From 77bb725d5bc152db1513fa3483d409956bcb36e3 Mon Sep 17 00:00:00 2001
From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
Date: Wed, 3 Apr 2024 11:15:13 +0530
Subject: [PATCH] - add Step logs for Auth (#15786)

---
 .../service/security/AuthCallbackServlet.java             | 8 ++++++++
 .../openmetadata/service/security/AuthLoginServlet.java   | 3 +++
 .../openmetadata/service/security/AuthRefreshServlet.java | 5 +++++
 3 files changed, 16 insertions(+)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthCallbackServlet.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthCallbackServlet.java
index b460e8f5b5d..045fe3fc45a 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthCallbackServlet.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthCallbackServlet.java
@@ -69,6 +69,7 @@ public class AuthCallbackServlet extends HttpServlet {
   @Override
   protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
     try {
+      LOG.debug("Performing Auth Callback For User Session: {} ", req.getSession().getId());
       String computedCallbackUrl = client.getCallbackUrl();
       Map<String, List<String>> parameters = retrieveParameters(req);
       AuthenticationResponse response =
@@ -97,6 +98,12 @@ public class AuthCallbackServlet extends HttpServlet {
 
       // Validations
       validateAndSendTokenRequest(req, credentials, computedCallbackUrl);
+
+      // Log Error if the Refresh Token is null
+      if (credentials.getRefreshToken() == null) {
+        LOG.error("Refresh token is null for user session: {}", req.getSession().getId());
+      }
+
       validateNonceIfRequired(req, credentials.getIdToken().getJWTClaimsSet());
 
       // Put Credentials in Session
@@ -186,6 +193,7 @@ public class AuthCallbackServlet extends HttpServlet {
       HttpServletRequest req, OidcCredentials oidcCredentials, String computedCallbackUrl)
       throws IOException, ParseException, URISyntaxException {
     if (oidcCredentials.getCode() != null) {
+      LOG.debug("Initiating Token Request for User Session: {} ", req.getSession().getId());
       CodeVerifier verifier =
           (CodeVerifier)
               req.getSession().getAttribute(client.getCodeVerifierSessionAttributeName());
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthLoginServlet.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthLoginServlet.java
index 8709d926e75..b0fdb59b921 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthLoginServlet.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthLoginServlet.java
@@ -45,10 +45,13 @@ public class AuthLoginServlet extends HttpServlet {
   @Override
   protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
     try {
+      LOG.debug("Performing Auth Login For User Session: {} ", req.getSession().getId());
       Optional<OidcCredentials> credentials = getUserCredentialsFromSession(req, client);
       if (credentials.isPresent()) {
+        LOG.debug("Auth Tokens Located from Session: {} ", req.getSession().getId());
         sendRedirectWithToken(resp, credentials.get(), serverUrl, claimsOrder);
       } else {
+        LOG.debug("Performing Auth Code Flow to Idp: {} ", req.getSession().getId());
         Map<String, String> params = buildParams();
 
         params.put(OidcConfiguration.REDIRECT_URI, client.getCallbackUrl());
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthRefreshServlet.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthRefreshServlet.java
index ac400493d9a..a40a7614b7e 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthRefreshServlet.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/AuthRefreshServlet.java
@@ -30,8 +30,10 @@ public class AuthRefreshServlet extends HttpServlet {
   @Override
   protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
     try {
+      LOG.debug("Performing Auth Refresh For User Session: {} ", req.getSession().getId());
       Optional<OidcCredentials> credentials = getUserCredentialsFromSession(req, client);
       if (credentials.isPresent()) {
+        LOG.debug("Credentials Found For User Session: {} ", req.getSession().getId());
         JwtResponse jwtResponse = new JwtResponse();
         jwtResponse.setAccessToken(credentials.get().getIdToken().getParsedString());
         jwtResponse.setExpiryDuration(
@@ -44,6 +46,9 @@ public class AuthRefreshServlet extends HttpServlet {
                 .getEpochSecond());
         writeJsonResponse(resp, JsonUtils.pojoToJson(jwtResponse));
       } else {
+        LOG.debug(
+            "Credentials Not Found For User Session: {}, Redirect to Logout ",
+            req.getSession().getId());
         resp.sendRedirect(String.format("%s/logout", baseUrl));
       }
     } catch (Exception e) {