Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CBG-3379 add missing context logging #6408

Merged
merged 11 commits into from
Sep 13, 2023
Merged

CBG-3379 add missing context logging #6408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
451a4ff
CBG-3379 add missing context logging
torcolvin Sep 7, 2023
fd505d1
allow windows compilation
torcolvin Sep 11, 2023
5fb8726
Match sg-bucket interface on gocbv2bucket
torcolvin Sep 11, 2023
c408bdc
Ensure Collection abides ViewStore
torcolvin Sep 11, 2023
1c9e2a0
create newBlipHandler to require users to pass a context
torcolvin Sep 12, 2023
44e8a81
Set correct non cancellable database context for ISGR/blip replications
torcolvin Sep 13, 2023
fd539ea
Add missing contet for blip messages
torcolvin Sep 13, 2023
2936b36
make sure we don't drop console information
torcolvin Sep 13, 2023
8b4611b
Merge remote-tracking branch 'origin/master' into CBG-3379
torcolvin Sep 13, 2023
bffbed7
Merge remote-tracking branch 'origin/master' into CBG-3379
torcolvin Sep 13, 2023
162b8ac
Merge branch 'master' into CBG-3379
bbrks Sep 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions auth/auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,12 @@ func NewAuthenticator(datastore base.DataStore, channelComputer ChannelComputer,
}
}

func DefaultAuthenticatorOptions() AuthenticatorOptions {
func DefaultAuthenticatorOptions(ctx context.Context) AuthenticatorOptions {
return AuthenticatorOptions{
ClientPartitionWindow: base.DefaultClientPartitionWindow,
SessionCookieName: DefaultCookieName,
BcryptCost: DefaultBcryptCost,
LogCtx: context.Background(),
LogCtx: ctx,
}
}

Expand Down Expand Up @@ -803,7 +803,7 @@ func (auth *Authenticator) AuthenticateUntrustedJWT(rawToken string, oidcProvide
}
if authenticator == nil {
for _, provider := range oidcProviders {
if provider.ValidFor(issuer, audiences) {
if provider.ValidFor(auth.LogCtx, issuer, audiences) {
base.TracefCtx(auth.LogCtx, base.KeyAuth, "Using OIDC provider %v", base.UD(provider.Issuer))
authenticator = provider
break
Expand All @@ -812,7 +812,7 @@ func (auth *Authenticator) AuthenticateUntrustedJWT(rawToken string, oidcProvide
}
if authenticator == nil {
for _, provider := range localJWT {
if provider.ValidFor(issuer, audiences) {
if provider.ValidFor(auth.LogCtx, issuer, audiences) {
base.TracefCtx(auth.LogCtx, base.KeyAuth, "Using local JWT provider %v", base.UD(provider.Issuer))
authenticator = provider
break
Expand All @@ -825,7 +825,7 @@ func (auth *Authenticator) AuthenticateUntrustedJWT(rawToken string, oidcProvide
}

var identity *Identity
identity, err = authenticator.verifyToken(context.TODO(), rawToken, callbackURLFunc)
identity, err = authenticator.verifyToken(auth.LogCtx, rawToken, callbackURLFunc)
if err != nil {
base.DebugfCtx(auth.LogCtx, base.KeyAuth, "JWT invalid: %v", err)
return nil, PrincipalConfig{}, base.HTTPErrorf(http.StatusUnauthorized, "Invalid JWT")
Expand Down
92 changes: 46 additions & 46 deletions auth/auth_test.go
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion auth/auth_time_sensitive_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func TestAuthenticationSpeed(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
user, _ := auth.NewUser("me", "goIsKewl", nil)
assert.True(t, user.Authenticate("goIsKewl"))

