Add logging to consent_provider

07d8e4d5 · Mark · a7a48360 · 07d8e4d5 · 07d8e4d5
Verified Commit 07d8e4d5 authored 5 years ago by Mark
--- a/consent_provider/app.py
+++ b/consent_provider/app.py
@@ -3,10 +3,13 @@ from flask.views import View
 from os import urandom, environ
 from hydra_client import HydraAdmin
 from db import User, BackendConnectionError
+import logging

 HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
+HYDRA = HydraAdmin(HYDRA_ADMIN_URL)

 app = Flask(__name__)
+app.logger.setLevel(logging.INFO)

 @app.route('/consent', methods=['GET'])
 def home():
@@ -24,30 +27,37 @@ def home():
    Returns:
        Redirect to the url that is provided by the consent challenge object.
    """
-    hydra = HydraAdmin(HYDRA_ADMIN_URL)
    challenge = request.args.get("consent_challenge")
    if not challenge:
        abort(403)
-    consent_request = hydra.consent_request(challenge)
+    try:
+        consent_request = HYDRA.consent_request(challenge)
+    except hydra_client.exceptions.NotFound:
+        app.logger.error("Not Found. Login request not found. challenge={0}".format(challenge))
+        abort(404)
+    except hydra_client.exceptions.HTTPError:
+        app.logger.error("Conflict. Login request has been used already. challenge={0}".format(challenge))
+        abort(503)
    app_name = consent_request.client.client_name
    username = consent_request.subject
    try:
        user = User(username)
    except BackendConnectionError as error:
-        # TODO: replace with propper logging via logger
-        print("Retrieving user object from GraphQL server failed")
-        print(error)
+        app.logger.error(
+            "Retrieving user object from GraphQL server failed {0}".format(error))
        return redirect(consent_request.reject(
            "Permission denied",
            error_description="Login request was denied due to an internal server error"))
    access_granted = user.has_app_permission(app_name)
    if access_granted:
+        app.logger.info("{0} was granted access to {1}".format(username, app_name))
        session = user.get_oauth_session()
        return redirect(consent_request.accept(
            grant_scope=consent_request.requested_scope,
            grant_access_token_audience=consent_request.requested_access_token_audience,
            session=session,
            ))
+    app.logger.warning("{0} was denied access to {1}".format(username, app_name))
    return redirect(consent_request.reject(
        "Permission denied",
        error_description="Login request was denied due to missing application permission"))

--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -11,7 +11,7 @@ HYDRA = HydraAdmin(HYDRA_ADMIN_URL)

 app = Flask(__name__)
 app.config['SECRET_KEY'] = urandom(16)
-app.debug = True if "DEBUG" in environ and environ["DEBUG"] else False
+app.debug = True if "FLASK_ENV" in environ and environ["FLASK_ENV"] == "development" else False
 app.logger.setLevel(logging.INFO)

 @app.route('/login', methods=['GET', 'POST'])