie != nil {
return fmt.Sprintf("%s", decodedToken.PrivateClaims()[tocookie.MojoCookie])
}
}
} else if r.Header.Get(rfc.Authorization) != "" && strings.Contains(r.Header.Get(rfc.Authorization), tocookie.BearerToken) {
givenTokenSplit := strings.Split(r.Header.Get(rfc.Authorization), " ")
Comment thread
kdamichie marked this conversation as resolved.
if len(givenTokenSplit) < 2 {
return ""
}
decodedToken, err := jwt.Parse([]byte(givenTokenSplit[1]))
if err == nil && decodedToken != nil {
return fmt.Sprintf("%s", decodedToken.PrivateClaims()[tocookie.MojoCookie])
}
return givenTokenSplit[1]
}
return ""
}

// WrapAccessLog takes the cookie secret and a http.Handler, and returns a HandlerFunc which writes to the Access Log (which is the lib/go-log EventLog) after the HandlerFunc finishes.
// This is not a Middleware, because it needs the secret as a parameter. For a Middleware, see GetWrapAccessLog.
func WrapAccessLog(secret string, h http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var imsType = NONIMS
iw := &util.Interceptor{W: w}
user := "-"
cookie, err := r.Cookie(tocookie.Name)
if err == nil && cookie != nil {
cookie, userErr, sysErr := tocookie.Parse(secret, cookie.Value)
if userErr == nil && sysErr == nil {
user = cookie.AuthData
}
cookieToken := getCookieToken(r)
cookie, userErr, sysErr := tocookie.Parse(secret, cookieToken)
if userErr == nil && sysErr == nil {
Comment thread
kdamichie marked this conversation as resolved.
user = cookie.AuthData
} else {
log.Errorf("Error retrieving user from cookie: User Error: %v System Error: %v", userErr, sysErr)
}
start := time.Now()
defer func() {
Expand Down
46 changes: 45 additions & 1 deletion traffic_ops/traffic_ops_golang/routing/middleware/wrappers_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ import (
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/tocookie"

"github.com/jmoiron/sqlx"
"github.com/lestrrat-go/jwx/jwa"
"github.com/lestrrat-go/jwx/jwt"
sqlmock "gopkg.in/DATA-DOG/go-sqlmock.v1"
)

Expand Down Expand Up @@ -440,4 +442,46 @@ func TestNoOpWhenNoPermissionsRequired(t *testing.T) {
}
}

// TODO: TestWrapAccessLog, et. al
func TestGetCookieToken(t *testing.T) {
var cookies []http.Cookie
var jwtToken jwt.Token
var jwtSigned []byte

authUser := "foobar"
httpCookie := tocookie.GetCookie(authUser, 0, "fOObAR.")

jwtToken, _ = jwt.NewBuilder().Claim(api.MojoCookie, httpCookie.Value).Build()
jwtSigned, _ = jwt.Sign(jwtToken, jwa.HS256, []byte("fOObAR."))

mojoCookie := http.Cookie{Name: httpCookie.Name, Value: httpCookie.Value}
accessToken := http.Cookie{Name: "access_token", Value: string(jwtSigned)}
bearerToken := "Bearer " + string(jwtSigned)
cookies = append(cookies, mojoCookie, accessToken, http.Cookie{})

getUserFromCookie := func(cookieToken string) {
secret := "fOObAR."
user := ""
cookie, userErr, sysErr := tocookie.Parse(secret, cookieToken)
if userErr == nil && sysErr == nil {
user = cookie.AuthData
}
if user != "foobar" {
t.Errorf("Error: Unable to user from cookie. Expected: %v Got: %v", authUser, user)
}
}

r, err := http.NewRequest("GET", "https://localhost:8888", nil)
if err == nil && r != nil {
for i := range cookies {
if cookies[i].Name != "" {
r.AddCookie(&cookies[i])
cookieToken := getCookieToken(r)
getUserFromCookie(cookieToken)
} else {
r.Header.Add("Authorization", bearerToken)
cookieToken := getCookieToken(r)
getUserFromCookie(cookieToken)
}
}
}
}
3 changes: 3 additions & 0 deletions traffic_ops/traffic_ops_golang/tocookie/cookie.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ import (

const GeneratedByStr = "trafficcontrol-go-tocookie"
const Name = "mojolicious"
const MojoCookie = "mojoCookie"
Comment thread
kdamichie marked this conversation as resolved.
const AccessToken = "access_token"
const BearerToken = "Bearer"
const DefaultDuration = time.Hour

type Cookie struct {
Expand Down