Add logging to tokenables (#2303)

* Add logging to tokenables (#2298) * Add logging to token usages * Add settings manipulation of log levels * Maintain no logging for dev * Log exception causing Token failure in TryUnprotect * dotnet format 🤖 * Added deconstruction operator on new debug logs. * Split off log level settings into separate files * Improve log messages * dotnet format 🤖 * Fix token serialization * Final review notes Co-authored-by: Todd Martin <> (cherry picked from commit c8c9b32) * Added missing } * Linting fix. * Add logger to constructor Co-authored-by: Todd Martin <>
bitwarden · Sep 26, 2022 · 3452dfb · 3452dfb
1 parent 30ac014
commit 3452dfb
Show file tree

Hide file tree

Showing 29 changed files with 269 additions and 58 deletions.
diff --git a/bitwarden_license/src/Scim/Program.cs b/bitwarden_license/src/Scim/Program.cs
@@ -1,5 +1,4 @@
 using Bit.Core.Utilities;
-using Serilog.Events;
 
 namespace Bit.Scim
 {
@@ -13,7 +12,7 @@ public static void Main(string[] args)
                 {
                     webBuilder.UseStartup<Startup>();
                     webBuilder.ConfigureLogging((hostingContext, logging) =>
-                        logging.AddSerilog(hostingContext, e =>
+                        logging.AddSerilog(hostingContext, (e, globalSettings) =>
                         {
                             var context = e.Properties["SourceContext"].ToString();
 
@@ -24,7 +23,7 @@ public static void Main(string[] args)
                                 return false;
                             }
 
-                            return e.Level >= LogEventLevel.Warning;
+                            return e.Level >= globalSettings.MinLogLevel.ScimSettings.Default;
                         }));
                 })
                 .Build()

diff --git a/bitwarden_license/src/Sso/Program.cs b/bitwarden_license/src/Sso/Program.cs
@@ -1,6 +1,5 @@
 using Bit.Core.Utilities;
 using Serilog;
-using Serilog.Events;
 
 namespace Bit.Sso
 {
@@ -15,7 +14,7 @@ public static void Main(string[] args)
                 {
                     webBuilder.UseStartup<Startup>();
                     webBuilder.ConfigureLogging((hostingContext, logging) =>
-                    logging.AddSerilog(hostingContext, e =>
+                    logging.AddSerilog(hostingContext, (e, globalSettings) =>
                     {
                         var context = e.Properties["SourceContext"].ToString();
                         if (e.Properties.ContainsKey("RequestPath") &&
@@ -24,7 +23,7 @@ public static void Main(string[] args)
                         {
                             return false;
                         }
-                        return e.Level >= LogEventLevel.Error;
+                        return e.Level >= globalSettings.MinLogLevel.SsoSettings.Default;
                     }));
                 })
                 .Build()

diff --git a/src/Admin/Program.cs b/src/Admin/Program.cs
@@ -1,5 +1,4 @@
 using Bit.Core.Utilities;
-using Serilog.Events;
 
 namespace Bit.Admin
 {
@@ -18,7 +17,7 @@ public static void Main(string[] args)
                     });
                     webBuilder.UseStartup<Startup>();
                     webBuilder.ConfigureLogging((hostingContext, logging) =>
-                    logging.AddSerilog(hostingContext, e =>
+                    logging.AddSerilog(hostingContext, (e, globalSettings) =>
                     {
                         var context = e.Properties["SourceContext"].ToString();
                         if (e.Properties.ContainsKey("RequestPath") &&
@@ -27,7 +26,7 @@ public static void Main(string[] args)
                         {
                             return false;
                         }
-                        return e.Level >= LogEventLevel.Error;
+                        return e.Level >= globalSettings.MinLogLevel.AdminSettings.Default;
                     }));
                 })
                 .Build()

diff --git a/src/Api/Program.cs b/src/Api/Program.cs
@@ -1,7 +1,6 @@
 using AspNetCoreRateLimit;
 using Bit.Core.Utilities;
 using Microsoft.IdentityModel.Tokens;
-using Serilog.Events;
 
 namespace Bit.Api
 {
@@ -16,7 +15,7 @@ public static void Main(string[] args)
                 {
                     webBuilder.UseStartup<Startup>();
                     webBuilder.ConfigureLogging((hostingContext, logging) =>
-                        logging.AddSerilog(hostingContext, e =>
+                        logging.AddSerilog(hostingContext, (e, globalSettings) =>
                         {
                             var context = e.Properties["SourceContext"].ToString();
                             if (e.Exception != null &&
@@ -26,19 +25,18 @@ public static void Main(string[] args)
                                 return false;
                             }
 
-                            if (e.Level == LogEventLevel.Information &&
-                                context.Contains(typeof(IpRateLimitMiddleware).FullName))
+                            if (context.Contains(typeof(IpRateLimitMiddleware).FullName))
                             {
-                                return true;
+                                return e.Level >= globalSettings.MinLogLevel.ApiSettings.IpRateLimit;
                             }
 