Expand Down
4 changes: 2 additions & 2 deletions auth/collection_access_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ func TestUserCollectionAccess(t *testing.T) {
// User with no access:
bucket := base.GetTestBucket(t)
defer bucket.Close()
options := DefaultAuthenticatorOptions()
options := DefaultAuthenticatorOptions(base.TestCtx(t))
options.Collections = map[string]map[string]struct{}{
"scope1": {
"collection1": struct{}{},
Expand Down Expand Up @@ -170,7 +170,7 @@ func TestSerializeUserWithCollections(t *testing.T) {

bucket := base.GetTestBucket(t)
defer bucket.Close()
auth := NewAuthenticator(bucket.GetSingleDataStore(), nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(bucket.GetSingleDataStore(), nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
user, _ := auth.NewUser("me", "letmein", ch.BaseSetOf(t, "me", "public"))
encoded, err := base.JSONMarshal(user)
require.NoError(t, err)
Expand Down
14 changes: 7 additions & 7 deletions auth/jwt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,13 @@ type JWTConfigCommon struct {
}

// ValidFor returns whether the issuer matches, and one of the audiences matches
func (j JWTConfigCommon) ValidFor(issuer string, audiences audience) bool {
func (j JWTConfigCommon) ValidFor(ctx context.Context, issuer string, audiences audience) bool {
if j.Issuer != issuer {
return false
}
// Nil ClientID is invalid (checked by config validation), but empty-string disables audience checking
if j.ClientID == nil {
base.ErrorfCtx(context.Background(), "JWTConfigCommon.ClientID nil - should never happen (for issuer %v)", base.UD(j.Issuer))
base.ErrorfCtx(ctx, "JWTConfigCommon.ClientID nil - should never happen (for issuer %v)", base.UD(j.Issuer))
return false
}
if *j.ClientID == "" {
Expand Down Expand Up @@ -147,7 +147,7 @@ type LocalJWTAuthConfig struct {
}

// BuildProvider prepares a LocalJWTAuthProvider from this config, initialising keySet.
func (l LocalJWTAuthConfig) BuildProvider(name string) *LocalJWTAuthProvider {
func (l LocalJWTAuthConfig) BuildProvider(ctx context.Context, name string) *LocalJWTAuthProvider {
var prov *LocalJWTAuthProvider
// validation ensures these are truly mutually exclusive
if len(l.Keys) > 0 {
Expand All @@ -160,10 +160,10 @@ func (l LocalJWTAuthConfig) BuildProvider(name string) *LocalJWTAuthProvider {
prov = &LocalJWTAuthProvider{
LocalJWTAuthConfig: l,
name: name,
keySet: oidc.NewRemoteKeySet(context.Background(), l.JWKSURI),
keySet: oidc.NewRemoteKeySet(ctx, l.JWKSURI),
}
}
prov.initUserPrefix()
prov.initUserPrefix(ctx)
return prov
}

Expand Down Expand Up @@ -209,14 +209,14 @@ func (l *LocalJWTAuthProvider) common() JWTConfigCommon {
return l.JWTConfigCommon
}

func (l *LocalJWTAuthProvider) initUserPrefix() {
func (l *LocalJWTAuthProvider) initUserPrefix(ctx context.Context) {
if l.UserPrefix != "" || l.UsernameClaim != "" {
return
}

issuerURL, err := url.ParseRequestURI(l.Issuer)
if err != nil {
base.WarnfCtx(context.TODO(), "Unable to parse issuer URI when initializing user prefix - using provider name")
base.WarnfCtx(ctx, "Unable to parse issuer URI when initializing user prefix - using provider name")
l.UserPrefix = l.name
return
}
Expand Down
6 changes: 3 additions & 3 deletions auth/jwt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func TestJWTVerifyToken(t *testing.T) {
testIssuer = "testIssuer"
testClientID = "testAud"
)

ctx := base.TestCtx(t)
common := JWTConfigCommon{
Issuer: testIssuer,
ClientID: base.StringPtr(testClientID),
Expand All @@ -96,13 +96,13 @@ func TestJWTVerifyToken(t *testing.T) {
Algorithms: []string{"RS256", "ES256"},
Keys: []jose.JSONWebKey{testRSAJWK, testECJWK, testEncRSAJWK},
SkipExpiryCheck: base.BoolPtr(true),
}.BuildProvider("test")
}.BuildProvider(ctx, "test")
providerWithExpiryCheck := LocalJWTAuthConfig{
JWTConfigCommon: common,
Algorithms: []string{"RS256", "ES256"},
Keys: []jose.JSONWebKey{testRSAJWK, testECJWK, testEncRSAJWK},
SkipExpiryCheck: base.BoolPtr(false),
}.BuildProvider("test")
}.BuildProvider(ctx, "test")

t.Run("garbage", test(baseProvider, "INVALID", anyError))

