Skip to content

Commit

Permalink
Merge pull request #50 from sahandilshan/master
Browse files Browse the repository at this point in the history 
Add diagnostic logs to the Google authenticator
  • Loading branch information
@sahandilshan
sahandilshan authored Aug 17, 2023
2 parents 43917d5 + 0e4c561 commit 39138be
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 15 deletions.
15 changes: 11 additions & 4 deletions components/org.wso2.carbon.identity.application.authenticator.google/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,6 @@
<packaging>bundle</packaging>

<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
Expand All @@ -44,6 +40,10 @@
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.outbound.auth.oidc</groupId>
<artifactId>org.wso2.carbon.identity.application.authenticator.oidc</artifactId>
Expand All @@ -52,6 +52,10 @@
<groupId>org.wso2.orbit.com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
Expand Down Expand Up @@ -81,8 +85,11 @@
org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}",
org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",

org.wso2.carbon.utils.*; version="${carbon.kernel.package.import.version.range}",
org.wso2.carbon.identity.application.authentication.framework.*;
version="${carbon.identity.framework.package.import.version.range}",
org.wso2.carbon.identity.central.log.mgt.utils;
version="${carbon.identity.framework.package.import.version.range}",
org.wso2.carbon.identity.application.common.model;
version="${carbon.identity.framework.package.import.version.range}",
org.wso2.carbon.identity.application.authenticator.oidc;
Expand Down
8 changes: 8 additions & 0 deletions .../carbon/identity/application/authenticator/google/GoogleOAuth2AuthenticationConstant.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,5 +40,13 @@ private GoogleOAuth2AuthenticationConstant() {

// Google One Tap checkbox description in carbon console.
public static final String GOOGLE_ONE_TAP_DESCRIPTION = "Enable Google One Tap as a sign in option.";

/**
* Constants related to log management.
*/
public static class LogConstants {

public static final String OUTBOUND_AUTH_GOOGLE_SERVICE = "outbound-auth-google";
}
}

19 changes: 19 additions & 0 deletions .../org/wso2/carbon/identity/application/authenticator/google/GoogleOAuth2Authenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,17 @@
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.utils.DiagnosticLog;

import java.io.IOException;
import java.util.ArrayList;
Expand All @@ -48,6 +51,8 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

import static org.wso2.carbon.identity.application.authenticator.google.GoogleOAuth2AuthenticationConstant.LogConstants.OUTBOUND_AUTH_GOOGLE_SERVICE;

public class GoogleOAuth2Authenticator extends OpenIDConnectAuthenticator {

private static final long serialVersionUID = -4154255583070524018L;
Expand Down Expand Up @@ -79,6 +84,14 @@ public boolean canHandle(HttpServletRequest request) {

// Google one tap flow does not require any special parameter validation at this level.
if (isOneTapEnabled(request)) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
getComponentId(), FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_STEP);
diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS)
.logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM)
.resultMessage("Handling the Google one tap authentication flow.");
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
return true;
}
return super.canHandle(request);
Expand Down Expand Up @@ -493,6 +506,12 @@ protected Map<ClaimMapping, String> getSubjectAttributes(OAuthClientResponse tok
return claims;
}

@Override
protected String getComponentId() {

return OUTBOUND_AUTH_GOOGLE_SERVICE;
}

/**
* This function validates the CSRF double-sided cookie returned from Google One Tap respond.
* The request is considered as non-attacked request if the CSRF cookie and the parameter is equal.
Expand Down
28 changes: 17 additions & 11 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,16 +56,16 @@
<artifactId>json</artifactId>
<version>${json.wso2.version}</version>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>${json-smart.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.outbound.auth.oidc</groupId>
<artifactId>org.wso2.carbon.identity.application.authenticator.oidc</artifactId>
<version>${carbon.identity.authenticator.oidc.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
<version>${carbon.kernel.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
Expand All @@ -76,6 +76,11 @@
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
Expand Down Expand Up @@ -181,17 +186,17 @@

<properties>
<!-- Carbon kernel version -->
<carbon.kernel.version>4.4.7</carbon.kernel.version>
<carbon.kernel.package.import.version.range>[4.4.0, 5.0.0)</carbon.kernel.package.import.version.range>
<carbon.kernel.version>4.9.10</carbon.kernel.version>
<carbon.kernel.package.import.version.range>[4.9.10, 5.0.0)</carbon.kernel.package.import.version.range>
<osgi.framework.imp.pkg.version.range>[1.7.0, 2.0.0)</osgi.framework.imp.pkg.version.range>
<osgi.service.component.imp.pkg.version.range>[1.2.0, 2.0.0)</osgi.service.component.imp.pkg.version.range>

<!-- Identity Outbound auth Google version -->
<identity.outbound.auth.google.exp.version>${project.version}</identity.outbound.auth.google.exp.version>
<carbon.identity.authenticator.oidc.imp.pkg.version.range>[5.0.0, 6.0.0)</carbon.identity.authenticator.oidc.imp.pkg.version.range>
<carbon.identity.authenticator.oidc.imp.pkg.version.range>[5.11.18, 6.0.0)</carbon.identity.authenticator.oidc.imp.pkg.version.range>
<!--Carbon Identity Framework Version-->
<carbon.identity.framework.version>5.25.4</carbon.identity.framework.version>
<carbon.identity.framework.package.import.version.range>[5.14.67, 7.0.0)</carbon.identity.framework.package.import.version.range>
<carbon.identity.framework.version>5.25.260</carbon.identity.framework.version>
<carbon.identity.framework.package.import.version.range>[5.25.260, 7.0.0)</carbon.identity.framework.package.import.version.range>

<!-- Servlet API -->
<imp.pkg.version.javax.servlet>[2.6.0, 3.0.0)</imp.pkg.version.javax.servlet>
Expand All @@ -206,7 +211,8 @@
<oltu.version>1.0.0.wso2v3</oltu.version>
<oltu.package.import.version.range>[1.0.0, 2.0.0)</oltu.package.import.version.range>
<json.wso2.version>3.0.0.wso2v1</json.wso2.version>
<carbon.identity.authenticator.oidc.version>5.10.1</carbon.identity.authenticator.oidc.version>
<json-smart.version>2.4.7</json-smart.version>
<carbon.identity.authenticator.oidc.version>5.11.18</carbon.identity.authenticator.oidc.version>
<net.minidev.json.imp.pkg.version.range>[2.3.0, 3.0.0)</net.minidev.json.imp.pkg.version.range>
<nimbusds.version>7.3.0.wso2v1</nimbusds.version>
<!--Maven Plugin Version-->
Expand Down

0 comments on commit 39138be

Please sign in to comment.