                             if (context.Contains("IdentityServer4.Validation.TokenValidator") ||
                                 context.Contains("IdentityServer4.Validation.TokenRequestValidator"))
                             {
-                                return e.Level > LogEventLevel.Error;
+                                return e.Level >= globalSettings.MinLogLevel.ApiSettings.IdentityToken;
                             }
 
-                            return e.Level >= LogEventLevel.Error;
+                            return e.Level >= globalSettings.MinLogLevel.ApiSettings.Default;
                         }));
                 })
                 .Build()

diff --git a/src/Billing/Program.cs b/src/Billing/Program.cs
@@ -1,5 +1,4 @@
 using Bit.Core.Utilities;
-using Serilog.Events;
 
 namespace Bit.Billing
 {
@@ -13,13 +12,12 @@ public static void Main(string[] args)
                 {
                     webBuilder.UseStartup<Startup>();
                     webBuilder.ConfigureLogging((hostingContext, logging) =>
-                        logging.AddSerilog(hostingContext, e =>
+                        logging.AddSerilog(hostingContext, (e, globalSettings) =>
                         {
                             var context = e.Properties["SourceContext"].ToString();
-                            if (e.Level == LogEventLevel.Information &&
-                                (context.StartsWith("\"Bit.Billing.Jobs") || context.StartsWith("\"Bit.Core.Jobs")))
+                            if (context.StartsWith("\"Bit.Billing.Jobs") || context.StartsWith("\"Bit.Core.Jobs"))
                             {
-                                return true;
+                                return e.Level >= globalSettings.MinLogLevel.BillingSettings.Jobs;
                             }
 
                             if (e.Properties.ContainsKey("RequestPath") &&
@@ -29,7 +27,7 @@ public static void Main(string[] args)
                                 return false;
                             }
 
-                            return e.Level >= LogEventLevel.Warning;
+                            return e.Level >= globalSettings.MinLogLevel.BillingSettings.Default;
                         }));
                 })
                 .Build()

diff --git a/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs b/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
@@ -12,6 +12,7 @@
 using Bit.Core.Tokens;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 
 namespace Bit.Core.OrganizationFeatures
 {
@@ -70,7 +71,8 @@ private static void AddTokenizers(this IServiceCollection services)
                 new DataProtectorTokenFactory<OrganizationSponsorshipOfferTokenable>(
                     OrganizationSponsorshipOfferTokenable.ClearTextPrefix,
                     OrganizationSponsorshipOfferTokenable.DataProtectorPurpose,
-                    serviceProvider.GetDataProtectionProvider())
+                    serviceProvider.GetDataProtectionProvider(),
+                    serviceProvider.GetRequiredService<ILogger<DataProtectorTokenFactory<OrganizationSponsorshipOfferTokenable>>>())
             );
         }
     }

diff --git a/src/Core/Settings/GlobalSettings.cs b/src/Core/Settings/GlobalSettings.cs
@@ -1,4 +1,6 @@
-namespace Bit.Core.Settings
+using Bit.Core.Settings.LoggingSettings;
+
+namespace Bit.Core.Settings
 {
     public class GlobalSettings : IGlobalSettings
     {
@@ -58,6 +60,7 @@ public virtual string LicenseDirectory
         public virtual DocumentDbSettings DocumentDb { get; set; } = new DocumentDbSettings();
         public virtual SentrySettings Sentry { get; set; } = new SentrySettings();
         public virtual SyslogSettings Syslog { get; set; } = new SyslogSettings();
+        public virtual ILogLevelSettings MinLogLevel { get; set; } = new LogLevelSettings();
         public virtual NotificationHubSettings NotificationHub { get; set; } = new NotificationHubSettings();
         public virtual YubicoSettings Yubico { get; set; } = new YubicoSettings();
         public virtual DuoSettings Duo { get; set; } = new DuoSettings();

