search

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
15.43k stars 1.94k forks source link

OIDC dump_user_data flag enabled returns [object] and status: 0 not rendered user data JSON #5215

Closed baskoopmans closed 1 month ago

baskoopmans commented 1 month ago

Describe the Bug

We are running BookStack version 24.5.4 with OIDC configuration and logging to stder, the OIDC dump user info exception shows no user info only [object] and status: 0, is this to be expected?

Steps to Reproduce

Expected Behaviour

Expect some user details to be printed

Screenshots or Additional Context

Configuration:

LOG_CHANNEL=stderr
OIDC_DUMP_USER_DETAILS=true

Example:

Exception [2024-09-24 12:39:47] production.ERROR: {"exception":"[object] (BookStack\\Exceptions\\JsonDebugException(code: 0): at /var/www/bookstack/app/Access/Oidc/OidcService.php:191) [stacktrace]

GET request [24/Sep/2024:12:39:46 +0000] "GET /oidc/callback?code=0.<token>&state=<state>&session_state=<session> HTTP/1.1" 200 5869 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"

Browser Details

Chrome 128 (64-bit) on Windows 10

Exact BookStack Version

v24.5.4

ssddanbrown commented 1 month ago

Hi @baskoopmans, That debug option dumps to the browser during the login process, rather than the app error log.

baskoopmans commented 1 month ago

Hi Dan, thanks for your quick reply!

Ok good to know :) so the user data is not visible in the server logs as you state?

I'm still a bit confused, the feature flag does have influence on the exception raised on line 191? https://github.com/BookStackApp/BookStack/blob/3a058a6e349db0456c294fc47e5537a0fd73ecd0/app/Access/Oidc/OidcService.php#L191

In combination with enabling the raise of the exception https://github.com/BookStackApp/BookStack/blob/3a058a6e349db0456c294fc47e5537a0fd73ecd0/app/Config/oidc.php#L9

If $idToken->getAllClaims() returns status: 0 and the [object] what would it mean?

I'm trying to get some extra information about the logged in user server side in order to see why the groups are not correctly matched

ssddanbrown commented 1 month ago

@baskoopmans

the feature flag does have influence on the exception raised on line 191? If $idToken->getAllClaims() returns status: 0 and the [object] what would it mean?

A custom exception is thrown here to allow us to catch this and show the token data (passed into the exception) as a response. $idToken->getAllClaims() is not returning status 0, that's just the default code for a php exception. The [object] just refers to the error object itself.

If you really needed a back-end way to log the data, you could setup our the logical theme system then use the following function.php theme file to log the data during the login process:

<?php

use BookStack\Theming\ThemeEvents;
use BookStack\Facades\Theme;
use Illuminate\Support\Facades\Log;

Theme::listen(ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE, function (array $idTokenData, array $accessTokenData) {
    $logMessage = "OIDC login ID token data: " . json_encode($idTokenData);
    Log::info($logMessage);
});
ssddanbrown commented 1 month ago

Since there's been no further follow up I'll go ahead and close this off. Feel free to still comment if you need guidance on the above.

Thanks once again for your continued sponsorship btw!