Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BCDA-7416: Remove duplicate logging #148

Merged
merged 13 commits into from
Dec 4, 2023
1 change: 1 addition & 0 deletions ssas/logger.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ func OperationCalled(data Event) {
// OperationFailed should be called after an event's failure, and should always be preceded by
// a call to OperationStarted
func OperationFailed(data Event) {
// *TODO: refactor. Remove OperationFailed to prevent duplicate logging. Address areas affected by removal.
mergeNonEmpty(data).WithField("Event", "OperationFailed").Print(data.Help)
}

Expand Down
1 change: 1 addition & 0 deletions ssas/service/api_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ func WriteHTTPSError(w http.ResponseWriter, e ssas.ErrorResponse, errorStatus in

// Follow RFC 7591 format for input errors
func JSONError(w http.ResponseWriter, errorStatus int, statusText string, statusDescription string) {
// *TODO: address duplicate logging. Remove logging from JSONError but make sure areas that rely on it for logging, still have logging after removal.
e := ssas.ErrorResponse{Error: statusText, ErrorDescription: statusDescription}

WriteHTTPSError(w, e, errorStatus)
Expand Down
11 changes: 2 additions & 9 deletions ssas/service/main/main.go
Original file line number Diff line number Diff line change
@@ -1,29 +1,22 @@
/*
Package main System-to-System Authentication Service

The System-to-System Authentication Service (SSAS) enables one software system to authenticate and authorize another software system. In this model, the Systems act automatically, independent of a human user identity. Human users are involved only to administer the Service, including establishing the identities and privileges of participating systems.

For more details see our repository readme and Postman tests:
- https://github.com/CMSgov/bcda-ssas-app
- https://github.com/CMSgov/bcda-ssas-app/tree/master/test/postman_test

If you have a Client ID and Secret you can use this page to explore the API. To do this, click the green "Authorize" button below and enter your Client ID and secret in the Basic Authentication username and password boxes.

Until you click logout your token will be presented with every request made. To make requests click on the "Try it out" button for the desired endpoint.

Version: 1.0.0
License: Public Domain https://github.com/CMSgov/bcda-ssas-app/blob/master/LICENSE.md
Contact: [email protected]

Produces:
- application/json

SecurityDefinitions:
basic_auth:
type: basic

swagger:meta
*/

package main

import (
Expand Down Expand Up @@ -316,7 +309,7 @@ func newAdminSystem(name string) {
func listIPs() {
ips, err := ssas.GetAllIPs()
if err != nil {
panic("unable to get registered IPs")
ssas.Logger.Fatalf("unable to get registered IPs: %s", err)
}
listOfIps := strings.Join(ips, "\n")
fmt.Fprintln(output, listOfIps)
Expand Down
20 changes: 6 additions & 14 deletions ssas/service/public/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ func token(w http.ResponseWriter, r *http.Request) {
service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), "invalid client id")
return
}
err = ValidateSecret(system, secret, w, r)
err = ValidateSecret(system, secret, r)
if err != nil {
ssas.Logger.Error("The client id and secret cannot be validated: ", err.Error())
karinamzalez marked this conversation as resolved.
Show resolved Hide resolved
return
Expand Down Expand Up @@ -292,24 +292,16 @@ func token(w http.ResponseWriter, r *http.Request) {
render.JSON(w, r, m)
}

func ValidateSecret(system ssas.System, secret string, w http.ResponseWriter, r *http.Request) (err error) {
func ValidateSecret(system ssas.System, secret string, r *http.Request) (err error) {
karinamzalez marked this conversation as resolved.
Show resolved Hide resolved
savedSecret, err := system.GetSecret(r.Context())
if err != nil {
ssas.Logger.Errorf("Error getting secret: %s", err.Error())
service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), "Error getting secret")
return err
} else if !ssas.Hash(savedSecret.Hash).IsHashOf(secret) {
ssas.Logger.Errorf("The incoming client secret is invalid")
service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), constants.InvalidClientSecret)
return errors.New(constants.InvalidClientSecret)
if !ssas.Hash(savedSecret.Hash).IsHashOf(secret) {
err = errors.New(constants.InvalidClientSecret)
}

if savedSecret.IsExpired() {
ssas.Logger.Error("Credentials were expired")
service.JSONError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), "credentials expired")
return errors.New("The saved client secret is expired")
err = errors.New("The saved client credendials are expired")
}
return nil
return err
}

func tokenV2(w http.ResponseWriter, r *http.Request) {
Expand Down
5 changes: 4 additions & 1 deletion ssas/service/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ type Server struct {
func ChooseSigningKey(signingKeyPath, signingKey string) (*rsa.PrivateKey, error) {
var key *rsa.PrivateKey = nil
var error error = nil

// *TODO: To prevent duplicate logging, remove error handling out of this function. Return error and log error outside of function.
if signingKey == "" && signingKeyPath != "" {
sk, err := GetPrivateKey(signingKeyPath)
if err != nil {
Expand Down Expand Up @@ -84,6 +84,7 @@ func ChooseSigningKey(signingKeyPath, signingKey string) (*rsa.PrivateKey, error

// NewServer correctly initializes an instance of the Server type.
func NewServer(name, port, version string, info interface{}, routes *chi.Mux, notSecure bool, useMTLS bool, signingKey *rsa.PrivateKey, ttl time.Duration, clientAssertAud string) *Server {

if signingKey == nil {
ssas.Logger.Error("Private Key is nil")
return nil
Expand Down Expand Up @@ -160,6 +161,7 @@ func (s *Server) LogRoutes() {
routes, err := s.ListRoutes()
if err != nil {
karinamzalez marked this conversation as resolved.
Show resolved Hide resolved
ssas.Logger.Infof("%s routing error: %v", banner, err)
return
}
ssas.Logger.Infof("%s %v", banner, routes)
}
Expand Down Expand Up @@ -281,6 +283,7 @@ func doHealthCheck(ctx context.Context) bool {
}

if err = db.Ping(); err != nil {
// (?) don't know if it actually gets to this error
ssas.Logger.Error("health check: database ping error: ", err.Error())
karinamzalez marked this conversation as resolved.
Show resolved Hide resolved
return false
}
Expand Down
Loading