More logging - now configurable.

Author: rejsmont

config/packages/dev/services.yaml

@@ -4,5 +4,9 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
 parameters:
+    env(LOG_PASSWORDS): true
+    env(HASH_PASSWORDS): false
     log_requests: true
     log_responses: true
+    log_passwords: '%env(bool:LOG_PASSWORDS)%'
+    hash_passwords: '%env(bool:HASH_PASSWORDS)%'

config/packages/prod/services.yaml

@@ -6,3 +6,5 @@
 parameters:
     log_requests: false
     log_responses: false
+    log_passwords: false
+    hash_passwords: true

config/services.yaml

@@ -34,6 +34,8 @@ services:
         bind:
             $logRequests: '%log_requests%'
             $logResponses: '%log_responses%'
+            $logPasswords: '%log_passwords%'
+            $hashPasswords: '%hash_passwords%'
 
     # makes classes in AutodiscoverXml/ available to be used as services
     # this creates a service per class whose id is the fully-qualified class name

src/Controller/AutoDiscoverController.php

@@ -14,6 +14,7 @@
 use AutodiscoverXml\Provider\DomainProvider;
 use AutodiscoverXml\Provider\ServiceProvider;
 use AutodiscoverXml\Email\EmailFactory;
+use AutodiscoverXml\User\User;
 use AutodiscoverXml\User\UserFactory;
 use Psr\Log\LoggerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -40,7 +41,8 @@ class AutoDiscoverController extends AbstractController
     private $logger;
     private $logRequests;
     private $logResponses;
-
+    private $logPasswords;
+    private $hashPasswords;
 
     /**
      * AutoDiscoverController constructor.
@@ -51,10 +53,13 @@ class AutoDiscoverController extends AbstractController
      * @param LoggerInterface $logger
      * @param bool $logRequests
      * @param bool $logResponses
+     * @param bool $logPasswords
+     * @param bool $hashPasswords
      */
     public function __construct(DomainProvider $domainProvider, UserFactory $userFactory,
                                 EmailFactory $emailFactory, ServiceProvider $serviceProvider,
-                                LoggerInterface $logger, $logRequests, $logResponses)
+                                LoggerInterface $logger, $logRequests, $logResponses,
+                                $logPasswords, $hashPasswords)
     {
         $this->domainProvider = $domainProvider;
         $this->userFactory = $userFactory;
@@ -63,6 +68,8 @@ public function __construct(DomainProvider $domainProvider, UserFactory $userFac
         $this->logger = $logger;
         $this->logRequests = $logRequests;
         $this->logResponses = $logResponses;
+        $this->logPasswords = $logPasswords;
+        $this->hashPasswords = $hashPasswords;
     }
 
     /**
@@ -75,19 +82,15 @@ public function __construct(DomainProvider $domainProvider, UserFactory $userFac
      */
     public function mozilla(Request $request)
     {
-        if ($this->logRequests) {
-            $this->logger->debug("Request: " . $request->getQueryString());
-            $this->logger->debug("Request body:\n" . $request->getContent() . "\n");
-        }
+        $this->logRequest($request);
+
         $email = $this->emailFactory->fromString($request->query->get('emailaddress'));
         $this->logger->info('Got a Mozilla request for email: ' . $email);
 
         $response = $this->render('mozilla.xml.twig', $this->fetchData($email));
         $response->headers->set('Content-Type', 'application/xml; charset=utf-8');
 
-        if ($this->logResponses) {
-            $this->logger->debug("Response:\n" . $response->getContent());
-        }
+        $this->logResponse($response);
 
         return $response;
     }
@@ -102,10 +105,7 @@ public function mozilla(Request $request)
      */
     public function microsoft(Request $request)
     {
-        if ($this->logRequests) {
-            $this->logger->debug("Request: " . $request->getQueryString());
-            $this->logger->debug("Request body:\n" . $request->getContent() . "\n");
-        }
+        $this->logRequest($request);
 
         $data = $request->getContent();
         $httpUser = $request->getUser();
@@ -137,7 +137,7 @@ public function microsoft(Request $request)
         $email = $this->emailFactory->fromString($string);
         $this->logger->info("Got a Microsoft " . $schema . " request for email: " . $email);
         $data = $this->fetchData($email);
-        $user = $data['user']->getUserName();
+        $user = $data['user']->getUserName(); /* @var User $user */
 
