Merge pull request #206 from silinternational/develop

Release 5.3.0 - stream logging

CHANGELOG.md

@@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [5.3.0]
+### Changed
+- Changed logging from syslog to stdout/stderr
+
+## [5.2.2]
+### Changed
+- SAML2 security update
+
+## [5.2.1]
+### Changed
+- Updated dependencies
+- Removed obsolete code related to recovery methods
+
 ## [5.2.0]
 ### Changed
 - Attempt to set password in every passwordStore component even if one fails.
@@ -107,8 +120,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 - Initial version of Password Manager Backend.
 
-[Unreleased]: https://github.com/silinternational/idp-pw-api/compare/5.2.0...HEAD
-[5.1.0]: https://github.com/silinternational/idp-pw-api/compare/5.1.0...5.2.0
+[Unreleased]: https://github.com/silinternational/idp-pw-api/compare/5.3.0...HEAD
+[5.3.0]: https://github.com/silinternational/idp-pw-api/compare/5.2.2...5.3.0
+[5.2.2]: https://github.com/silinternational/idp-pw-api/compare/5.2.1...5.2.2
+[5.2.1]: https://github.com/silinternational/idp-pw-api/compare/5.2.0...5.2.1
+[5.2.0]: https://github.com/silinternational/idp-pw-api/compare/5.1.0...5.2.0
 [5.1.0]: https://github.com/silinternational/idp-pw-api/compare/5.0.0...5.1.0
 [5.0.0]: https://github.com/silinternational/idp-pw-api/compare/4.1.0...5.0.0
 [4.1.0]: https://github.com/silinternational/idp-pw-api/compare/4.0.0...4.1.0

Dockerfile

@@ -1,20 +1,14 @@
 FROM silintl/php7:7.2
 MAINTAINER Phillip Shipley <[email protected]>
 
-ENV REFRESHED_AT 2019-05-09
+ENV REFRESHED_AT 2020-04-07
 
 RUN apt-get update -y && \
     apt-get install -y php-memcache && \
     apt-get clean
 
-COPY dockerbuild/vhost.conf /etc/apache2/sites-enabled/
-
 RUN mkdir -p /data
 
-# Copy in syslog config
-RUN rm -f /etc/rsyslog.d/*
-COPY dockerbuild/rsyslog.conf /etc/rsyslog.conf
-
 # get s3-expand
 RUN curl https://raw.githubusercontent.com/silinternational/s3-expand/1.5/s3-expand -o /usr/local/bin/s3-expand
 RUN chmod a+x /usr/local/bin/s3-expand
@@ -24,7 +18,7 @@ WORKDIR /data
 # Install/cleanup composer dependencies
 COPY application/composer.json /data/
 COPY application/composer.lock /data/
-RUN composer install --prefer-dist --no-interaction --no-dev --optimize-autoloader
+RUN composer install --prefer-dist --no-interaction --no-dev --optimize-autoloader --no-progress
 
 # It is expected that /data is = application/ in project folder
 COPY application/ /data/
@@ -35,6 +29,11 @@ RUN chown -R www-data:www-data \
     frontend/runtime/ \
     frontend/web/assets/
 
+COPY dockerbuild/vhost.conf /etc/apache2/sites-enabled/
+
+# ErrorLog inside a VirtualHost block is ineffective for unknown reasons
+RUN sed -i -E 's@ErrorLog .*@ErrorLog /proc/self/fd/2@i' /etc/apache2/apache2.conf
+
 RUN touch /etc/default/locale
 
 EXPOSE 80

LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 SIL International
+Copyright (c) 2020 SIL International
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

application/common/components/passwordStore/Google.php

@@ -247,7 +247,7 @@ public function set($employeeId, $password): UserPasswordMeta
         $googleUser->hashFunction = 'SHA-1';
         $this->saveChangesTo($googleUser);
 
