Add logs sanitization (#61)

Add logs sanitization
linuxchata · Nov 11, 2024 · e351fec · e351fec
1 parent bb3779d
commit e351fec
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 15 deletions.
diff --git a/src/Shark.AuthorizationServer.Core/Validators/AuthorizeValidator.cs b/src/Shark.AuthorizationServer.Core/Validators/AuthorizeValidator.cs
@@ -1,5 +1,6 @@
 using Microsoft.Extensions.Logging;
 using Shark.AuthorizationServer.Common.Constants;
+using Shark.AuthorizationServer.Common.Extensions;
 using Shark.AuthorizationServer.Core.Abstractions.Validators;
 using Shark.AuthorizationServer.Core.Constants;
 using Shark.AuthorizationServer.Core.Requests;
@@ -24,20 +25,24 @@ public sealed class AuthorizeValidator(ILogger<AuthorizeValidator> logger) : IAu
         // Validate response type
         if (!ResponseType.Supported.Contains(request.ResponseType))
         {
-            _logger.LogWarning("Unsupported response type [{ResponseType}] by server", request.ResponseType);
+            _logger.LogWarning(
+                "Unsupported response type [{ResponseType}] by server",
+                request.ResponseType.Sanitize());
             return new AuthorizeInternalBadRequestResponse(Error.UnsupportedResponseType);
         }
 
         if (!client.ResponseTypes.ToHashSet().Contains(request.ResponseType))
         {
-            _logger.LogWarning("Unsupported response type [{ResponseType}] by client", request.ResponseType);
+            _logger.LogWarning(
+                "Unsupported response type [{ResponseType}] by client",
+                request.ResponseType.Sanitize());
             return new AuthorizeInternalBadRequestResponse(Error.UnauthorizedClient);
         }
 
         // Validate redirect URI
         if (!client.RedirectUris.Contains(request.RedirectUri))
         {
-            _logger.LogWarning("Mismatched redirect URL [{RedirectUri}] for client", request.RedirectUri);
+            _logger.LogWarning("Mismatched redirect URL [{RedirectUri}] for client", request.RedirectUri.Sanitize());
             return new AuthorizeInternalBadRequestResponse(Error.InvalidClient);
         }
 
@@ -48,7 +53,7 @@ public sealed class AuthorizeValidator(ILogger<AuthorizeValidator> logger) : IAu
         {
             if (!allowedClientScopes.Contains(scope))
             {
-                _logger.LogWarning("Mismatched scope [{Scope}] for client", scope);
+                _logger.LogWarning("Mismatched scope [{Scope}] for client", scope.Sanitize());
                 return new AuthorizeInternalBadRequestResponse(Error.InvalidScope);
             }
         }
@@ -59,7 +64,7 @@ public sealed class AuthorizeValidator(ILogger<AuthorizeValidator> logger) : IAu
         {
             _logger.LogWarning(
                 "Unsupported code challenge method [{CodeChallengeMethod}] by server",
-                request.CodeChallengeMethod);
+                request.CodeChallengeMethod.Sanitize());
             return new AuthorizeInternalBadRequestResponse(Error.InvalidRequest);
         }
 

diff --git a/src/Shark.AuthorizationServer.Core/Validators/TokenValidator.cs b/src/Shark.AuthorizationServer.Core/Validators/TokenValidator.cs
@@ -35,13 +35,13 @@ public sealed class TokenValidator(
         if (string.IsNullOrWhiteSpace(request.GrantType) ||
             !GrantType.Allowed.Contains(request.GrantType))
         {
-            _logger.LogWarning("Unsupported grant type [{GrantType}] by server", request.GrantType);
+            _logger.LogWarning("Unsupported grant type [{GrantType}] by server", request.GrantType.Sanitize());
             return new TokenInternalBadRequestResponse(Error.UnsupportedGrantType);
         }
 
         if (!client.GrantTypes.ToHashSet().Contains(request.GrantType))
         {
-            _logger.LogWarning("Invalid grant [{GrantType}] for client", request.GrantType);
+            _logger.LogWarning("Invalid grant [{GrantType}] for client", request.GrantType.Sanitize());
             return new TokenInternalBadRequestResponse(Error.UnauthorizedClient);
         }
 
