Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added REST API logging #476

Merged
merged 3 commits into from Aug 22, 2020
Merged

Added REST API logging #476

merged 3 commits into from Aug 22, 2020

Conversation

mcpierce
Copy link
Contributor

Status

READY

Migrations

YES

Description

Wraps annotated REST APIs and logs their runtime, request and response content, and any exceptions.

@mcpierce mcpierce added the enhancement A pull request containing a a new feature, refactoring, or security improvement.. label Aug 19, 2020
@mcpierce mcpierce added this to the 0.7 milestone Aug 19, 2020
@mcpierce mcpierce force-pushed the feature/issue-474 branch 6 times, most recently from d5eaa34 to 8fd46b3 Compare August 21, 2020 19:17
BRUCELLA2
BRUCELLA2 suggested changes Aug 21, 2020
View reviewed changes
Copy link
Contributor

@BRUCELLA2 BRUCELLA2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a lot of knowledge in the field but it seems to me that the md5 is not very secure and it might be better to use BCryptPasswordEncoder provided by Spring Security to encode passwords.

There is few sonar issues to fix too.

comixed-model/src/main/java/org/comixedproject/model/auditlog/RestAuditLogEntry.java Outdated
@Column(name = "email", nullable = true, updatable = false)
@Getter
@Setter
private String emai;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think "email" would be better ;)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DOH! Fixed.

...-rest-api/src/main/java/org/comixedproject/authentication/ComiXedAuthenticationProvider.java Show resolved Hide resolved
comixed-rest-api/src/main/java/org/comixedproject/authentication/ComiXedUserDetailsService.java Show resolved Hide resolved
comixed-rest-api/src/main/java/org/comixedproject/authentication/ComiXedUserDetailsService.java Outdated Show resolved Hide resolved
comixed-rest-api/src/main/java/org/comixedproject/controller/tasks/TaskController.java
Comment on lines +70 to +71
response.setResult(new GetTaskAuditLogResponse());
response.getResult().setEntries(entries);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set the result then get the result to set entries seems strange for me.
Wouldn't it be more understandable to do it like this:
try {
final List entries = this.taskService.getAuditLogEntriesAfter(cutoff);
GetTaskAuditLogResponse taskAuditLogResponse = new GetTaskAuditLogResponse();
taskAuditLogResponse.setEntries(entries);
if (!entries.isEmpty()) {
taskAuditLogResponse.setLatest(entries.get(entries.size() - 1).getStartTime());
}
response.setResult(taskAuditLogResponse);
response.setSuccess(true);

comixed-rest-api/src/main/java/org/comixedproject/authentication/AuthenticationConstants.java Outdated Show resolved Hide resolved
@mcpierce mcpierce force-pushed the feature/issue-474 branch 3 times, most recently from 6e96e05 to df634f4 Compare August 21, 2020 21:42
@BRUCELLA2
Copy link
Contributor

BRUCELLA2 commented Aug 22, 2020
edited

I have merged #479 before this PR. There are now some conflicts to be solved...

@sonarcloud
Copy link

sonarcloud bot commented Aug 22, 2020

SonarCloud Quality Gate failed.

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

76.4% 76.4% Coverage
0.0% 0.0% Duplication

@mcpierce
Copy link
Contributor Author

mcpierce commented Aug 22, 2020
edited

I don't have a lot of knowledge in the field but it seems to me that the md5 is not very secure and it might be better to use BCryptPasswordEncoder provided by Spring Security to encode passwords.

There is few sonar issues to fix too.

I agreed about MD5 vs BCrypt. Can you open that suggestion in a separate ticket? This story was solely meant to provide the REST audit logging.

@BRUCELLA2 BRUCELLA2 merged commit f6fb385 into comixed:develop Aug 22, 2020
@mcpierce mcpierce deleted the feature/issue-474 branch August 22, 2020 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BRUCELLA2 BRUCELLA2 BRUCELLA2 approved these changes

@jmcrfp jmcrfp Awaiting requested review from jmcrfp

Assignees
No one assigned
Labels
enhancement A pull request containing a a new feature, refactoring, or security improvement..
Projects
None yet
Milestone
0.7
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mcpierce @BRUCELLA2