librenms icon indicating copy to clipboard operation
librenms copied to clipboard
verified publisher icon librenms

provide debug/tracing/logging when auth.socialite.debug is set

Open peejaychilds opened this issue 9 months ago • 0 comments

Supporting roles with different Socialite providers is problematic as this doesn't appear to be abstracted so each provider needs to be validated/handled for those that do support additional 'claims'

I have added some testing to ensure changes to the roles support don't break okta ( ref https://github.com/librenms/librenms/pull/17504 ) but supporting other providers via testing would need additional data and currently tracing/debugging is tricky as it is not possible to 'turn on and off' logging of the involved structures.

This PR allows for that. A user would need to manually set via command line or UI the following

lnms config:set auth.socialite.debug true

This would also be helpful for assisting troubleshooting of Socialite provider Claims->Roles which can be a bit of a black-box since there is no tracing/output generated/available currently.

At some stage depending on need we could move the Logging parts into the constructor and add logging to other parts of the SocialiteController to assist in troubleshooting

The output is currently in the logs/auth.log file -- example provided

cat ~/logs/auth.log
[2025-04-24T00:32:51][DEBUG] setRolesFromClaim() starts : [email protected]
  Provider: okta
  User: {"user_id":23,"auth_type":"socialite_okta","auth_id":"00REDACTED","username":"[email protected]","realname":"Citizen, John","email":"[email protected]","descr":"","can_modify_passwd":1,"created_at":"2025-04-23T05:05:08.000000Z","updated_at":"2025-04-23T05:05:08.000000Z","enabled":1}
  Scopes: ["groups"]
  Claims: {"Example-Group-Admin":{"roles":["admin"]},"Example-Group-Read":{"roles":["global-read"]}}
  socialite_user class: SocialiteProviders\Manager\OAuth2\User

[2025-04-24T00:32:51][DEBUG] setRolesFromClaim() socialite_user->getRaw() : [email protected]
  Data Type: array
  Dump of Data:
  Array
(
    [sub] => 00REDACTED
    [name] => Citizen, John
    [locale] => en_US
    [email] => [email protected]
    [preferred_username] => [email protected]
    [given_name] => John
    [family_name] => Citizen
    [zoneinfo] => America/Los_Angeles
    [updated_at] => 1715015601
    [email_verified] => 1
    [groups] => Array
        (
            [0] => Example-Group-Admin
        )

)


[2025-04-24T00:32:51][DEBUG] setRolesFromClaim() returned data : [email protected]
 Roles: ["admin"]

Please note

Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.

  • [ ] Have you followed our code guidelines?
  • [ ] If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
  • [ ] If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926 After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

peejaychilds avatar Apr 24 '25 00:04 peejaychilds