@@ -77,7 +77,7 @@ public sealed class TokenValidator(
         {
             if (!allowedClientScopes.Contains(scope))
             {
-                _logger.LogWarning("Mismatched scope [{Scope}]", scope);
+                _logger.LogWarning("Mismatched scope [{Scope}]", scope.Sanitize());
                 return new TokenInternalBadRequestResponse(Error.InvalidScope);
             }
         }
@@ -101,14 +101,14 @@ public sealed class TokenValidator(
         // Validate grant's client
         if (!persistedGrant.ClientId.EqualsTo(request.ClientId))
         {
-            _logger.LogWarning("Mismatched client identifier [{ClientId}]", request.ClientId);
+            _logger.LogWarning("Mismatched client identifier [{ClientId}]", request.ClientId.Sanitize());
             return new TokenInternalBadRequestResponse(Error.InvalidGrant);
         }
 
         // Validate grant's redirect URI
         if (!persistedGrant.RedirectUri.EqualsTo(request.RedirectUri))
         {
-            _logger.LogWarning("Mismatched redirect URI [{RedirectUri}]", request.RedirectUri);
+            _logger.LogWarning("Mismatched redirect URI [{RedirectUri}]", request.RedirectUri.Sanitize());
             return new TokenInternalBadRequestResponse(Error.InvalidGrant);
         }
 
@@ -118,7 +118,7 @@ public sealed class TokenValidator(
         {
             if (!allowedScopes.Contains(scope))
             {
-                _logger.LogWarning("Mismatched scope [{Scope}]", scope);
+                _logger.LogWarning("Mismatched scope [{Scope}]", scope.Sanitize());
                 return new TokenInternalBadRequestResponse(Error.InvalidGrant);
             }
         }
@@ -182,14 +182,14 @@ public sealed class TokenValidator(
         // Validate grant's client
         if (!persistedGrant.ClientId.EqualsTo(request.ClientId))
         {
-            _logger.LogWarning("Mismatched client identifier [{ClientId}]", request.ClientId);
+            _logger.LogWarning("Mismatched client identifier [{ClientId}]", request.ClientId.Sanitize());
             return new TokenInternalBadRequestResponse(Error.InvalidGrant);
         }
 
         // Validate grant's redirect URI
         if (!persistedGrant.RedirectUri.EqualsTo(request.RedirectUri))
         {
-            _logger.LogWarning("Mismatched redirect URI [{RedirectUri}]", request.RedirectUri);
+            _logger.LogWarning("Mismatched redirect URI [{RedirectUri}]", request.RedirectUri.Sanitize());
             return new TokenInternalBadRequestResponse(Error.InvalidGrant);
         }
 
@@ -219,7 +219,7 @@ public sealed class TokenValidator(
         // Validate grant's client
         if (!devicePersistedGrant.ClientId.EqualsTo(request.ClientId))
         {
-            _logger.LogWarning("Mismatched client identifier [{ClientId}]", request.ClientId);
+            _logger.LogWarning("Mismatched client identifier [{ClientId}]", request.ClientId.Sanitize());
             return new TokenInternalBadRequestResponse(Error.InvalidGrant);
         }
 
@@ -229,7 +229,7 @@ public sealed class TokenValidator(
         {
             if (!allowedScopes.Contains(scope))
             {
-                _logger.LogWarning("Mismatched scope [{Scope}]", scope);
+                _logger.LogWarning("Mismatched scope [{Scope}]", scope.Sanitize());
                 return new TokenInternalBadRequestResponse(Error.InvalidGrant);
             }
         }