From da6f589939bb40f3f80f8ac8ea0b8135cd2def1c Mon Sep 17 00:00:00 2001 From: DMaester Date: Wed, 19 Aug 2015 22:02:19 +0200 Subject: [PATCH] Issue #2074641 by brad.bulger, DMaester: configurable logging levels --- simplesamlphp_auth.admin.inc | 13 +++++++++- simplesamlphp_auth.inc | 49 +++++++++++++++++++++++------------- simplesamlphp_auth.install | 1 + simplesamlphp_auth.module | 41 ++++++++++++++++++++---------- 4 files changed, 73 insertions(+), 31 deletions(-) diff --git a/simplesamlphp_auth.admin.inc b/simplesamlphp_auth.admin.inc index c66cab7..e6d83ac 100644 --- a/simplesamlphp_auth.admin.inc +++ b/simplesamlphp_auth.admin.inc @@ -48,7 +48,18 @@ function simplesamlphp_auth_settings_basic() { '#default_value' => variable_get('simplesamlphp_auth_login_path', 'saml_login'), '#description' => t('Path for logging into SAML - Do not include proceeding slash.'), ); - + $form['simplesamlphp_auth_grp_debug'] = array( + '#type' => 'fieldset', + '#title' => t('Debugging'), + '#collapsible' => FALSE, + '#collapsed' => FALSE, + ); + $form['simplesamlphp_auth_grp_debug']['simplesamlphp_auth_debug'] = array( + '#type' => 'checkbox', + '#title' => t('Turn on debugging messages'), + '#default_value' => variable_get('simplesamlphp_auth_debug', FALSE), + '#description' => t('Expand the level of watchdog messages logged to include debugging information'), + ); $form['simplesamlphp_auth_grp_reg'] = array( '#type' => 'fieldset', '#title' => t('User Provisioning'), diff --git a/simplesamlphp_auth.inc b/simplesamlphp_auth.inc index a280d32..9a27796 100644 --- a/simplesamlphp_auth.inc +++ b/simplesamlphp_auth.inc @@ -20,15 +20,18 @@ function _simplesaml_auth_login_register() { // Get unique identifier from saml attributes. $authname = _simplesamlphp_auth_get_authname(); - watchdog('simplesamlphp_auth', 'Authname is [%authname] userid is [%uid]', array( - '%authname' => $authname, - '%uid' => $user->uid, - ), WATCHDOG_DEBUG); - + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Authname is [%authname] userid is [%uid]', array( + '%authname' => $authname, + '%uid' => $user->uid, + ), WATCHDOG_DEBUG); + } if (!empty($authname)) { // User is logged in with SAML authentication and we got the unique // identifier, so try to log into Drupal. - watchdog('simplesamlphp_auth', 'Loading Drupal user [%authname]', array('%authname' => $authname), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Loading Drupal user [%authname]', array('%authname' => $authname), WATCHDOG_DEBUG); + } // Retrieve user mapping and attempt to log the user in. $ext_user = user_external_load($authname); @@ -92,16 +95,20 @@ function _simplesaml_auth_user_register($authname) { if (variable_get('simplesamlphp_auth_registerusers', TRUE)) { // We are allowed to register new users. - watchdog('simplesamlphp_auth', 'Register [%authname]', array('%authname' => $authname), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Register [%authname]', array('%authname' => $authname), WATCHDOG_DEBUG); + } // It's possible that a user with this name already exists, but is not // permitted to login to Drupal via SAML. If so, log out of SAML and // redirect to the front page. $account = user_load_by_name($authname); if ($account) { - watchdog('simplesamlphp_auth', 'User [%authname] could not be registered because that username already exists and is not SAML enabled.', array( - '%authname' => $authname, - ), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'User [%authname] could not be registered because that username already exists and is not SAML