Expand Down
4 changes: 3 additions & 1 deletion auth/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,14 @@ licenses/APL2.txt.
package auth

import (
"context"
"testing"

"github.com/couchbase/sync_gateway/base"
)

func TestMain(m *testing.M) {
ctx := context.Background() // start of test process
tbpOptions := base.TestBucketPoolOptions{MemWatermarkThresholdMB: 2048}
base.TestBucketPoolNoIndexes(m, tbpOptions)
base.TestBucketPoolNoIndexes(ctx, m, tbpOptions)
}
8 changes: 4 additions & 4 deletions auth/oidc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,7 @@ func (op *OIDCProvider) runDiscoverySync(ctx context.Context, discoveryURL strin
return ttl, err
}
if refresh && !op.isStandardDiscovery() {
verifier := op.generateVerifier(&metadata, context.Background())
verifier := op.generateVerifier(&metadata, ctx)
op.client.SetConfig(verifier, metadata.endpoint())
op.metadata = metadata
}
Expand Down Expand Up @@ -624,7 +624,7 @@ func (op *OIDCProvider) verifyToken(ctx context.Context, token string, callbackU
}

// Verify claims and signature on the JWT; ensure that it's been signed by the provider.
idToken, err := client.verifyJWT(token)
idToken, err := client.verifyJWT(ctx, token)
if err != nil {
base.DebugfCtx(ctx, base.KeyAuth, "Client %v could not verify JWT. Error: %v", base.UD(client), err)
return nil, err
Expand Down Expand Up @@ -661,10 +661,10 @@ func getIssuerWithAudience(token *jwt.JSONWebToken) (issuer string, audiences []

// verifyJWT parses a raw ID Token, verifies it's been signed by the provider
// and returns the payload. It uses the ID Token Verifier to verify the token.
func (client *OIDCClient) verifyJWT(token string) (*oidc.IDToken, error) {
func (client *OIDCClient) verifyJWT(ctx context.Context, token string) (*oidc.IDToken, error) {
client.mutex.RLock()
defer client.mutex.RUnlock()
return client.verifier.Verify(context.Background(), token)
return client.verifier.Verify(ctx, token)
}

func SetURLQueryParam(strURL, name, value string) (string, error) {
Expand Down
2 changes: 1 addition & 1 deletion auth/oidc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1191,7 +1191,7 @@ func TestJWTRolesChannels(t *testing.T) {
roleChannels: map[string]ch.TimedSet{},
}

auth := NewAuthenticator(dataStore, &testMockComputer, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, &testMockComputer, DefaultAuthenticatorOptions(base.TestCtx(t)))

provider := &OIDCProvider{
Name: "foo",
Expand Down
2 changes: 1 addition & 1 deletion auth/password_hash_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func TestSetBcryptCost(t *testing.T) {
bucket := base.GetTestBucket(t)
defer bucket.Close()
dataStore := bucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

err := auth.SetBcryptCost(DefaultBcryptCost - 1) // below minimum allowed value
assert.Equal(t, ErrInvalidBcryptCost, errors.Cause(err))
Expand Down
6 changes: 3 additions & 3 deletions auth/role_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func TestAuthorizeChannelsRole(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

role, err := auth.NewRole("root", channels.BaseSetOf(t, "superuser"))
assert.NoError(t, err)
Expand All @@ -65,9 +65,9 @@ func TestRoleKeysHash(t *testing.T) {
defer testBucket.Close()
dataStore := testBucket.DefaultDataStore()

auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
if !metadataDefault {
namedMetadataOptions := DefaultAuthenticatorOptions()
namedMetadataOptions := DefaultAuthenticatorOptions(base.TestCtx(t))
namedMetadataOptions.MetaKeys = base.NewMetadataKeys("foo")

auth = NewAuthenticator(dataStore, nil, namedMetadataOptions)
Expand Down
14 changes: 7 additions & 7 deletions auth/session_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ func TestCreateSession(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

