Move some errors from tech logs to user logs (#595)
This commit is contained in:
Xavier Guimard
parent
1a811f8e21
commit
3e4554ee45
|
|
@ -73,7 +73,7 @@ sub authenticate {
|
||||||
my $expired_flag =
|
my $expired_flag =
|
||||||
0x800000; # 8 at 6th position for flag UF_PASSWORD_EXPIRED to be set
|
0x800000; # 8 at 6th position for flag UF_PASSWORD_EXPIRED to be set
|
||||||
if ( ( $computed & $mask ) == $expired_flag ) {
|
if ( ( $computed & $mask ) == $expired_flag ) {
|
||||||
$self->logger->warn("[AD] Password has expired");
|
$self->userLogger->warn("[AD] Password has expired");
|
||||||
$res = PE_PP_PASSWORD_EXPIRED;
|
$res = PE_PP_PASSWORD_EXPIRED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -111,7 +111,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Store pgtId and pgtIou
|
# Store pgtId and pgtIou
|
||||||
unless ( $self->cas->storePGT( $pgtIou, $pgtId ) ) {
|
unless ( $self->cas->storePGT( $pgtIou, $pgtId ) ) {
|
||||||
$self->logger->error( "CAS: error " . &AuthCAS::get_errors() );
|
$self->userLogger->error( "CAS: error " . &AuthCAS::get_errors() );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
|
|
@ -144,7 +144,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Ticket found, try to validate it
|
# Ticket found, try to validate it
|
||||||
unless ( $req->{user} = $self->cas->validateST( $local_url, $ticket ) ) {
|
unless ( $req->{user} = $self->cas->validateST( $local_url, $ticket ) ) {
|
||||||
$self->logger->error( "CAS: error " . &AuthCAS::get_errors() );
|
$self->userLogger->error( "CAS: error " . &AuthCAS::get_errors() );
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
||||||
|
|
@ -96,7 +96,7 @@ sub extractFormInfo {
|
||||||
# 1.2 Bad responses
|
# 1.2 Bad responses
|
||||||
if ( my $error_code = $req->param('error_code') ) {
|
if ( my $error_code = $req->param('error_code') ) {
|
||||||
my $error_message = $req->param('error_message');
|
my $error_message = $req->param('error_message');
|
||||||
$self->logger->error("Facebook error code $error_code: $error_message");
|
$self->userLogger->error("Facebook error code $error_code: $error_message");
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -94,7 +94,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Remote error
|
# Remote error
|
||||||
unless ( $csr->is_server_response() ) {
|
unless ( $csr->is_server_response() ) {
|
||||||
$self->logger->info('No OpenID valid message found');
|
$self->userLogger->info('No OpenID valid message found');
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -107,7 +107,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Check if user has refused to share his authentication
|
# Check if user has refused to share his authentication
|
||||||
elsif ( $csr->user_cancel() ) {
|
elsif ( $csr->user_cancel() ) {
|
||||||
$self->logger->info('OpenID request cancelled by user');
|
$self->userLogger->info('OpenID request cancelled by user');
|
||||||
return PE_FIRSTACCESS;
|
return PE_FIRSTACCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -122,7 +122,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Other errors
|
# Other errors
|
||||||
else {
|
else {
|
||||||
$self->logger->warn( 'OpenID error: ' . $csr->err );
|
$self->logger->error( 'OpenID error: ' . $csr->err );
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -139,7 +139,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Check if url is valid
|
# Check if url is valid
|
||||||
unless ($claimed_identity) {
|
unless ($claimed_identity) {
|
||||||
$self->logger->warn( 'OpenID error : ' . $req->{csr}->err() );
|
$self->userLogger->warn( 'OpenID error : ' . $req->{csr}->err() );
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -81,7 +81,7 @@ sub extractFormInfo {
|
||||||
$self->logger->debug("State $state extracted");
|
$self->logger->debug("State $state extracted");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->error("Unable to extract state $state");
|
$self->userLogger->error("Unable to extract state $state");
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -90,7 +90,7 @@ sub extractFormInfo {
|
||||||
my $op = $req->datas->{_oidcOPCurrent};
|
my $op = $req->datas->{_oidcOPCurrent};
