Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up native auth common logging #2396

Merged
merged 20 commits into from
May 31, 2024
Merged

Clean up native auth common logging #2396

merged 20 commits into from
May 31, 2024

Conversation

Yuki-YuXin
Copy link
Contributor

@Yuki-YuXin Yuki-YuXin commented Apr 26, 2024
edited

Goal:

  • Review our log statements and reduce to only those that are relevant and useful. Especially the logMethodCall should be much reduced. Not every method call is relevant to know about when debugging.
  • Double check that the existing logs use string interpolation correctly to avoid leaking sensitive information in the logs.

Changes summary:

  • Every log item has correlation argument. (make sure use getCorrelationId() )
  • The NativeAuthMsalController.kt layer acts as the main log layer. Instead, remove logSessions under OAuth2Configuration, OAuth2Strategy, RequestProvider since the users care more about the outcome of the request than the construction and sending of the request. Apply the rule "only logger unknown error" to NativeAuthMsalController.
  • Remove // TODO
  • Add request and result Logger.infoWithObject in interactors.
  • infoWithObject(final String tag, final String correlationID, final String message, final ILoggable object) like warnWithObject

Company PR:

Previous comments for reference: #2374
msal: AzureAD/microsoft-authentication-library-for-android#2071

@Yuki-YuXin Yuki-YuXin added No-Changelog This Pull-Request has no associated changelog entry. No-4j-Changelog There is no changelog entry for common4j in this PR Skip-Consumers-Check Only include this if making a breaking change purposefully, and there is an MSAL/ADAL/Broker PR labels Apr 26, 2024
@Yuki-YuXin
Merge branch 'dev' into yuki/logging-clean
26d3d67 
# Conflicts:
#	common4j/src/main/com/microsoft/identity/common/java/logging/Logger.java
@Yuki-YuXin Yuki-YuXin marked this pull request as ready for review May 10, 2024 13:32
@Yuki-YuXin Yuki-YuXin requested a review from a team as a code owner May 10, 2024 13:32
@Yuki-YuXin Yuki-YuXin removed the Skip-Consumers-Check Only include this if making a breaking change purposefully, and there is an MSAL/ADAL/Broker PR label May 10, 2024
@Yuki-YuXin Yuki-YuXin requested a review from a team as a code owner May 15, 2024 17:08
SammyO
SammyO reviewed May 16, 2024
View reviewed changes
...rc/main/com/microsoft/identity/common/java/nativeauth/providers/NativeAuthResponseHandler.kt Outdated
@@ -385,7 +385,15 @@ class NativeAuthResponseHandler {
response.body,
MicrosoftStsTokenResponse::class.java
)
// TODO add safe logging

Logger.info(TAG, "MicrosoftStsTokenResponse " +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we putting this back?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, because there's a TODO there. IMO we don't need this log. Does the browser-delegated flow log something like this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The browser-delegated flow log something like this:

In terms of the TokenResponse of MSAL:
MicrosoftStsOAuth2Strategy:TokenResult:MicrosoftStsTokenResponse INFO {"ext_expires_in":4165,"expires_in":4165,"mResponseReceivedTime":0,"scope":"email openid profile Application.Read.All User.Read","token_type":"Bearer"}

BaseController:TokenResult:MicrosoftStsTokenResponse INFO {"ext_expires_in":4165,"mRefreshTokenAge":"","mSpeRing":"","expires_in":4165,"mResponseReceivedTime":0,"scope":"email openid profile Application.Read.All User.Read","token_type":"Bearer"}

Thus update the contents of the log to include what MSAL displays. But we can remove this log as well because token seems very risky and sensitive to me.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, let's remove this for now until we have a reason to put it back.

@Yuki-YuXin Yuki-YuXin mentioned this pull request May 24, 2024
Merged
GBakolas
GBakolas reviewed May 31, 2024
View reviewed changes
Copy link
Contributor

@GBakolas GBakolas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: In the ApiResponse files where you have removed the calls to logMethodCall() there are the LogSession import statements left. These statements are unused now so they can be removed for code cleanup

@Yuki-YuXin Yuki-YuXin merged commit 04cc4ab into dev May 31, 2024
17 of 18 checks passed
Yuki-YuXin added a commit to AzureAD/microsoft-authentication-library-for-android that referenced this pull request May 31, 2024
@Yuki-YuXin
Clean up native auth msal logging (#2071)
953efc0 
### Goal:
- Review our log statements and reduce to only those that are relevant
and useful. Especially the logMethodCall should be much reduced. Not
every method call is relevant to know about when debugging.
- Double check that the existing logs use string interpolation correctly
to avoid leaking sensitive information in the logs.

### Changes summary:
- Apply the rule "only logger unknown error" to
NativeAuthPublicClientApplication and states. Exception: Sign in has
password CodeRequired since it's unusual for the case.
- Add arguments under method LogSession.logMethodCall tp distinguish
callback and coroutine.

### Company PR:

AzureAD/microsoft-authentication-library-common-for-android#2396
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SammyO SammyO SammyO left review comments

@GBakolas GBakolas GBakolas approved these changes

@rmccahill rmccahill rmccahill approved these changes

Assignees
No one assigned
Labels
No-4j-Changelog There is no changelog entry for common4j in this PR No-Changelog This Pull-Request has no associated changelog entry.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Yuki-YuXin @SammyO @GBakolas @rmccahill