diff --git a/src/Core/Settings/IGlobalSettings.cs b/src/Core/Settings/IGlobalSettings.cs
@@ -15,5 +15,6 @@ public interface IGlobalSettings
         IBaseServiceUriSettings BaseServiceUri { get; set; }
         ITwoFactorAuthSettings TwoFactorAuth { get; set; }
         ISsoSettings Sso { get; set; }
+        ILogLevelSettings MinLogLevel { get; set; }
     }
 }
diff --git a/src/Core/Settings/ILogLevelSettings.cs b/src/Core/Settings/ILogLevelSettings.cs
@@ -0,0 +1,75 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings
+{
+    public interface ILogLevelSettings
+    {
+        IBillingLogLevelSettings BillingSettings { get; set; }
+        IApiLogLevelSettings ApiSettings { get; set; }
+        IIdentityLogLevelSettings IdentitySettings { get; set; }
+        IScimLogLevelSettings ScimSettings { get; set; }
+        ISsoLogLevelSettings SsoSettings { get; set; }
+        IAdminLogLevelSettings AdminSettings { get; set; }
+        IEventsLogLevelSettings EventsSettings { get; set; }
+        IEventsProcessorLogLevelSettings EventsProcessorSettings { get; set; }
+        IIconsLogLevelSettings IconsSettings { get; set; }
+        INotificationsLogLevelSettings NotificationsSettings { get; set; }
+    }
+
+    public interface IBillingLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+        LogEventLevel Jobs { get; set; }
+    }
+
+    public interface IApiLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+        LogEventLevel IdentityToken { get; set; }
+        LogEventLevel IpRateLimit { get; set; }
+    }
+
+    public interface IIdentityLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+        LogEventLevel IdentityToken { get; set; }
+        LogEventLevel IpRateLimit { get; set; }
+    }
+
+    public interface IScimLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+    }
+
+    public interface ISsoLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+    }
+
+    public interface IAdminLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+    }
+
+    public interface IEventsLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+        LogEventLevel IdentityToken { get; set; }
+    }
+
+    public interface IEventsProcessorLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+    }
+
+    public interface IIconsLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+    }
+
+    public interface INotificationsLogLevelSettings
+    {
+        LogEventLevel Default { get; set; }
+        LogEventLevel IdentityToken { get; set; }
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/AdminLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/AdminLogLevelSettings.cs
@@ -0,0 +1,10 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class AdminLogLevelSettings : IAdminLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Error;
+    }
+}
+
diff --git a/src/Core/Settings/LoggingSettings/ApiLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/ApiLogLevelSettings.cs
@@ -0,0 +1,12 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class ApiLogLevelSettings : IApiLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Error;
+        public LogEventLevel IdentityToken { get; set; } = LogEventLevel.Fatal;
+        public LogEventLevel IpRateLimit { get; set; } = LogEventLevel.Information;
+    }
+}
+
diff --git a/src/Core/Settings/LoggingSettings/BillingLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/BillingLogLevelSettings.cs
@@ -0,0 +1,10 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class BillingLogLevelSettings : IBillingLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Warning;
+        public LogEventLevel Jobs { get; set; } = LogEventLevel.Information;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/EventsLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/EventsLogLevelSettings.cs
@@ -0,0 +1,10 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class EventsLogLevelSettings : IEventsLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Error;
+        public LogEventLevel IdentityToken { get; set; } = LogEventLevel.Fatal;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/EventsProcessorLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/EventsProcessorLogLevelSettings.cs
@@ -0,0 +1,9 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class EventsProcessorLogLevelSettings : IEventsProcessorLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Warning;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/IconsLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/IconsLogLevelSettings.cs
@@ -0,0 +1,9 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class IconsLogLevelSettings : IIconsLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Error;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/IdentityLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/IdentityLogLevelSettings.cs
@@ -0,0 +1,11 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class IdentityLogLevelSettings : IIdentityLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Error;
+        public LogEventLevel IdentityToken { get; set; } = LogEventLevel.Fatal;
+        public LogEventLevel IpRateLimit { get; set; } = LogEventLevel.Information;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/LogLevelSettings.cs b/src/Core/Settings/LoggingSettings/LogLevelSettings.cs
@@ -0,0 +1,17 @@
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class LogLevelSettings : ILogLevelSettings
+    {
+        public IBillingLogLevelSettings BillingSettings { get; set; } = new BillingLogLevelSettings();
+        public IApiLogLevelSettings ApiSettings { get; set; } = new ApiLogLevelSettings();
+        public IIdentityLogLevelSettings IdentitySettings { get; set; } = new IdentityLogLevelSettings();
+        public IScimLogLevelSettings ScimSettings { get; set; } = new ScimLogLevelSettings();
+        public ISsoLogLevelSettings SsoSettings { get; set; } = new SsoLogLevelSettings();
+        public IAdminLogLevelSettings AdminSettings { get; set; } = new AdminLogLevelSettings();
+        public IEventsLogLevelSettings EventsSettings { get; set; } = new EventsLogLevelSettings();
+        public IEventsProcessorLogLevelSettings EventsProcessorSettings { get; set; } = new EventsProcessorLogLevelSettings();
+        public IIconsLogLevelSettings IconsSettings { get; set; } = new IconsLogLevelSettings();
+        public INotificationsLogLevelSettings NotificationsSettings { get; set; } = new NotificationsLogLevelSettings();
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/NotificationsLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/NotificationsLogLevelSettings.cs
@@ -0,0 +1,10 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class NotificationsLogLevelSettings : INotificationsLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Warning;
+        public LogEventLevel IdentityToken { get; set; } = LogEventLevel.Fatal;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/ScimLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/ScimLogLevelSettings.cs
@@ -0,0 +1,9 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class ScimLogLevelSettings : IScimLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Warning;
+    }
+}
diff --git a/src/Core/Settings/LoggingSettings/SsoLogLevelSettings.cs b/src/Core/Settings/LoggingSettings/SsoLogLevelSettings.cs
@@ -0,0 +1,9 @@
+using Serilog.Events;
+
+namespace Bit.Core.Settings.LoggingSettings
+{
+    public class SsoLogLevelSettings : ISsoLogLevelSettings
+    {
+        public LogEventLevel Default { get; set; } = LogEventLevel.Error;
+    }
+}