user, err := auth.NewUser(username, "password", base.Set{})
require.NoError(t, err)
Expand Down Expand Up @@ -74,7 +74,7 @@ func TestDeleteSession(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

id, err := base.GenerateRandomSecret()
require.NoError(t, err)
Expand Down Expand Up @@ -103,7 +103,7 @@ func TestMakeSessionCookie(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

sessionID, err := base.GenerateRandomSecret()
require.NoError(t, err)
Expand All @@ -129,7 +129,7 @@ func TestMakeSessionCookieProperties(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

sessionID, err := base.GenerateRandomSecret()
require.NoError(t, err)
Expand Down Expand Up @@ -164,7 +164,7 @@ func TestDeleteSessionForCookie(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

sessionID, err := base.GenerateRandomSecret()
require.NoError(t, err)
Expand Down Expand Up @@ -227,7 +227,7 @@ func TestCreateSessionChangePassword(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

user, err := auth.NewUser(test.username, test.password, base.Set{})
require.NoError(t, err)
Expand Down Expand Up @@ -266,7 +266,7 @@ func TestUserWithoutSessionUUID(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
const username = "Alice"
user, err := auth.NewUser(username, "password", base.Set{})
require.NoError(t, err)
Expand Down
20 changes: 10 additions & 10 deletions auth/user_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func TestUserAuthenticateDisabled(t *testing.T) {
defer bucket.Close()
dataStore := bucket.GetSingleDataStore()
// Create user
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
u, err := auth.NewUser(username, oldPassword, base.Set{})
assert.NoError(t, err)
assert.NotNil(t, u)
Expand Down Expand Up @@ -70,7 +70,7 @@ func TestUserAuthenticatePasswordHashUpgrade(t *testing.T) {
defer bucket.Close()
dataStore := bucket.GetSingleDataStore()
// Create user
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
u, err := auth.NewUser(username, oldPassword, base.Set{})
require.NoError(t, err)
require.NotNil(t, u)
Expand Down Expand Up @@ -252,7 +252,7 @@ func TestCanSeeChannelSince(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
freeChannels := base.SetFromArray([]string{"ESPN", "HBO", "FX", "AMC"})
user, err := auth.NewUser("user", "password", freeChannels)
assert.Nil(t, err)
Expand Down Expand Up @@ -280,7 +280,7 @@ func TestGetAddedChannels(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

role, err := auth.NewRole("music", channels.BaseSetOf(t, "Spotify", "Youtube"))
assert.Nil(t, err)
Expand Down Expand Up @@ -323,7 +323,7 @@ func TestUserAuthenticateWithDisabledUserAccount(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

user, err := auth.NewUser(username, password, base.Set{})
assert.NoError(t, err)
Expand All @@ -345,7 +345,7 @@ func TestUserAuthenticateWithOldPasswordHash(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

user, err := auth.NewUser(username, password, base.Set{})
assert.NoError(t, err)
Expand All @@ -366,7 +366,7 @@ func TestUserAuthenticateWithBadPasswordHash(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

user, err := auth.NewUser(username, password, base.Set{})
assert.NoError(t, err)
Expand All @@ -387,7 +387,7 @@ func TestUserAuthenticateWithNoHashAndBadPassword(t *testing.T) {
testBucket := base.GetTestBucket(t)
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))

user, err := auth.NewUser(username, password, base.Set{})
assert.NoError(t, err)
Expand All @@ -404,9 +404,9 @@ func TestUserKeysHash(t *testing.T) {
defer testBucket.Close()
dataStore := testBucket.GetSingleDataStore()

auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions())
auth := NewAuthenticator(dataStore, nil, DefaultAuthenticatorOptions(base.TestCtx(t)))
if !metadataDefault {
namedMetadataOptions := DefaultAuthenticatorOptions()
namedMetadataOptions := DefaultAuthenticatorOptions(base.TestCtx(t))
namedMetadataOptions.MetaKeys = base.NewMetadataKeys("foo")

auth = NewAuthenticator(testBucket.GetSingleDataStore(), nil, namedMetadataOptions)
Expand Down
Loading