Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add diagnostic logs to the Google authenticator #50

Merged
merged 2 commits into from
Aug 17, 2023
Merged

Add diagnostic logs to the Google authenticator #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
aed2a9c
Add diagnostic logs to the Google authenticator
sahandilshan Aug 17, 2023
0e4c561
Add import packages
sahandilshan Aug 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions components/org.wso2.carbon.identity.application.authenticator.google/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,6 @@
<packaging>bundle</packaging>

<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
Expand All @@ -44,6 +40,10 @@
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.outbound.auth.oidc</groupId>
<artifactId>org.wso2.carbon.identity.application.authenticator.oidc</artifactId>
Expand All @@ -52,6 +52,10 @@
<groupId>org.wso2.orbit.com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
Expand Down Expand Up @@ -81,8 +85,11 @@
org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}",
org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",

org.wso2.carbon.utils.*; version="${carbon.kernel.package.import.version.range}",
org.wso2.carbon.identity.application.authentication.framework.*;
version="${carbon.identity.framework.package.import.version.range}",
org.wso2.carbon.identity.central.log.mgt.utils;
version="${carbon.identity.framework.package.import.version.range}",
org.wso2.carbon.identity.application.common.model;
version="${carbon.identity.framework.package.import.version.range}",
org.wso2.carbon.identity.application.authenticator.oidc;
Expand Down
8 changes: 8 additions & 0 deletions .../carbon/identity/application/authenticator/google/GoogleOAuth2AuthenticationConstant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,5 +40,13 @@ private GoogleOAuth2AuthenticationConstant() {

// Google One Tap checkbox description in carbon console.
public static final String GOOGLE_ONE_TAP_DESCRIPTION = "Enable Google One Tap as a sign in option.";

/**
* Constants related to log management.
*/
public static class LogConstants {

public static final String OUTBOUND_AUTH_GOOGLE_SERVICE = "outbound-auth-google";
}
}

19 changes: 19 additions & 0 deletions .../org/wso2/carbon/identity/application/authenticator/google/GoogleOAuth2Authenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,17 @@
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.utils.DiagnosticLog;

import java.io.IOException;
import java.util.ArrayList;
Expand All @@ -48,6 +51,8 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

import static org.wso2.carbon.identity.application.authenticator.google.GoogleOAuth2AuthenticationConstant.LogConstants.OUTBOUND_AUTH_GOOGLE_SERVICE;

public class GoogleOAuth2Authenticator extends OpenIDConnectAuthenticator {

private static final long serialVersionUID = -4154255583070524018L;
Expand Down Expand Up @@ -79,6 +84,14 @@ public boolean canHandle(HttpServletRequest request) {

// Google one tap flow does not require any special parameter validation at this level.
if (isOneTapEnabled(request)) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
getComponentId(), FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_STEP);
diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS)
.logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM)
.resultMessage("Handling the Google one tap authentication flow.");
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
return true;
}
return super.canHandle(request);
Expand Down Expand Up @@ -493,6 +506,12 @@ protected Map<ClaimMapping, String> getSubjectAttributes(OAuthClientResponse tok
return claims;
}

@Override
protected String getComponentId() {

return OUTBOUND_AUTH_GOOGLE_SERVICE;
}

/**
* This function validates the CSRF double-sided cookie returned from Google One Tap respond.
* The request is considered as non-attacked request if the CSRF cookie and the parameter is equal.
Expand Down
28 changes: 17 additions & 11 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,16 +56,16 @@
<artifactId>json</artifactId>
<version>${json.wso2.version}</version>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>${json-smart.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.outbound.auth.oidc</groupId>
<artifactId>org.wso2.carbon.identity.application.authenticator.oidc</artifactId>
<version>${carbon.identity.authenticator.oidc.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
<version>${carbon.kernel.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
Expand All @@ -76,6 +76,11 @@
<artifactId>org.wso2.carbon.identity.application.common</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
<version>${carbon.identity.framework.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
Expand Down Expand Up @@ -181,17 +186,17 @@

<properties>
<!-- Carbon kernel version -->
<carbon.kernel.version>4.4.7</carbon.kernel.version>
<carbon.kernel.package.import.version.range>[4.4.0, 5.0.0)</carbon.kernel.package.import.version.range>
<carbon.kernel.version>4.9.10</carbon.kernel.version>
<carbon.kernel.package.import.version.range>[4.9.10, 5.0.0)</carbon.kernel.package.import.version.range>
<osgi.framework.imp.pkg.version.range>[1.7.0, 2.0.0)</osgi.framework.imp.pkg.version.range>
<osgi.service.component.imp.pkg.version.range>[1.2.0, 2.0.0)</osgi.service.component.imp.pkg.version.range>

<!-- Identity Outbound auth Google version -->
<identity.outbound.auth.google.exp.version>${project.version}</identity.outbound.auth.google.exp.version>
<carbon.identity.authenticator.oidc.imp.pkg.version.range>[5.0.0, 6.0.0)</carbon.identity.authenticator.oidc.imp.pkg.version.range>
<carbon.identity.authenticator.oidc.imp.pkg.version.range>[5.11.18, 6.0.0)</carbon.identity.authenticator.oidc.imp.pkg.version.range>
<!--Carbon Identity Framework Version-->
<carbon.identity.framework.version>5.25.4</carbon.identity.framework.version>
<carbon.identity.framework.package.import.version.range>[5.14.67, 7.0.0)</carbon.identity.framework.package.import.version.range>
<carbon.identity.framework.version>5.25.260</carbon.identity.framework.version>
<carbon.identity.framework.package.import.version.range>[5.25.260, 7.0.0)</carbon.identity.framework.package.import.version.range>

<!-- Servlet API -->
<imp.pkg.version.javax.servlet>[2.6.0, 3.0.0)</imp.pkg.version.javax.servlet>
Expand All @@ -206,7 +211,8 @@
<oltu.version>1.0.0.wso2v3</oltu.version>
<oltu.package.import.version.range>[1.0.0, 2.0.0)</oltu.package.import.version.range>
<json.wso2.version>3.0.0.wso2v1</json.wso2.version>
<carbon.identity.authenticator.oidc.version>5.10.1</carbon.identity.authenticator.oidc.version>
<json-smart.version>2.4.7</json-smart.version>
<carbon.identity.authenticator.oidc.version>5.11.18</carbon.identity.authenticator.oidc.version>
<net.minidev.json.imp.pkg.version.range>[2.3.0, 3.0.0)</net.minidev.json.imp.pkg.version.range>
<nimbusds.version>7.3.0.wso2v1</nimbusds.version>
<!--Maven Plugin Version-->
Expand Down
Loading