|
||||||
|
|
||||||
unless ($op) {
|
unless ($op) {
|
||||||
$self->logger->error("OpenID Provider not found");
|
$self->userLogger->error("OpenID Provider not found");
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -180,7 +180,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Check validity of ID Token
|
# Check validity of ID Token
|
||||||
unless ( $self->checkIDTokenValidity( $op, $id_token_payload_hash ) ) {
|
unless ( $self->checkIDTokenValidity( $op, $id_token_payload_hash ) ) {
|
||||||
$self->logger->error('ID Token not valid');
|
$self->userLogger->error('ID Token not valid');
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
||||||
|
|
@ -152,7 +152,7 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
unless ($result) {
|
unless ($result) {
|
||||||
$self->logger->error("Signature is not valid");
|
$self->userLogger->error("Signature is not valid");
|
||||||
return PE_SAML_SIGNATURE_ERROR;
|
return PE_SAML_SIGNATURE_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -166,7 +166,7 @@ sub extractFormInfo {
|
||||||
# Get SAML response
|
# Get SAML response
|
||||||
my $saml_response = $login->response();
|
my $saml_response = $login->response();
|
||||||
unless ($saml_response) {
|
unless ($saml_response) {
|
||||||
$self->logger->error("No SAML response found");
|
$self->userLogger->error("No SAML response found");
|
||||||
return PE_SAML_SSO_ERROR;
|
return PE_SAML_SSO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -200,7 +200,7 @@ sub extractFormInfo {
|
||||||
my $assertion = $self->getAssertion($login);
|
my $assertion = $self->getAssertion($login);
|
||||||
|
|
||||||
unless ($assertion) {
|
unless ($assertion) {
|
||||||
$self->logger->error("No assertion found");
|
$self->userLogger->error("No assertion found");
|
||||||
return PE_SAML_SSO_ERROR;
|
return PE_SAML_SSO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -219,7 +219,7 @@ sub extractFormInfo {
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$self->logger->error("Conditions not validated");
|
$self->userLogger->error("Conditions not validated");
|
||||||
return PE_SAML_CONDITIONS_ERROR;
|
return PE_SAML_CONDITIONS_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -287,7 +287,7 @@ sub extractFormInfo {
|
||||||
my $user = $nameid->content;
|
my $user = $nameid->content;
|
||||||
|
|
||||||
unless ($user) {
|
unless ($user) {
|
||||||
$self->logger->error("No NameID value found");
|
$self->userLogger->error("No NameID value found");
|
||||||
return PE_SAML_SSO_ERROR;
|
return PE_SAML_SSO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -364,7 +364,7 @@ sub extractFormInfo {
|
||||||
else {
|
else {
|
||||||
|
|
||||||
# This should not happen
|
# This should not happen
|
||||||
$self->logger->error("SSO request or response was not found");
|
$self->userLogger->error("SSO request or response was not found");
|
||||||
|
|
||||||
return PE_SAML_ERROR;
|
return PE_SAML_ERROR;
|
||||||
}
|
}
|
||||||
|
|
@ -395,7 +395,7 @@ sub extractFormInfo {
|
||||||
my $result = $self->processLogoutResponseMsg( $logout, $response );
|
my $result = $self->processLogoutResponseMsg( $logout, $response );
|
||||||
|
|
||||||
unless ($result) {
|
unless ($result) {
|
||||||
$self->logger->error("Fail to process logout response");
|
$self->userLogger->error("Fail to process logout response");
|
||||||
return PE_SAML_SLO_ERROR;
|
return PE_SAML_SLO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -433,7 +433,7 @@ sub extractFormInfo {
|
||||||
$result = $self->processLogoutResponseMsg( $logout, $response );
|
$result = $self->processLogoutResponseMsg( $logout, $response );
|
||||||
|
|
||||||
unless ($result) {
|
unless ($result) {
|
||||||
$self->logger->error("Signature is not valid");
|
$self->userLogger->error("Signature is not valid");
|
||||||
return PE_SAML_SIGNATURE_ERROR;
|
return PE_SAML_SIGNATURE_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -485,7 +485,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Process logout request
|
# Process logout request
|
||||||
unless ( $self->processLogoutRequestMsg( $logout, $request ) ) {
|
unless ( $self->processLogoutRequestMsg( $logout, $request ) ) {