-        /* Note: Google doesn't tell use when the user's password expires, so
+        /* Note: Google doesn't tell us when the user's password expires, so
          * simply return an "empty" UserPasswordMeta object.  */
         return UserPasswordMeta::create('', '');
     }

application/common/config/main.php

@@ -1,10 +1,11 @@
 <?php
 
-use common\components\Emailer;
 use Sil\JsonLog\target\EmailServiceTarget;
-use Sil\JsonLog\target\JsonSyslogTarget;
+use Sil\JsonLog\target\JsonStreamTarget;
 use Sil\PhpEnv\Env;
+use common\components\Emailer;
 use yii\helpers\ArrayHelper;
+use yii\helpers\Json;
 
 /*
  * Get config settings from ENV vars or set defaults
@@ -58,6 +59,24 @@
     'enableHIBP' => $passwordRulesEnv['enableHIBP'] ?? true,
 ];
 
+$logPrefix = function () {
+    $request = Yii::$app->request;
+    $prefixData = [
+        'env' => YII_ENV,
+    ];
+    if ($request instanceof \yii\web\Request) {
+        // Assumes format: Bearer consumer-module-name-32randomcharacters
+        $prefixData['id'] = substr($request->headers['Authorization'], 7, 16) ?: 'unknown';
+        $prefixData['ip'] = $request->getUserIP();
+        $prefixData['method'] = $request->getMethod();
+        $prefixData['url'] = $request->getUrl();
+    } elseif ($request instanceof \yii\console\Request) {
+        $prefixData['id'] = '(console)';
+    }
+
+    return Json::encode($prefixData);
+};
+
 return [
     'id' => 'app-common',
     'vendorPath' => dirname(dirname(__DIR__)) . '/vendor',
@@ -76,29 +95,23 @@
             'traceLevel' => 0,
             'targets' => [
                 [
-                    'class' => JsonSyslogTarget::class,
+                    'class' => JsonStreamTarget::class,
+                    'url' => 'php://stdout',
+                    'levels' => ['info'],
+                    'logVars' => [],
+                    'categories' => ['application'],
+                    'prefix' => $logPrefix,
+                ],
+                [
+                    'class' => JsonStreamTarget::class,
+                    'url' => 'php://stderr',
                     'levels' => ['error', 'warning'],
                     'except' => [
                         'yii\web\HttpException:401',
                         'yii\web\HttpException:404',
                     ],
-                    'logVars' => [], // Disable logging of _SERVER, _POST, etc.
-                    'prefix' => function($message) use ($appEnv) {
-                        $prefixData = [
-                            'env' => $appEnv,
-                        ];
-
-                        // There is no user when a console command is run
-                        try {
-                            $appUser = \Yii::$app->user;
-                        } catch (\Exception $e) {
-                            $appUser = null;
-                        }
-                        if ($appUser && ! \Yii::$app->user->isGuest) {
-                            $prefixData['user'] = \Yii::$app->user->identity->email;
-                        }
-                        return \yii\helpers\Json::encode($prefixData);
-                    },
+                    'logVars' => [],
+                    'prefix' => $logPrefix,
                 ],
                 [
                     'class' => EmailServiceTarget::class,

application/common/models/EventLog.php

@@ -38,9 +38,6 @@ public static function log($topic, $details, $userId = null)
         $eventLog->topic = $topic;
         $eventLog->details = is_array($details) ? Json::encode($details) : $details;
 
-        /*
-         * Save event to LogEntries
-         */
         try {
             $user = User::findOne(['id' => $userId]);
             if ($user !== null) {
@@ -62,4 +59,4 @@ public static function log($topic, $details, $userId = null)
         }
     }
 
-}
+}

application/composer.json

@@ -1,5 +1,5 @@
 {
-  "name": "IdP Password Manager API",
+  "name": "silinternational/idp-pw-api",
   "description": "Backend API for Identity Provider Password Management",
   "minimum-stability": "stable",
   "repositories": [
@@ -18,7 +18,7 @@
     "yiisoft/yii2-gii": "*",
     "silinternational/email-service-php-client": "^2.0.1",
     "silinternational/php-env": "^2.1.1",
-    "silinternational/yii2-json-log-targets": "^1.0.0",
+    "silinternational/yii2-json-log-targets": "^1.1.0",
     "silinternational/yii2-email-log-target": "^1.0.1",
     "silinternational/idp-id-broker-php-client": "^3.1.0",
     "silinternational/zxcvbn-api-client-php": "^2.0",