From b21abdd0890157ba38274db1b32051b37e439c13 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 16 Sep 2024 20:49:37 +0200
Subject: [PATCH] fix: Add more logging to the saml/acs endpoint

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 lib/Controller/SAMLController.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
index 984cc660..27a4333e 100644
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@@ -361,6 +361,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
 			$response->invalidateCookie('saml_data');
 			return $response;
 		}
+		$this->logger->debug('Authentication successful', ['app' => 'user_saml']);
 
 		// Check whether the user actually exists, if not redirect to an error page
 		// explaining the issue.
@@ -368,16 +369,17 @@ public function assertionConsumerService(): Http\RedirectResponse {
 			$this->userData->setAttributes($auth->getAttributes());
 			$this->autoprovisionIfPossible();
 		} catch (NoUserFoundException $e) {
-			$this->logger->error($e->getMessage(), ['app' => $this->appName]);
+			$this->logger->error($e->getMessage(), ['app' => $this->appName, 'exception' => $e]);
 			$response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned'));
 			$response->invalidateCookie('saml_data');
 			return $response;
 		} catch (UserFilterViolationException $e) {
-			$this->logger->error($e->getMessage(), ['app' => $this->appName]);
+			$this->logger->error($e->getMessage(), ['app' => $this->appName, 'exception' => $e]);
 			$response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notPermitted'));
 			$response->invalidateCookie('saml_data');
 			return $response;
 		}
+		$this->logger->debug('Attributes provisioned', ['app' => 'user_saml', 'attributes' => $auth->getAttributes()]);
 
 		$this->session->set('user_saml.samlUserData', $auth->getAttributes());
 		$this->session->set('user_saml.samlNameId', $auth->getNameId());
@@ -386,6 +388,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
 		$this->session->set('user_saml.samlNameIdSPNameQualifier', $auth->getNameIdSPNameQualifier());
 		$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
 		$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
+		$this->logger->debug('Session values set', ['app' => 'user_saml']);
 		try {
 			$user = $this->userResolver->findExistingUser($this->userBackend->getCurrentUserId());
 			$firstLogin = $user->updateLastLoginTimestamp();
@@ -400,6 +403,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
 			$response->invalidateCookie('saml_data');
 			return $response;
 		}
+		$this->logger->debug('User found, last login timestamp updated', ['app' => 'user_saml']);
 
 		$originalUrl = $data['RelayState'] ?? $data['OriginalUrl'];
 		if ($originalUrl !== null && $originalUrl !== '') {