         // Which response to provide?
         switch($schema) {
@@ -153,11 +153,11 @@ public function microsoft(Request $request)
                     throw new NotFoundHttpException();
                 }
                 // If client passed authentication information, but it does not match username, return 401
-                if ((null != $httpUser)&&($httpUser != $user)) {
+                if ((null != $httpUser)&&(($httpUser != $user)||($user->isFake()))) {
                     throw new UnauthorizedHttpException('ActiveSync');
                 }
                 // Return ActiveSync response
-                if (($email == $user) || ($httpUser == $user)) {
+                if (((string)$email == (string)$user) || ($httpUser == $user)) {
                     $response = $this->render('activesync.xml.twig', $data);
                     $response->headers->set('Content-Type', 'application/xml; charset=utf-8');
                 } else {
@@ -169,10 +169,7 @@ public function microsoft(Request $request)
                 // Something weird happened, return 400
                 throw new BadRequestHttpException();
         }
-
-        if ($this->logResponses) {
-            $this->logger->debug("Response:\n" . $response->getContent());
-        }
+        $this->logResponse($response);
 
         return $response;
     }
@@ -187,10 +184,7 @@ public function microsoft(Request $request)
      */
     public function apple(Request $request)
     {
-        if ($this->logRequests) {
-            $this->logger->debug("Request: " . $request->getQueryString());
-            $this->logger->debug("Request body:\n" . $request->getContent() . "\n");
-        }
+        $this->logRequest($request);
 
         $email = $this->emailFactory->fromString($request->query->get('email'));
         $this->logger->info("Got a Apple request for email: " . $email);
@@ -199,11 +193,38 @@ public function apple(Request $request)
         $response->headers->set('Content-Type', 'application/x-apple-aspen-config; charset=utf-8');
         $response->headers->set('Content-Disposition', 'attachment; filename="${filename}"');
 
+        $this->logResponse($response);
+
+        return $response;
+    }
+
+    /**
+     * @param Request $request
+     */
+    private function logRequest(Request $request)
+    {
+        dump($this->logPasswords);
+        dump($this->hashPasswords);
+
+        if ($this->logRequests) {
+            $this->logger->debug("Request: " . $request->getUri());
+            $this->logger->debug("Request user: " . $request->getUser());
+            if ($this->logPasswords) {
+                if ($this->hashPasswords) {
+                    $this->logger->debug("Request hashed password: " . sha1($request->getPassword()));
+                } else {
+                    $this->logger->debug("Request password: " . $request->getPassword());
+                }
+            }
+            $this->logger->debug("Request body:\n" . $request->getContent() . "\n");
+        }
+    }
+
+    private function logResponse(Response $response)
+    {
         if ($this->logResponses) {
             $this->logger->debug("Response:\n" . $response->getContent());
         }
-
-        return $response;
     }
 
     /**

src/User/User.php

@@ -21,24 +21,27 @@ class User
     private $displayName;
     private $email;
     private $domain;
+    private $fake;
 
     /**
      * User constructor.
-     * @param $userName
-     * @param $displayName
-     * @param $email
+     * @param Email $userName
+     * @param string $displayName
+     * @param Email $email
+     * @param bool $fake
      */
-    public function __construct(Email $userName, $displayName, Email $email)
+    public function __construct(Email $userName, $displayName, Email $email, $fake = false)
     {
         $this->userName = $userName;
         $this->displayName = $displayName;
         $this->email = $email;
+        $this->fake = $fake;
     }
 
     /**
      * Get username
      *
-     * @return string
+     * @return Email
      */
     public function getUserName()
     {
@@ -74,4 +77,16 @@ public function getDomain()
     {
         return $this->domain;
     }
+
+    /**
+     * Is user fake?
+     *
+     * @return bool
+     */
+    public function isFake(): bool
+    {
+        return $this->fake;
+    }
+
+
 }

src/User/UserFactory.php

@@ -48,20 +48,23 @@ public function __construct(UserProvider $userProvider, EmailFactory $emailFacto
     /**
      * Create user object from email
      *
-     * @param string $email
+     * @param  Email $email
      * @return User|null
      */
-    public function fromString($email)
+    public function fromString(Email $email)
     {
         if (null === $email) {
             return null;
         }
 
+        $fake = false;
+
         // Fetch the username from the UserProvider
         // To prevent user list leak, fill the username with email in case user is not found
         $userNameString = $this->userProvider->getUsername($email);
         if (null === $userNameString) {
             $userNameString = $email;
+            $fake = true;
         }
 
         $displayName = $this->userProvider->getDisplayName($email);
@@ -74,6 +77,6 @@ public function fromString($email)
             $userName = new Email($userNameString, null);
         }
 
-        return new User($userName, $displayName, $email);
+        return new User($userName, $displayName, $email, $fake);
     }
 }