From 585dbd82a5364e5ca9fe16a9b5714aa340f47896 Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Fri, 22 Apr 2022 12:45:15 +0200
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Filter=20for=20logging?=
 =?UTF-8?q?=20authentication=20details?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../filters/impl/PerunLogIdentityFilter.java  | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunLogIdentityFilter.java

diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunLogIdentityFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunLogIdentityFilter.java
new file mode 100644
index 000000000..e00a30f6c
--- /dev/null
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunLogIdentityFilter.java
@@ -0,0 +1,65 @@
+package cz.muni.ics.oidc.server.filters.impl;
+
+import cz.muni.ics.oauth2.model.ClientDetailsEntity;
+import cz.muni.ics.oidc.models.PerunUser;
+import cz.muni.ics.oidc.saml.SamlProperties;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilterParams;
+import cz.muni.ics.oidc.server.filters.FilterParams;
+import cz.muni.ics.oidc.server.filters.FiltersUtils;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.saml.SAMLCredential;
+
+/**
+ * This filter logs information about the user who has logged in INFO level in the format:
+ * 'User ID: {}, User identifier: {}, User name: {}, service ID: {}, service name: {}'.
+ * @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
+ */
+@Slf4j
+public class PerunLogIdentityFilter extends AuthProcFilter {
+
+    public static final String APPLIED = "APPLIED_" + PerunLogIdentityFilter.class.getSimpleName();
+
+    private final String userIdentifierAttr;
+
+    public PerunLogIdentityFilter(AuthProcFilterParams params) {
+        super(params);
+        userIdentifierAttr = params.getBeanUtil().getBean(SamlProperties.class).getUserIdentifierAttribute();
+    }
+
+    @Override
+    protected String getSessionAppliedParamName() {
+        return APPLIED;
+    }
+
+    @Override
+    protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
+        PerunUser user = params.getUser();
+        ClientDetailsEntity client = params.getClient();
+        SAMLCredential samlCredential = FiltersUtils.getSamlCredential(req);
+
+        Long id = -1L;
+        String name = "_empty";
+        String identifier = "_empty";
+        String clientName = "_empty";
+        String clientId = "_empty";
+        if (user != null) {
+            name = user.getFirstName() + ' ' + user.getLastName();
+            id = user.getId();
+        }
+        if (client != null) {
+            clientName = client.getClientName();
+            clientId = client.getClientId();
+        }
+        if (samlCredential != null) {
+            identifier = FiltersUtils.getExtLogin(samlCredential, userIdentifierAttr);
+        }
+
+        log.info("User ID: {}, User identifier: {}, User name: {}, service ID: {}, service name: {}",
+                id, identifier, name, clientId, clientName);
+        return true;
+    }
+
+}