From 07d8e4d542130cdbe7fdab93ac6bb324190cf2d4 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Wed, 11 Dec 2019 11:24:27 +0100
Subject: [PATCH] Add logging to consent_provider

---
 consent_provider/app.py | 20 +++++++++++++++-----
 login_provider/app.py   |  2 +-
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/consent_provider/app.py b/consent_provider/app.py
index 121d884..d028d04 100644
--- a/consent_provider/app.py
+++ b/consent_provider/app.py
@@ -3,10 +3,13 @@ from flask.views import View
 from os import urandom, environ
 from hydra_client import HydraAdmin
 from db import User, BackendConnectionError
+import logging
 
 HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
+HYDRA = HydraAdmin(HYDRA_ADMIN_URL)
 
 app = Flask(__name__)
+app.logger.setLevel(logging.INFO)
 
 @app.route('/consent', methods=['GET'])
 def home():
@@ -24,30 +27,37 @@ def home():
     Returns:
         Redirect to the url that is provided by the consent challenge object.
     """
-    hydra = HydraAdmin(HYDRA_ADMIN_URL)
     challenge = request.args.get("consent_challenge")
     if not challenge:
         abort(403)
-    consent_request = hydra.consent_request(challenge)
+    try:
+        consent_request = HYDRA.consent_request(challenge)
+    except hydra_client.exceptions.NotFound:
+        app.logger.error("Not Found. Login request not found. challenge={0}".format(challenge))
+        abort(404)
+    except hydra_client.exceptions.HTTPError:
+        app.logger.error("Conflict. Login request has been used already. challenge={0}".format(challenge))
+        abort(503)
     app_name = consent_request.client.client_name
     username = consent_request.subject
     try:
         user = User(username)
     except BackendConnectionError as error:
-        # TODO: replace with propper logging via logger
-        print("Retrieving user object from GraphQL server failed")
-        print(error)
+        app.logger.error(
+            "Retrieving user object from GraphQL server failed {0}".format(error))
         return redirect(consent_request.reject(
             "Permission denied",
             error_description="Login request was denied due to an internal server error"))
     access_granted = user.has_app_permission(app_name)
     if access_granted:
+        app.logger.info("{0} was granted access to {1}".format(username, app_name))
         session = user.get_oauth_session()
         return redirect(consent_request.accept(
             grant_scope=consent_request.requested_scope,
             grant_access_token_audience=consent_request.requested_access_token_audience,
             session=session,
             ))
+    app.logger.warning("{0} was denied access to {1}".format(username, app_name))
     return redirect(consent_request.reject(
         "Permission denied",
         error_description="Login request was denied due to missing application permission"))
diff --git a/login_provider/app.py b/login_provider/app.py
index b6ba585..1c2952d 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -11,7 +11,7 @@ HYDRA = HydraAdmin(HYDRA_ADMIN_URL)
 
 app = Flask(__name__)
 app.config['SECRET_KEY'] = urandom(16)
-app.debug = True if "DEBUG" in environ and environ["DEBUG"] else False
+app.debug = True if "FLASK_ENV" in environ and environ["FLASK_ENV"] == "development" else False
 app.logger.setLevel(logging.INFO)
 
 @app.route('/login', methods=['GET', 'POST'])
-- 
GitLab