Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logging: de-duplicate logging logic #95

Merged
merged 1 commit into from Aug 31, 2023
Merged

logging: de-duplicate logging logic #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
33 changes: 8 additions & 25 deletions options-user.php
View file
Open in desktop
Expand Up @@ -186,7 +186,6 @@ function shibboleth_link_accounts() {
if ( isset( $_GET['shibboleth'] ) && 'link' === $_GET['shibboleth'] && current_user_can( 'edit_user', $user_id ) ) {
check_admin_referer( 'shibboleth-link' );

$shib_logging = shibboleth_getoption( 'shibboleth_logging', false, true );
$allowed = shibboleth_getoption( 'shibboleth_manually_combine_accounts', 'disallow' );

// If user's account is not already linked with shibboleth, proceed.
Expand All @@ -205,9 +204,7 @@ function shibboleth_link_accounts() {
// If username and email match, safe to merge.
if ( $user->user_login === $username && strtolower( $user->user_email ) === strtolower( $email ) ) {
update_user_meta( $user->ID, 'shibboleth_account', true );
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts manually.' );
}
shibboleth_log_message( 'account_merge', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts manually.' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=linked' );
exit;
// If username matches, check if there is a conflict with the email.
Expand All @@ -216,16 +213,12 @@ function shibboleth_link_accounts() {
// If username matches and there is no existing account with the email, safe to merge.
if ( ! $prevent_conflict->ID ) {
update_user_meta( $user->ID, 'shibboleth_account', true );
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts manually.' );
}
shibboleth_log_message( 'account_merge', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts manually.' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=linked' );
exit;
// If username matches and there is an existing account with the email, fail.
} else {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: An account already exists with the email: ' . $email . ' .' );
}
shibboleth_log_message( 'account_merge', 'ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: An account already exists with the email: ' . $email . ' .' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=failed' );
exit;
}
Expand All @@ -235,24 +228,18 @@ function shibboleth_link_accounts() {
// If email matches and there is no existing account with the username, safe to merge.
if ( ! $prevent_conflict->ID ) {
update_user_meta( $user->ID, 'shibboleth_account', true );
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts manually using username bypass. Username provided by attribute is: ' . $username . '.' );
}
shibboleth_log_message( 'account_merge', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts manually using username bypass. Username provided by attribute is: ' . $username . '.' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=linked' );
exit;
// If there is an existing account with the email, fail.
} else {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts using username bypass. Reason: An account already exists with the email: ' . $email . ' .' );
}
shibboleth_log_message( 'account_merge', 'ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts using username bypass. Reason: An account already exists with the email: ' . $email . ' .' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=failed' );
exit;
}
// If no other conditions are met, fail.
} else {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: Username and email do not match what is provided by attributes. Username provided by attribute is: ' . $username . ' and email provided by attribute is ' . $email . '.' );
}
shibboleth_log_message( 'account_merge', 'ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: Username and email do not match what is provided by attributes. Username provided by attribute is: ' . $username . ' and email provided by attribute is ' . $email . '.' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=failed' );
exit;
}
Expand All @@ -265,17 +252,13 @@ function shibboleth_link_accounts() {
}
// If manual merging is disabled, fail.
} else {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: Manual account merging is disabled.' );
}
shibboleth_log_message( 'account_merge', 'ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: Manual account merging is disabled.' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=failed' );
exit;
}
// If account is already merged, warn.
} else {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] WARN: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: User\'s account is already merged.' );
}
shibboleth_log_message( 'account_merge', 'WARN: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to manually merge accounts. Reason: User\'s account is already merged.' );
wp_safe_redirect( get_edit_user_link() . '?shibboleth=duplicate' );
exit;
}
Expand Down
55 changes: 26 additions & 29 deletions shibboleth.php
View file
Open in desktop
Expand Up @@ -546,6 +546,23 @@ function shibboleth_session_initiator_url( $redirect = null ) {
return $initiator_url;
}

/**
* Log Shibboleth message.
*
* @param string $message_type Message type.
* @param string $message Message.
*/
function shibboleth_log_message( $message_type, $message ) {
static $shib_logging;

if ( ! isset( $shib_logging ) ) {
$shib_logging = shibboleth_getoption( 'shibboleth_logging', array(), true );
}

if ( defined( 'WP_DEBUG' ) && WP_DEBUG || in_array( $message_type, $shib_logging, true ) ) {
error_log( '[Shibboleth WordPress Plugin Logging] ' . $message );
}
}