|
||||||
$self->logger->error("Fail to process logout request");
|
$self->userLogger->error("Fail to process logout request");
|
||||||
$logout_error = 1;
|
$logout_error = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -518,7 +518,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
if ($checkSLOMessageSignature) {
|
if ($checkSLOMessageSignature) {
|
||||||
unless ( $self->checkSignatureStatus($logout) ) {
|
unless ( $self->checkSignatureStatus($logout) ) {
|
||||||
$self->logger->error("Signature is not valid");
|
$self->userLogger->error("Signature is not valid");
|
||||||
return PE_SAML_SIGNATURE_ERROR;
|
return PE_SAML_SIGNATURE_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -632,7 +632,7 @@ sub extractFormInfo {
|
||||||
# Validate request if no previous error
|
# Validate request if no previous error
|
||||||
unless ($logout_error) {
|
unless ($logout_error) {
|
||||||
unless ( $self->validateLogoutRequest($logout) ) {
|
unless ( $self->validateLogoutRequest($logout) ) {
|
||||||
$self->logger->error("SLO request is not valid");
|
$self->userLogger->error("SLO request is not valid");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -739,7 +739,7 @@ sub extractFormInfo {
|
||||||
else {
|
else {
|
||||||
|
|
||||||
# This should not happen
|
# This should not happen
|
||||||
$self->logger->error("SLO request or response was not found");
|
$self->userLogger->error("SLO request or response was not found");
|
||||||
|
|
||||||
# Redirect user
|
# Redirect user
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
|
|
@ -895,7 +895,7 @@ sub extractFormInfo {
|
||||||
my $idpConfKey = $self->idpList->{$idp}->{confKey};
|
my $idpConfKey = $self->idpList->{$idp}->{confKey};
|
||||||
|
|
||||||
unless ($idpConfKey) {
|
unless ($idpConfKey) {
|
||||||
$self->logger->error("$idp do not match any IDP in configuration");
|
$self->userLogger->error("$idp do not match any IDP in configuration");
|
||||||
return PE_SAML_UNKNOWN_ENTITY;
|
return PE_SAML_UNKNOWN_ENTITY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -962,7 +962,7 @@ sub extractFormInfo {
|
||||||
);
|
);
|
||||||
|
|
||||||
unless ($login) {
|
unless ($login) {
|
||||||
$self->logger->error(
|
$self->userLogger->error(
|
||||||
"Could not create authentication request on $idpConfKey");
|
"Could not create authentication request on $idpConfKey");
|
||||||
return PE_SAML_SSO_ERROR;
|
return PE_SAML_SSO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
@ -1060,7 +1060,7 @@ sub setAuthSessionInfo {
|
||||||
my $assertion = $self->getAssertion($login);
|
my $assertion = $self->getAssertion($login);
|
||||||
|
|
||||||
unless ($assertion) {
|
unless ($assertion) {
|
||||||
$self->logger->error("No assertion found");
|
$self->userLogger->error("No assertion found");
|
||||||
return PE_SAML_SSO_ERROR;
|
return PE_SAML_SSO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1218,7 +1218,7 @@ sub authLogout {
|
||||||
my $session_dump = $req->{sessionInfo}->{_lassoSessionDump};
|
my $session_dump = $req->{sessionInfo}->{_lassoSessionDump};
|
||||||
|
|
||||||
unless ($session_dump) {
|
unless ($session_dump) {
|
||||||
$self->logger->error("Could not get session dump from session");
|
$self->userLogger->error("Could not get session dump from session");
|
||||||
return PE_SAML_SLO_ERROR;
|
return PE_SAML_SLO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1338,14 +1338,14 @@ sub authLogout {
|
||||||
unless ( $self->replayProtection($samlID) ) {
|
unless ( $self->replayProtection($samlID) ) {
|
||||||
|
|
||||||
# Logout request was already consumed or is expired
|
# Logout request was already consumed or is expired
|
||||||
$self->logger->error("Message $samlID already used or expired");
|
$self->userLogger->error("Message $samlID already used or expired");
|
||||||
return PE_SAML_SLO_ERROR;
|
return PE_SAML_SLO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->error("Lasso method $method not implemented here");
|
$self->userLogger->error("Lasso method $method not implemented here");
|
||||||
return PE_SAML_SLO_ERROR;
|
return PE_SAML_SLO_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user