misc

Jusshersmith · Jusshersmith · commit 791404c52e46 · 2019-10-08T11:25:40.000+01:00
diff --git a/internal/auth/authenticator.go b/internal/auth/authenticator.go
@@ -583,13 +583,12 @@ func (p *Authenticator) getOAuthCallback(rw http.ResponseWriter, req *http.Reque
 	if len(errors) != 0 {
 		tags := append(tags, "error:invalid_email")
 		p.StatsdClient.Incr("application_error", tags, 1.0)
-		logger.WithUser(session.Email).Info(
+		logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).Info(
 			fmt.Sprintf("oauth callback: unauthorized: %q", errors))
 		return "", HTTPError{Code: http.StatusForbidden, Message: "Invalid Account"}
 	}
-
 	logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).Info(
-		fmt.Sprintf("oauth callbackr user passed validation"))
+		fmt.Sprintf("oauth callback: user passed validation"))
 
 	logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).Info("authentication complete")
 	err = p.sessionStore.SaveSession(rw, req, session)
diff --git a/internal/proxy/oauthproxy.go b/internal/proxy/oauthproxy.go
@@ -70,8 +70,8 @@ type OAuthProxy struct {
 	publicCertsJSON []byte
 
 	// these are required
-	cookieCipher   aead.Cipher
 	provider       providers.Provider
+	cookieCipher   aead.Cipher
 	upstreamConfig *UpstreamConfig
 	handler        http.Handler
 	csrfStore      sessions.CSRFStore
@@ -575,12 +575,13 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 		p.StatsdClient.Incr("application_error", tags, 1.0)
 		logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).Info(
 			fmt.Sprintf("permission denied: unauthorized: %q", errors))
+		// TODO: As is, the error page given to users provides no extra contract around what failed.
 		p.ErrorPage(rw, req, http.StatusForbidden, "Permission Denied", "Account Validation Error")
 		return
 	}
 
-	logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).Info(
-		fmt.Sprintf("oauth callback: user passed validation"))
+	logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).WithInGroups(session.Groups).Info(
+		fmt.Sprintf("oauth callback: user validated "))
 
 	// We store the session in a cookie and redirect the user back to the application
 	err = p.sessionStore.SaveSession(rw, req, session)
@@ -597,7 +598,6 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 
 	// This is the redirect back to the original requested application
 	http.Redirect(rw, req, stateParameter.RedirectURI, http.StatusFound)
-
 }
 
 // AuthenticateOnly calls the Authenticate handler.
@@ -782,7 +782,7 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) (er
 	}
 
 	logger.WithRemoteAddress(remoteAddr).WithUser(session.Email).Info(
-		fmt.Sprintf("authentication: user passed validation"))
+		fmt.Sprintf("authentication: user validated"))
 
 	for key, val := range p.upstreamConfig.InjectRequestHeaders {
 		req.Header.Set(key, val)
diff --git a/internal/proxy/providers/sso.go b/internal/proxy/providers/sso.go
@@ -177,6 +177,7 @@ func (p *SSOProvider) Redeem(redirectURL, code string) (*sessions.SessionState,
 // an authorized group.
 func (p *SSOProvider) ValidateGroup(email string, allowedGroups []string, accessToken string) ([]string, bool, error) {
 	logger := log.NewLogEntry()
+
 	logger.WithUser(email).WithAllowedGroups(allowedGroups).Info("validating groups")
 	inGroups := []string{}
 	if len(allowedGroups) == 0 {
