This commit removes unnecessary details logged for OIDC. Co-Authored-By: Ioannis Kakavas <ikakavas@protonmail.com>
This commit is contained in:
parent
2dfa0133d5
commit
4405042900
|
@ -79,6 +79,7 @@ import org.elasticsearch.common.Strings;
|
|||
import org.elasticsearch.common.collect.Tuple;
|
||||
import org.elasticsearch.common.util.concurrent.EsExecutors;
|
||||
import org.elasticsearch.common.util.concurrent.ListenableFuture;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.watcher.FileChangesListener;
|
||||
import org.elasticsearch.watcher.FileWatcher;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
|
@ -514,29 +515,31 @@ public class OpenIdConnectAuthenticator {
|
|||
return;
|
||||
}
|
||||
final Charset encoding = encodingHeader == null ? StandardCharsets.UTF_8 : Charsets.toCharset(encodingHeader.getValue());
|
||||
final RestStatus responseStatus = RestStatus.fromCode(httpResponse.getStatusLine().getStatusCode());
|
||||
if (RestStatus.OK != responseStatus) {
|
||||
final String json = EntityUtils.toString(entity, encoding);
|
||||
if (LOGGER.isTraceEnabled()) {
|
||||
LOGGER.trace("Received Token Response from OP with status [{}] and content [{}] ",
|
||||
httpResponse.getStatusLine().getStatusCode(), json);
|
||||
}
|
||||
final OIDCTokenResponse oidcTokenResponse = OIDCTokenResponse.parse(JSONObjectUtils.parse(json));
|
||||
if (oidcTokenResponse.indicatesSuccess() == false) {
|
||||
TokenErrorResponse errorResponse = oidcTokenResponse.toErrorResponse();
|
||||
LOGGER.warn("Received Token Response from OP with status [{}] and content [{}]", responseStatus, json);
|
||||
if (RestStatus.BAD_REQUEST == responseStatus) {
|
||||
final TokenErrorResponse tokenErrorResponse = TokenErrorResponse.parse(JSONObjectUtils.parse(json));
|
||||
tokensListener.onFailure(
|
||||
new ElasticsearchSecurityException("Failed to exchange code for Id Token. Code=[{}], Description=[{}]",
|
||||
errorResponse.getErrorObject().getCode(), errorResponse.getErrorObject().getDescription()));
|
||||
tokenErrorResponse.getErrorObject().getCode(), tokenErrorResponse.getErrorObject().getDescription()));
|
||||
} else {
|
||||
OIDCTokenResponse successResponse = oidcTokenResponse.toSuccessResponse();
|
||||
final OIDCTokens oidcTokens = successResponse.getOIDCTokens();
|
||||
tokensListener.onFailure(new ElasticsearchSecurityException("Failed to exchange code for Id Token"));
|
||||
}
|
||||
} else {
|
||||
final OIDCTokenResponse oidcTokenResponse = OIDCTokenResponse.parse(
|
||||
JSONObjectUtils.parse(EntityUtils.toString(entity, encoding)));
|
||||
final OIDCTokens oidcTokens = oidcTokenResponse.getOIDCTokens();
|
||||
final AccessToken accessToken = oidcTokens.getAccessToken();
|
||||
final JWT idToken = oidcTokens.getIDToken();
|
||||
if (LOGGER.isTraceEnabled()) {
|
||||
LOGGER.trace("Successfully exchanged code for ID Token: [{}] and Access Token [{}]",
|
||||
idToken, accessToken);
|
||||
LOGGER.trace("Successfully exchanged code for ID Token [{}] and Access Token [{}]", idToken,
|
||||
truncateToken(accessToken.toString()));
|
||||
}
|
||||
if (idToken == null) {
|
||||
tokensListener.onFailure(new ElasticsearchSecurityException("Token Response did not contain an ID Token or parsing of" +
|
||||
" the JWT failed."));
|
||||
tokensListener.onFailure(
|
||||
new ElasticsearchSecurityException("Token Response did not contain an ID Token or parsing of the JWT failed."));
|
||||
return;
|
||||
}
|
||||
tokensListener.onResponse(new Tuple<>(accessToken, idToken));
|
||||
|
@ -548,6 +551,13 @@ public class OpenIdConnectAuthenticator {
|
|||
}
|
||||
}
|
||||
|
||||
private static String truncateToken(String input) {
|
||||
if (Strings.hasText(input) == false || input.length() <= 4) {
|
||||
return input;
|
||||
}
|
||||
return input.substring(0, 2) + "***" + input.substring(input.length() - 2);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link CloseableHttpAsyncClient} that uses a {@link PoolingNHttpClientConnectionManager}
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue