Skip to content

Commit

Permalink
[TECH] Ajout de monitoring sur api/token (PIX-15565)
Browse files Browse the repository at this point in the history
  • Loading branch information
pix-service-auto-merge authored Dec 4, 2024
2 parents 021de30 + 479b46e commit 92f524e
Show file tree
Hide file tree
Showing 4 changed files with 83 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import { logger } from '../../shared/infrastructure/utils/logger.js';
import { generateHash } from '../infrastructure/utils/crypto.js';

async function monitorApiTokenRoute(request, h, dependencies = { logger }) {
const { username, refresh_token, grant_type, scope } = request.payload;

if (grant_type === 'password') {
const hash = generateHash(username);
dependencies.logger.warn({ hash, grant_type, scope }, 'Authentication attempt');
} else if (grant_type === 'refresh_token') {
const hash = generateHash(refresh_token);
dependencies.logger.warn({ hash, grant_type, scope }, 'Authentication attempt');
} else {
dependencies.logger.warn(request.payload, 'Authentication attempt with unknown method');
}

return true;
}

export const monitorPreHandlers = { monitorApiTokenRoute };
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import Joi from 'joi';

import { BadRequestError, sendJsonApiError } from '../../../shared/application/http-errors.js';
import { securityPreHandlers } from '../../../shared/application/security-pre-handlers.js';
import { monitorPreHandlers } from '../monitor-pre-handlers.js';
import { tokenController } from './token.controller.js';

export const tokenRoutes = [
Expand All @@ -28,7 +29,7 @@ export const tokenRoutes = [
}),
),
},
pre: [{ method: securityPreHandlers.checkIfUserIsBlocked }],
pre: [{ method: monitorPreHandlers.monitorApiTokenRoute }, { method: securityPreHandlers.checkIfUserIsBlocked }],
handler: (request, h) => tokenController.createToken(request, h),
tags: ['identity-access-management', 'api', 'token'],
notes: [
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import crypto from 'node:crypto';

export function generateHash(data) {
if (!data) return null;

const hash = crypto.createHash('sha256');
hash.update(data);
return hash.digest('hex');
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
import { monitorPreHandlers } from '../../../../src/identity-access-management/application/monitor-pre-handlers.js';
import { generateHash } from '../../../../src/identity-access-management/infrastructure/utils/crypto.js';
import { expect, hFake, sinon } from '../../../test-helper.js';

describe('Unit | Identity Access Management | Application | monitor-pre-handlers', function () {
describe('#monitorApiTokenRoute', function () {
it('logs authentication attempt with grant type password', function () {
// given
const username = '[email protected]';
const grant_type = 'password';
const scope = 'pix-app';
const hash = generateHash(username);
const logger = { warn: sinon.stub() };
const request = { payload: { grant_type, username, scope } };

// when
monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger });

// then
expect(logger.warn).to.have.been.calledWith({ hash, grant_type, scope }, 'Authentication attempt');
});

it('logs authentication attempt with grant type refresh token', async function () {
// given
const refresh_token = '123';
const grant_type = 'refresh_token';
const scope = 'pix-app';
const hash = generateHash(refresh_token);
const logger = { warn: sinon.stub() };
const request = { payload: { grant_type, refresh_token, scope } };

// when
monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger });

// then
expect(logger.warn).to.have.been.calledWith({ hash, grant_type, scope }, 'Authentication attempt');
});

it('logs authentication attempt with grant type unknown', async function () {
// given
const grant_type = 'unknown';
const logger = { warn: sinon.stub() };
const request = { payload: { foo: 'bar', grant_type } };

// when
monitorPreHandlers.monitorApiTokenRoute(request, hFake, { logger });

// then
expect(logger.warn).to.have.been.calledWith(request.payload, 'Authentication attempt with unknown method');
});
});
});

0 comments on commit 92f524e

Please sign in to comment.