SSO/OpenID: Also Log token header

2025-01-08 00:08:14 +01:00 · 2023-11-28 20:07:49 +01:00 · 2023-11-28 20:07:49 +01:00 · 618028503b
commit 618028503b
parent ad53894ea1
1 changed files with 8 additions and 6 deletions
--- a/server/Auth.js
+++ b/server/Auth.js
@ -363,10 +363,13 @@ class Auth {
        req.session[sessionKey].code_verifier = req.query.code_verifier
      }
-      function handleAuthError(isMobile, errorCode, errorMessage, logMessage, logMessageDetail) {
+      function handleAuthError(isMobile, errorCode, errorMessage, logMessage, response) {
        Logger.error(logMessage)
-        if (logMessageDetail) { 
+        if (response) {
-          Logger.debug(logMessageDetail.toString())
+          // Depending on the error, it can also have a body
          // We also log the request header the passport plugin sents for the URL
          const header = response.req?._header.replace(/Authorization: [^\r\n]*/i, 'Authorization: REDACTED')
          Logger.debug(header + '\n' + response.body?.toString())
        }
        if (isMobile) {
@ -380,13 +383,12 @@ class Auth {
        return (err, user, info) => {
          const isMobile = req.session[sessionKey]?.mobile === true
          if (err) {
-            return handleAuthError(isMobile, 500, 'Error in callback', `[Auth] Error in openid callback - ${err}`, err?.response?.body)
+            return handleAuthError(isMobile, 500, 'Error in callback', `[Auth] Error in openid callback - ${err}`, err?.response)
          }
          if (!user) {
            // Info usually contains the error message from the SSO provider
-            // Depending on the error, it can also have a body
+            return handleAuthError(isMobile, 401, 'Unauthorized', `[Auth] No user in openid callback - ${info}`, info?.response)
            return handleAuthError(isMobile, 401, 'Unauthorized', `[Auth] No user in openid callback - ${info}`, info?.response?.body)
          }
          req.logIn(user, (loginError) => {