forked from MirrorHub/synapse
Log saml assertions rather than the whole response
... since the whole response is huge. We even need to break up the assertions, since kibana otherwise truncates them.
This commit is contained in:
parent
14d8f342d5
commit
acc7820574
3 changed files with 72 additions and 1 deletions
|
@ -32,6 +32,7 @@ from synapse.types import (
|
|||
mxid_localpart_allowed_characters,
|
||||
)
|
||||
from synapse.util.async_helpers import Linearizer
|
||||
from synapse.util.iterutils import chunk_seq
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -132,7 +133,17 @@ class SamlHandler:
|
|||
logger.warning("SAML2 response was not signed")
|
||||
raise SynapseError(400, "SAML2 response was not signed")
|
||||
|
||||
logger.info("SAML2 response: %s", saml2_auth.origxml)
|
||||
logger.debug("SAML2 response: %s", saml2_auth.origxml)
|
||||
for assertion in saml2_auth.assertions:
|
||||
# kibana limits the length of a log field, whereas this is all rather
|
||||
# useful, so split it up.
|
||||
count = 0
|
||||
for part in chunk_seq(str(assertion), 10000):
|
||||
logger.info(
|
||||
"SAML2 assertion: %s%s", "(%i)..." % (count,) if count else "", part
|
||||
)
|
||||
count += 1
|
||||
|
||||
logger.info("SAML2 mapped attributes: %s", saml2_auth.ava)
|
||||
|
||||
try:
|
||||
|
|
|
@ -33,3 +33,16 @@ def batch_iter(iterable: Iterable[T], size: int) -> Iterator[Tuple[T]]:
|
|||
sourceiter = iter(iterable)
|
||||
# call islice until it returns an empty tuple
|
||||
return iter(lambda: tuple(islice(sourceiter, size)), ())
|
||||
|
||||
|
||||
ISeq = TypeVar("ISeq", bound=Sequence, covariant=True)
|
||||
|
||||
|
||||
def chunk_seq(iseq: ISeq, maxlen: int) -> Iterable[ISeq]:
|
||||
"""Split the given sequence into chunks of the given size
|
||||
|
||||
The last chunk may be shorter than the given size.
|
||||
|
||||
If the input is empty, no chunks are returned.
|
||||
"""
|
||||
return (iseq[i : i + maxlen] for i in range(0, len(iseq), maxlen))
|
||||
|
|
47
tests/util/test_itertools.py
Normal file
47
tests/util/test_itertools.py
Normal file
|
@ -0,0 +1,47 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Copyright 2020 The Matrix.org Foundation C.I.C.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
from synapse.util.iterutils import chunk_seq
|
||||
|
||||
from tests.unittest import TestCase
|
||||
|
||||
|
||||
class ChunkSeqTests(TestCase):
|
||||
def test_short_seq(self):
|
||||
parts = chunk_seq("123", 8)
|
||||
|
||||
self.assertEqual(
|
||||
list(parts), ["123"],
|
||||
)
|
||||
|
||||
def test_long_seq(self):
|
||||
parts = chunk_seq("abcdefghijklmnop", 8)
|
||||
|
||||
self.assertEqual(
|
||||
list(parts), ["abcdefgh", "ijklmnop"],
|
||||
)
|
||||
|
||||
def test_uneven_parts(self):
|
||||
parts = chunk_seq("abcdefghijklmnop", 5)
|
||||
|
||||
self.assertEqual(
|
||||
list(parts), ["abcde", "fghij", "klmno", "p"],
|
||||
)
|
||||
|
||||
def test_empty_input(self):
|
||||
parts = chunk_seq([], 5)
|
||||
|
||||
self.assertEqual(
|
||||
list(parts), [],
|
||||
)
|
Loading…
Reference in a new issue