[TECH] Améliorer les logs de la route /api/token (PIX-15710)

#10800
1024pix · Dec 12, 2024 · e67fa40 · e67fa40
2 parents ccd8fcf + c93798c
commit e67fa40
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 19 deletions.
diff --git a/api/src/identity-access-management/application/monitor-pre-handlers.js b/api/src/identity-access-management/application/monitor-pre-handlers.js
@@ -1,17 +1,30 @@
-import { logger } from '../../shared/infrastructure/utils/logger.js';
+import { monitoringTools } from '../../shared/infrastructure/monitoring-tools.js';
 import { generateHash } from '../infrastructure/utils/crypto.js';
 
-async function monitorApiTokenRoute(request, h, dependencies = { logger }) {
+async function monitorApiTokenRoute(request, h, dependencies = { monitoringTools }) {
   const { username, refresh_token, grant_type, scope } = request.payload;
 
   if (grant_type === 'password') {
     const hash = generateHash(username);
-    dependencies.logger.warn({ hash, grant_type, scope }, 'Authentication attempt');
+    dependencies.monitoringTools.logWarnWithCorrelationIds({
+      message: 'Authentication attempt',
+      hash,
+      grant_type,
+      scope,
+    });
   } else if (grant_type === 'refresh_token') {
     const hash = generateHash(refresh_token);
-    dependencies.logger.warn({ hash, grant_type, scope }, 'Authentication attempt');
+    dependencies.monitoringTools.logWarnWithCorrelationIds({
+      message: 'Authentication attempt',
+      hash,
+      grant_type,
+      scope,
+    });
   } else {
-    dependencies.logger.warn(request.payload, 'Authentication attempt with unknown method');
+    dependencies.monitoringTools.logWarnWithCorrelationIds({
+      message: 'Authentication attempt with unknown method',
+      ...request.payload,
+    });
   }
 
   return true;

diff --git a/api/src/shared/infrastructure/monitoring-tools.js b/api/src/shared/infrastructure/monitoring-tools.js
@@ -140,6 +140,7 @@ const monitoringTools = {
   incrementInContext,
   installHapiHook,
   logErrorWithCorrelationIds,
+  logWarnWithCorrelationIds,
   logInfoWithCorrelationIds,
   pushInContext,
   setInContext,

diff --git a/api/src/shared/infrastructure/plugins/pino.js b/api/src/shared/infrastructure/plugins/pino.js
@@ -1,8 +1,7 @@
-import crypto from 'node:crypto';
-
 import { stdSerializers } from 'pino';
 
 import { monitoringTools } from '../../../../src/shared/infrastructure/monitoring-tools.js';
+import { generateHash } from '../../../identity-access-management/infrastructure/utils/crypto.js';
 import { config } from '../../config.js';
 import { logger } from '../utils/logger.js';
 
@@ -17,11 +16,15 @@ function requestSerializer(req) {
   };
 
   if (!config.hapi.enableRequestMonitoring) return enhancedReq;
+
+  // monitor api token route
   const context = monitoringTools.getContext();
   if (context?.request?.route?.path === '/api/token') {
-    const hash = crypto.createHash('sha256');
-    const username = context?.request?.payload?.username;
-    enhancedReq.usernameHash = username ? hash.update(username).digest('hex') : '-';
+    const { username, refresh_token, grant_type, scope } = context.request.payload || {};
+    enhancedReq.grantType = grant_type || '-';
+    enhancedReq.scope = scope || '-';
+    enhancedReq.usernameHash = generateHash(username) || '-';
+    enhancedReq.refreshTokenHash = generateHash(refresh_token) || '-';
   }
 
   return {

diff --git a/api/tests/identity-access-management/unit/application/monitor-pre-handlers.test.js b/api/tests/identity-access-management/unit/application/monitor-pre-handlers.test.js
@@ -10,14 +10,19 @@ describe('Unit | Identity Access Management | Application | monitor-pre-handlers
       const grant_type = 'password';
       const scope = 'pix-app';
       const hash = generateHash(username);
-      const logger = { warn: sinon.stub() };
+      const monitoringTools = { logWarnWithCorrelationIds: sinon.stub() };
       const request = { payload: { grant_type, username, scope } };
 
       // when
-      monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger });
+      monitorPreHandlers.monitorApiTokenRoute(request, hFake, { monitoringTools });
 
       // then
-      expect(logger.warn).to.have.been.calledWith({ hash, grant_type, scope }, 'Authentication attempt');
+      expect(monitoringTools.logWarnWithCorrelationIds).to.have.been.calledWith({
+        message: 'Authentication attempt',
+        hash,
+        grant_type,
+        scope,
+      });
     });
 
     it('logs authentication attempt with grant type refresh token', async function () {
@@ -26,27 +31,35 @@ describe('Unit | Identity Access Management | Application | monitor-pre-handlers
       const grant_type = 'refresh_token';
       const scope = 'pix-app';
       const hash = generateHash(refresh_token);
-      const logger = { warn: sinon.stub() };
+      const monitoringTools = { logWarnWithCorrelationIds: sinon.stub() };
       const request = { payload: { grant_type, refresh_token, scope } };
 
       // when
-      monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger });
+      monitorPreHandlers.monitorApiTokenRoute(request, hFake, { monitoringTools });
 
       // then
-      expect(logger.warn).to.have.been.calledWith({ hash, grant_type, scope }, 'Authentication attempt');
+      expect(monitoringTools.logWarnWithCorrelationIds).to.have.been.calledWith({
+        message: 'Authentication attempt',
+        hash,
+        grant_type,
+        scope,
+      });
     });
 
     it('logs authentication attempt with grant type unknown', async function () {
       // given
       const grant_type = 'unknown';
-      const logger = { warn: sinon.stub() };
+      const monitoringTools = { logWarnWithCorrelationIds: sinon.stub() };
       const request = { payload: { foo: 'bar', grant_type } };
 
       // when
-      monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger });
+      monitorPreHandlers.monitorApiTokenRoute(request, hFake, { monitoringTools });
 
       // then
-      expect(logger.warn).to.have.been.calledWith(request.payload, 'Authentication attempt with unknown method');
+      expect(monitoringTools.logWarnWithCorrelationIds).to.have.been.calledWith({
+        message: 'Authentication attempt with unknown method',
+        ...request.payload,
+      });
     });
   });
 });