From c874596c86f28f26d97033becae151825f4d7462 Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Tue, 6 Jun 2023 16:55:22 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20SSO=E3=83=AD=E3=82=B0=E3=82=A4=E3=83=B3?= =?UTF-8?q?=E3=83=A6=E3=83=BC=E3=82=B6=E3=83=BC=E5=88=A4=E5=AE=9A=E3=81=AE?= =?UTF-8?q?=E3=83=AD=E3=82=B8=E3=83=83=E3=82=AF=E4=BF=AE=E6=AD=A3=E3=80=82?= =?UTF-8?q?=E3=83=AD=E3=82=B0=E3=82=82=E4=BB=95=E8=BE=BC=E3=82=93=E3=81=A0?= =?UTF-8?q?=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ecs/jskult-webapp/src/controller/login.py | 18 ++++++++++++++---- ecs/jskult-webapp/src/model/db/user_master.py | 2 +- .../src/model/internal/session.py | 10 +++++----- .../src/model/view/user_view_model.py | 3 --- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/ecs/jskult-webapp/src/controller/login.py b/ecs/jskult-webapp/src/controller/login.py index fea45a75..09032af5 100644 --- a/ecs/jskult-webapp/src/controller/login.py +++ b/ecs/jskult-webapp/src/controller/login.py @@ -9,6 +9,7 @@ from starlette import status from src.depends.auth import code_security from src.depends.services import get_service from src.error.exceptions import JWTTokenVerifyException, NotAuthorizeException +from src.logging.get_logger import get_logger from src.model.internal.session import UserSession from src.model.request.login import LoginModel from src.model.view.mainte_login_view_model import MainteLoginViewModel @@ -21,6 +22,8 @@ from src.templates import templates router = APIRouter() router.route_class = AfterSetCookieSessionRoute +logger = get_logger('ログイン') + ######################### # Views # ######################### @@ -66,9 +69,10 @@ def login( try: jwt_token = login_service.login(request.username, request.password) except NotAuthorizeException as e: - print(e) + logger.exception(e) raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_ERROR) - except JWTTokenVerifyException: + except JWTTokenVerifyException as e: + logger.exception(e) raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_SESSION_EXPIRED) verified_token = jwt_token.verify_token() @@ -77,10 +81,13 @@ def login( user_record = login_service.logged_in_user(user_id) # ユーザーが有効ではない場合、ログアウトにリダイレクトする if not user_record.is_enable_user(): + logger.info(f'無効なユーザー: {user_id}, 有効フラグ: {user_record.enabled_flg}') raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_ERROR) # メンテユーザーではない場合、ログアウトにリダイレクトする if user_record is None or not user_record.is_maintenance_user(): + logger.info(f'メンテナンスユーザーではない: {user_id}, メンテナンスユーザーフラグ: {user_record.mntuser_flg}') raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_ERROR) + logger.info(f'メンテナンスユーザー認証成功: {user_id}') # CSRFトークンを生成 csrf_token = secrets.token_urlsafe(32) # DynamoDBにトークンIDを設定する @@ -118,7 +125,8 @@ def sso_authorize( try: # トークン検証 verified_token = jwt_token.verify_token() - except JWTTokenVerifyException: + except JWTTokenVerifyException as e: + logger.exception(e) raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_SESSION_EXPIRED) # トークンからユーザーIDを取得 @@ -126,11 +134,13 @@ def sso_authorize( user_record = login_service.logged_in_user(user_id) # ユーザーが有効ではない場合、ログアウトにリダイレクトする if not user_record.is_enable_user(): + logger.info(f'無効なユーザー: {user_id}, 有効フラグ: {user_record.enabled_flg}') raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_ERROR) # Merckユーザーではない場合、ログアウトにリダイレクトする if user_record is None or not user_record.is_groupware_user(): + logger.info(f'メンテナンスユーザーではない: {user_id}, メンテナンスユーザーフラグ: {user_record.mntuser_flg}') raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=constants.LOGOUT_REASON_LOGIN_ERROR) - + logger.info(f'顧客ユーザー認証成功: {user_id}') # CSRFトークンを生成 csrf_token = secrets.token_urlsafe(32) # DynamoDBにトークンIDを設定する diff --git a/ecs/jskult-webapp/src/model/db/user_master.py b/ecs/jskult-webapp/src/model/db/user_master.py index 82fe50f9..4fe966aa 100644 --- a/ecs/jskult-webapp/src/model/db/user_master.py +++ b/ecs/jskult-webapp/src/model/db/user_master.py @@ -33,4 +33,4 @@ class UserMasterModel(BaseDBModel): return self.mntuser_flg == '1' def is_groupware_user(self): - return self.mntuser_flg == '0' + return self.mntuser_flg == '0' or self.mntuser_flg is None diff --git a/ecs/jskult-webapp/src/model/internal/session.py b/ecs/jskult-webapp/src/model/internal/session.py index 15739c28..d04e6207 100644 --- a/ecs/jskult-webapp/src/model/internal/session.py +++ b/ecs/jskult-webapp/src/model/internal/session.py @@ -14,11 +14,11 @@ class UserSession(DynamoDBTableModel): session_key = UnicodeAttribute(hash_key=True) user_id = UnicodeAttribute() id_token = UnicodeAttribute() - doc_flg = UnicodeAttribute() - inst_flg = UnicodeAttribute() - bio_flg = UnicodeAttribute() - master_mainte_flg = UnicodeAttribute() - user_flg = UnicodeAttribute() + doc_flg = UnicodeAttribute(null=True) + inst_flg = UnicodeAttribute(null=True) + bio_flg = UnicodeAttribute(null=True) + master_mainte_flg = UnicodeAttribute(null=True) + user_flg = UnicodeAttribute(null=True) refresh_token = UnicodeAttribute() csrf_token = UnicodeAttribute() last_access_time = NumberAttribute() diff --git a/ecs/jskult-webapp/src/model/view/user_view_model.py b/ecs/jskult-webapp/src/model/view/user_view_model.py index 3ef9ca12..55f1528a 100644 --- a/ecs/jskult-webapp/src/model/view/user_view_model.py +++ b/ecs/jskult-webapp/src/model/view/user_view_model.py @@ -21,6 +21,3 @@ class UserViewModel(BaseModel): def has_master_maintenance_permission(self): return self.master_mainte_flg == '1' - - def is_maintenance_user(self): - return self.user_flg == '1'