Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added DISABLE_SSO_TRACE flag to control logging to sso trace #3443

Merged
merged 8 commits into from
Dec 18, 2024
5 changes: 4 additions & 1 deletion .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -115,4 +115,7 @@ ENTERPRISE_ORY_PROJECT_ID=
#OPENID_REQUEST_PROFILE_SCOPE=false

# Uncomment below if you wish to forward the OpenID params (https://openid.net/specs/openid-connect-core-1_0-errata2.html#AuthRequest) to the OpenID IdP
#OPENID_REQUEST_FORWARD_PARAMS=true
#OPENID_REQUEST_FORWARD_PARAMS=true

# disable logging into sso trace
# DISABLE_SSO_TRACE=true
2 changes: 2 additions & 0 deletions lib/env.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ const hostUrl = process.env.HOST_URL || 'localhost';
const hostPort = Number(process.env.PORT || '5225');
const externalUrl = process.env.EXTERNAL_URL || 'http://' + hostUrl + ':' + hostPort;
const apiKeys = (process.env.JACKSON_API_KEYS || '').split(',');
const disableSSOTrace = process.env.DISABLE_SSO_TRACE === 'true';

let ssl;
if (process.env.DB_SSL === 'true') {
Expand Down Expand Up @@ -117,6 +118,7 @@ const jacksonOptions: JacksonOption = {
projectId: process.env.ENTERPRISE_ORY_PROJECT_ID,
sdkToken: process.env.ENTERPRISE_ORY_SDK_TOKEN,
},
disableSSOTrace,
};

const adminPortalSSODefaults = {
Expand Down
5 changes: 3 additions & 2 deletions npm/src/controller/oauth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -708,7 +708,6 @@ export class OAuthController implements IOAuthController {
if (session && session.id) {
validateOpts['inResponseTo'] = session.id;
}

redirect_uri = ((session && session.redirect_uri) as string) || connection.defaultRedirectUrl;
} catch (err: unknown) {
// Save the error trace
Expand All @@ -731,6 +730,7 @@ export class OAuthController implements IOAuthController {
relayState: RelayState,
},
});

throw err; // Rethrow the error
}
let profile: SAMLProfile | undefined;
Expand Down Expand Up @@ -866,6 +866,7 @@ export class OAuthController implements IOAuthController {
oidcIdPRequest: session?.requested?.oidcIdPRequest,
},
});

// Rethrow err and redirect to Jackson error page
throw err;
}
Expand Down Expand Up @@ -929,7 +930,6 @@ export class OAuthController implements IOAuthController {
}

await this.sessionStore.delete(RelayState);

return { redirect_url: redirect.success(redirect_uri!, params) };
} catch (err: any) {
const { error, error_description, error_uri, session_state, scope, stack } = err;
Expand Down Expand Up @@ -959,6 +959,7 @@ export class OAuthController implements IOAuthController {
oidcTokenSet: { id_token: tokens?.id_token, access_token: tokens?.access_token },
},
});

if (isSAMLFederated) {
throw err;
}
Expand Down
2 changes: 1 addition & 1 deletion npm/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ export const controllers = async (
const productStore = db.store('product:config');
const tracesStore = db.store('saml:tracer', tracesTTL);

const ssoTraces = new SSOTraces({ tracesStore });
const ssoTraces = new SSOTraces({ tracesStore, opts });
const eventController = new EventController({ opts });
const productController = new ProductController({ productStore, opts });

Expand Down
10 changes: 8 additions & 2 deletions npm/src/sso-traces/index.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { GetByProductParams, Records, Storable } from '../typings';
import { GetByProductParams, Records, Storable, JacksonOption } from '../typings';
import { generateMnemonic } from '@boxyhq/error-code-mnemonic';
import { IndexNames } from '../controller/utils';
import { keyFromParts } from '../db/utils';
Expand Down Expand Up @@ -56,9 +56,11 @@ const INTERVAL_1_DAY_MS = 24 * 60 * 60 * 1000;
*/
class SSOTraces {
tracesStore: Storable;
opts: JacksonOption;

constructor({ tracesStore }) {
constructor({ tracesStore, opts }) {
this.tracesStore = tracesStore;
this.opts = opts;
// Clean up stale traces at the start
this.cleanUpStaleTraces();
// Set timer to run every day
Expand All @@ -68,6 +70,10 @@ class SSOTraces {
}

public async saveTrace(payload: SSOTrace) {
if (this.opts.disableSSOTrace) {
return '';
}
deepakprabhakara marked this conversation as resolved.
Show resolved Hide resolved

try {
const { context } = payload;
// Friendly trace id
Expand Down
1 change: 1 addition & 0 deletions npm/src/typings.ts
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,7 @@ export interface JacksonOption {
projectId: string | undefined;
sdkToken: string | undefined;
};
disableSSOTrace?: boolean;
}

export interface SLORequestParams {
Expand Down
3 changes: 2 additions & 1 deletion npm/test/sso-traces/tracer.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@ const INTERVAL_1_WEEK_MS = 7 * 24 * 60 * 60 * 1000;

tap.before(async () => {
const { db: dbOptions } = jacksonOptions;
const opts = jacksonOptions;
const db = await DB.new(dbOptions);
const tracesStore = db.store('saml:tracer');
ssoTraces = new SSOTraces({ tracesStore });
ssoTraces = new SSOTraces({ tracesStore, opts });
});

tap.test('SSOTraces', async () => {
Expand Down
Loading