Stop logging username/token

Fixes https://github.com/aspnet/Security/issues/1259
This commit is contained in:
Hao Kung 2018-01-16 11:40:05 -08:00
parent dde7671c06
commit ba1eb281d1
4 changed files with 20 additions and 52 deletions

View File

@ -110,7 +110,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
} }
catch (Exception ex) catch (Exception ex)
{ {
Logger.TokenValidationFailed(token, ex); Logger.TokenValidationFailed(ex);
// Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event. // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null

View File

@ -7,16 +7,16 @@ namespace Microsoft.Extensions.Logging
{ {
internal static class LoggingExtensions internal static class LoggingExtensions
{ {
private static Action<ILogger, string, Exception> _tokenValidationFailed; private static Action<ILogger, Exception> _tokenValidationFailed;
private static Action<ILogger, Exception> _tokenValidationSucceeded; private static Action<ILogger, Exception> _tokenValidationSucceeded;
private static Action<ILogger, Exception> _errorProcessingMessage; private static Action<ILogger, Exception> _errorProcessingMessage;
static LoggingExtensions() static LoggingExtensions()
{ {
_tokenValidationFailed = LoggerMessage.Define<string>( _tokenValidationFailed = LoggerMessage.Define(
eventId: 1, eventId: 1,
logLevel: LogLevel.Information, logLevel: LogLevel.Information,
formatString: "Failed to validate the token {Token}"); formatString: "Failed to validate the token.");
_tokenValidationSucceeded = LoggerMessage.Define( _tokenValidationSucceeded = LoggerMessage.Define(
eventId: 2, eventId: 2,
logLevel: LogLevel.Information, logLevel: LogLevel.Information,
@ -27,19 +27,13 @@ namespace Microsoft.Extensions.Logging
formatString: "Exception occurred while processing message."); formatString: "Exception occurred while processing message.");
} }
public static void TokenValidationFailed(this ILogger logger, string token, Exception ex) public static void TokenValidationFailed(this ILogger logger, Exception ex)
{ => _tokenValidationFailed(logger, ex);
_tokenValidationFailed(logger, token, ex);
}
public static void TokenValidationSucceeded(this ILogger logger) public static void TokenValidationSucceeded(this ILogger logger)
{ => _tokenValidationSucceeded(logger, null);
_tokenValidationSucceeded(logger, null);
}
public static void ErrorProcessingMessage(this ILogger logger, Exception ex) public static void ErrorProcessingMessage(this ILogger logger, Exception ex)
{ => _errorProcessingMessage(logger, ex);
_errorProcessingMessage(logger, ex);
}
} }
} }

View File

@ -98,37 +98,15 @@ namespace Microsoft.AspNetCore.Authorization
var result = _evaluator.Evaluate(authContext); var result = _evaluator.Evaluate(authContext);
if (result.Succeeded) if (result.Succeeded)
{ {
_logger.UserAuthorizationSucceeded(GetUserNameForLogging(user)); _logger.UserAuthorizationSucceeded();
} }
else else
{ {
_logger.UserAuthorizationFailed(GetUserNameForLogging(user)); _logger.UserAuthorizationFailed();
} }
return result; return result;
} }
private string GetUserNameForLogging(ClaimsPrincipal user)
{
var identity = user?.Identity;
if (identity != null)
{
var name = identity.Name;
if (name != null)
{
return name;
}
return GetClaimValue(identity, "sub")
?? GetClaimValue(identity, ClaimTypes.Name)
?? GetClaimValue(identity, ClaimTypes.NameIdentifier);
}
return null;
}
private static string GetClaimValue(IIdentity identity, string claimsType)
{
return (identity as ClaimsIdentity)?.FindFirst(claimsType)?.Value;
}
/// <summary> /// <summary>
/// Checks if a user meets a specific authorization policy. /// Checks if a user meets a specific authorization policy.
/// </summary> /// </summary>

View File

@ -7,29 +7,25 @@ namespace Microsoft.Extensions.Logging
{ {
internal static class LoggingExtensions internal static class LoggingExtensions
{ {
private static Action<ILogger, string, Exception> _userAuthorizationFailed; private static Action<ILogger, Exception> _userAuthorizationFailed;
private static Action<ILogger, string, Exception> _userAuthorizationSucceeded; private static Action<ILogger, Exception> _userAuthorizationSucceeded;
static LoggingExtensions() static LoggingExtensions()
{ {
_userAuthorizationSucceeded = LoggerMessage.Define<string>( _userAuthorizationSucceeded = LoggerMessage.Define(
eventId: 1, eventId: 1,
logLevel: LogLevel.Information, logLevel: LogLevel.Information,
formatString: "Authorization was successful for user: {UserName}."); formatString: "Authorization was successful.");
_userAuthorizationFailed = LoggerMessage.Define<string>( _userAuthorizationFailed = LoggerMessage.Define(
eventId: 2, eventId: 2,
logLevel: LogLevel.Information, logLevel: LogLevel.Information,
formatString: "Authorization failed for user: {UserName}."); formatString: "Authorization failed.");
} }
public static void UserAuthorizationSucceeded(this ILogger logger, string userName) public static void UserAuthorizationSucceeded(this ILogger logger)
{ => _userAuthorizationSucceeded(logger, null);
_userAuthorizationSucceeded(logger, userName, null);
}
public static void UserAuthorizationFailed(this ILogger logger, string userName) public static void UserAuthorizationFailed(this ILogger logger)
{ => _userAuthorizationFailed(logger, null);
_userAuthorizationFailed(logger, userName, null);
}
} }
} }