enabled.', array( + '%authname' => $authname, + ), WATCHDOG_DEBUG); + } drupal_set_message(t('We are sorry, your user account is not SAML enabled.')); $_simplesamlphp_auth_as->logout(base_path()); @@ -112,10 +119,12 @@ function _simplesaml_auth_user_register($authname) { // Register the new user. user_external_login_register($authname, 'simplesamlphp_auth'); - watchdog('simplesamlphp_auth', 'Registered [%authname] with uid @uid', array( - '%authname' => $authname, - '@uid' => $user->uid, - ), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Registered [%authname] with uid @uid', array( + '%authname' => $authname, + '@uid' => $user->uid, + ), WATCHDOG_DEBUG); + } if (!empty($user->uid)) { // Populate roles based on configuration setting. @@ -149,7 +158,9 @@ function _simplesaml_auth_user_register($authname) { * The user account object to update. */ function _simplesaml_auth_user_update($account) { - watchdog('simplesamlphp_auth', 'Updating username [%acctname]', array('%acctname' => $account->name), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Updating username [%acctname]', array('%acctname' => $account->name), WATCHDOG_DEBUG); + } db_update('users') ->fields(array('name' => $account->name)) @@ -165,7 +176,9 @@ function _simplesaml_auth_user_update($account) { watchdog('simplesamlphp_auth', $e->getMessage(), NULL, WATCHDOG_CRITICAL); } - watchdog('simplesamlphp_auth', 'Updating mail [%mailaddr]', array('%mailaddr' => $mail_address), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Updating mail [%mailaddr]', array('%mailaddr' => $mail_address), WATCHDOG_DEBUG); + } if (!empty($mail_address)) { db_update('users') @@ -190,7 +203,9 @@ function _simplesaml_auth_user_login($ext_user) { // See if we're supposed to re-evaluate role assignments. if (variable_get('simplesamlphp_auth_roleevaleverytime', 0)) { // Populate roles based on configuration setting. - watchdog('simplesamlphp_auth', 'User already registered [%authname] updating roles.', array('%authname' => $ext_user->name), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'User already registered [%authname] updating roles.', array('%authname' => $ext_user->name), WATCHDOG_DEBUG); + } $roles = _simplesamlphp_auth_rolepopulation(variable_get('simplesamlphp_auth_rolepopulation', '')); $userinfo = array('roles' => $roles); diff --git a/simplesamlphp_auth.install b/simplesamlphp_auth.install index 1b1bd99..19c8832 100644 --- a/simplesamlphp_auth.install +++ b/simplesamlphp_auth.install @@ -38,6 +38,7 @@ function simplesamlphp_auth_uninstall() { variable_del('simplesamlphp_auth_authsource'); variable_del('simplesamlphp_auth_rolepopulation'); variable_del('simplesamlphp_auth_roleevaleverytime'); + variable_del('simplesamlphp_auth_debug'); variable_del('simplesamlphp_auth_registerusers'); variable_del('simplesamlphp_auth_allowsetdrupalpwd'); variable_del('simplesamlphp_auth_allowdefaultlogin'); diff --git a/simplesamlphp_auth.module b/simplesamlphp_auth.module index 4f59c3c..397b03b 100644 --- a/simplesamlphp_auth.module +++ b/simplesamlphp_auth.module @@ -199,7 +199,9 @@ function simplesamlphp_auth_user_insert(&$edit, $account, $category = NULL) { if ($_simplesamlphp_auth_as->isAuthenticated() && _simplesamlphp_auth_get_authname() == $account->init) { // Get name from default attributes. try { - watchdog('simplesamlphp_auth', 'Registering user [%acctname]', array('%acctname' => $account->name), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Registering user [%acctname]', array('%acctname' => $account->name), WATCHDOG_DEBUG); + } $account->name = _simplesamlphp_auth_get_default_name($account->uid); } catch (Exception $e) { @@ -438,7 +440,9 @@ function _simplesamlphp_auth_get_authname() { // Check if valid local session exists. if (isset($_simplesamlphp_auth_saml_attributes)) { - watchdog('simplesamlphp_auth', '_simplesamlphp_auth_get_authname: Valid local SAML session exists', NULL, WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', '_simplesamlphp_auth_get_authname: Valid local SAML session exists', NULL, WATCHDOG_DEBUG); + } if (isset($_simplesamlphp_auth_saml_attributes[variable_get('simplesamlphp_auth_unique_id', 'eduPersonPrincipalName')])) { $authname = $_simplesamlphp_auth_saml_attributes[variable_get('simplesamlphp_auth_unique_id', 'eduPersonPrincipalName')][0]; } @@ -551,11 +555,13 @@ function _simplesamlphp_auth_generate_block_text() { * An array containing role value and the attribute, or FALSE. */ function _simplesamlphp_auth_evaulaterolerule($roleruleevaluation, $attributes) { - watchdog('simplesamlphp_auth', 'Evaluate rule (key=%key,operator=%op,value=%val)', array( - '%key' => $roleruleevaluation[0], - '%op' => $roleruleevaluation[1], - '%val' => $roleruleevaluation[2], - ), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Evaluate rule (key=%key,operator=%op,value=%val)', array( + '%key' => $roleruleevaluation[0], + '%op' => $roleruleevaluation[1], + '%val' => $roleruleevaluation[2], + ), WATCHDOG_DEBUG); + } if (!array_key_exists($roleruleevaluation[0], $attributes)) { return FALSE; @@ -601,19 +607,24 @@ function _simplesamlphp_auth_rolepopulation($rolemap) { global $_simplesamlphp_auth_saml_attributes; $roles = array(); - watchdog('simplesamlphp_auth', 'Rolemap: %rolemap', array('%rolemap' => $rolemap), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Rolemap: %rolemap', array('%rolemap' => $rolemap), WATCHDOG_DEBUG); + } // Check if valid local session exists.. if (!empty($rolemap) && $_simplesamlphp_auth_as->isAuthenticated()) { $attributes = $_simplesamlphp_auth_saml_attributes; - watchdog('simplesamlphp_auth', 'Evaluate rolemap: %rolemap', array('%rolemap' => $rolemap), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Evaluate rolemap: %rolemap', array('%rolemap' => $rolemap), WATCHDOG_DEBUG); + } $rolerules = explode('|', $rolemap); foreach ($rolerules as $rolerule) { - watchdog('simplesamlphp_auth', 'Evaluate role rule: %rolerule', array('%rolerule' => $rolerule), WATCHDOG_DEBUG); - + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Evaluate role rule: %rolerule', array('%rolerule' => $rolerule), WATCHDOG_DEBUG); + } $roleruledecompose = explode(':', $rolerule, 2); $roleid = $roleruledecompose[0]; @@ -622,7 +633,9 @@ function _simplesamlphp_auth_rolepopulation($rolemap) { $addnew = TRUE; foreach ($roleruleevaluations as $roleruleevaluation) { - watchdog('simplesamlphp_auth', 'Evaluate role evaulation: %roleruleeval', array('%roleruleeval' => $roleruleevaluation), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Evaluate role evaulation: %roleruleeval', array('%roleruleeval' => $roleruleevaluation), WATCHDOG_DEBUG); + } $roleruleevaluationdc = str_getcsv($roleruleevaluation); if (!_simplesamlphp_auth_evaulaterolerule($roleruleevaluationdc, $attributes)) { @@ -631,7 +644,9 @@ function _simplesamlphp_auth_rolepopulation($rolemap) { } if ($addnew) { $roles[$roleid] = $roleid; - watchdog('simplesamlphp_auth', 'Add new role: %roleid', array('%roleid' => $roleid), WATCHDOG_DEBUG); + if (variable_get('simplesamlphp_auth_debug', 0)) { + watchdog('simplesamlphp_auth', 'Add new role: %roleid', array('%roleid' => $roleid), WATCHDOG_DEBUG); + } } }