/**
* Authenticate the user based on the current Shibboleth headers.
Expand All @@ -567,7 +584,6 @@ function shibboleth_session_initiator_url( $redirect = null ) {
*/
function shibboleth_authenticate_user() {
$shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true );
$shib_logging = shibboleth_getoption( 'shibboleth_logging', array(), true );
$auto_combine_accounts = shibboleth_getoption( 'shibboleth_auto_combine_accounts' );
$manually_combine_accounts = shibboleth_getoption( 'shibboleth_manually_combine_accounts' );

Expand Down Expand Up @@ -633,18 +649,12 @@ function shibboleth_authenticate_user() {

if ( $do_account_combine ) {
update_user_meta( $user->ID, 'shibboleth_account', true );
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts automatically.' );
}
shibboleth_log_message( 'account_merge', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') merged accounts automatically.' );
} elseif ( 'username' === $user_by ) {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to automatically merge accounts. Reason: An account already exists with this username.' );
}
shibboleth_log_message( 'account_merge', 'ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to automatically merge accounts. Reason: An account already exists with this username.' );
return new WP_Error( 'invalid_username', __( 'An account already exists with this username.', 'shibboleth' ) );
} else {
if ( in_array( 'account_merge', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to automatically merge accounts. Reason: An account already exists with this email.' );
}
shibboleth_log_message( 'account_merge', 'ERROR: User ' . $user->user_login . ' (ID: ' . $user->ID . ') failed to automatically merge accounts. Reason: An account already exists with this email.' );
return new WP_Error( 'invalid_email', __( 'An account already exists with this email.', 'shibboleth' ) );
}
}
Expand All @@ -659,9 +669,7 @@ function shibboleth_authenticate_user() {

if ( ! $user ) {
$error_message = 'Unable to create account based on data provided.';
if ( in_array( 'account_create', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: Unable to create account based on data provided.' );
}
shibboleth_log_message( 'account_create', 'ERROR: Unable to create account based on data provided.' );
return new WP_Error( 'missing_data', $error_message );
}

Expand All @@ -673,15 +681,11 @@ function shibboleth_authenticate_user() {
if ( $update ) {
$user_role = shibboleth_get_user_role();
$user->set_role( $user_role );
if ( in_array( 'role_update', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') role was updated to ' . $user_role . '.' );
}
shibboleth_log_message( 'role_update', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') role was updated to ' . $user_role . '.' );
do_action( 'shibboleth_set_user_roles', $user );
}

if ( in_array( 'auth', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') successfully authenticated.' );
}
shibboleth_log_message( 'auth', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') successfully authenticated.' );
return $user;
}

Expand All @@ -696,7 +700,6 @@ function shibboleth_authenticate_user() {
*/
function shibboleth_create_new_user( $user_login, $user_email ) {
$create_accounts = shibboleth_getoption( 'shibboleth_create_accounts' );
$shib_logging = shibboleth_getoption( 'shibboleth_logging', array(), true );
$user_role = shibboleth_get_user_role();

if ( ! empty( $create_accounts ) ) {
Expand All @@ -713,9 +716,7 @@ function shibboleth_create_new_user( $user_login, $user_email ) {
)
);
if ( is_wp_error( $user_id ) ) {
if ( in_array( 'account_create', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: Unable to create account based on data provided. Reason: ' . $user_id->get_error_message() . '.' );
}
shibboleth_log_message( 'account_create', 'ERROR: Unable to create account based on data provided. Reason: ' . $user_id->get_error_message() . '.' );
return new WP_Error( 'account_create_failed', $user_id->get_error_message() );
} else {
$user = new WP_User( $user_id );
Expand All @@ -725,15 +726,11 @@ function shibboleth_create_new_user( $user_login, $user_email ) {
shibboleth_update_user_data( $user->ID, true );
$user->set_role( $user_role );
do_action( 'shibboleth_set_user_roles', $user );
if ( in_array( 'account_create', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') was created with role ' . ( $user_role ? $user_role : 'none' ) . '.' );
}
shibboleth_log_message( 'account_create', 'SUCCESS: User ' . $user->user_login . ' (ID: ' . $user->ID . ') was created with role ' . ( $user_role ? $user_role : 'none' ) . '.' );
return $user;
}
} else {
if ( in_array( 'auth', $shib_logging, true ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[Shibboleth WordPress Plugin Logging] ERROR: User account does not exist and account creation is disabled.' );
}
shibboleth_log_message( 'auth', 'ERROR: User account does not exist and account creation is disabled.' );
return new WP_Error( 'no_access', __( 'You do not have sufficient access.' ) );
}
}
Expand Down