feat(cb2-10665): do not log a valid JWT token

src/common/Logger.ts

@@ -2,7 +2,7 @@ import { ILogEvent } from "../models/ILogEvent";
 import { JWT_MESSAGE } from "../models/enums";
 import { ILogError } from "../models/ILogError";
 
-export const writeLogMessage = (log: ILogEvent, jwt: string, error?: any) => {
+export const writeLogMessage = (log: ILogEvent, error?: any) => {
  if (!error) {
  log.statusCode = 200;
  console.log(log);
@@ -32,7 +32,8 @@ export const writeLogMessage = (log: ILogEvent, jwt: string, error?: any) => {
  }
  }
  log.error = logError;
- log.error.token = jwt;
+ log.error.username = log.email;
+ log.error.roles = log.roles;
  console.error(log);
  }
  return log;

src/functions/authorizer.ts

@@ -21,7 +21,7 @@ export const authorizer = async (event: APIGatewayTokenAuthorizerEvent, context:
  const logEvent: ILogEvent = {};
 
  if (!process.env.AZURE_TENANT_ID || !process.env.AZURE_CLIENT_ID) {
- writeLogMessage(logEvent, event.authorizationToken, JWT_MESSAGE.INVALID_ID_SETUP);
+ writeLogMessage(logEvent, JWT_MESSAGE.INVALID_ID_SETUP);
  return unauthorisedPolicy();
  }
 
@@ -36,10 +36,10 @@ export const authorizer = async (event: APIGatewayTokenAuthorizerEvent, context:
  }
 
  reportNoValidRoles(jwt, event, context, logEvent);
- writeLogMessage(logEvent, event.authorizationToken, JWT_MESSAGE.INVALID_ROLES);
+ writeLogMessage(logEvent, JWT_MESSAGE.INVALID_ROLES);
  return unauthorisedPolicy();
  } catch (error: any) {
- writeLogMessage(logEvent, event.authorizationToken, error);
+ writeLogMessage(logEvent, error);
  return unauthorisedPolicy();
  }
 };

src/models/ILogError.ts

@@ -1,5 +1,7 @@
+import Role from "../services/roles";
 export interface ILogError {
  name?: string;
  message?: string;
- token?: string;
+ username?: string;
+ roles?: Role[];
 }

tests/unit/common/Logger.unitTest.ts

@@ -3,15 +3,17 @@ import { ILogEvent } from "../../../src/models/ILogEvent";
 import errorLogEvent from "../../resources/errorLogEvent.json";
 import { writeLogMessage } from "../../../src/common/Logger";
 import successLogEvent from "../../resources/successLogEvent.json";
+import jwtJson from "../../resources/jwt.json";
 
 describe("test writeLogMessage method", () => {
  const logError: ILogError = {};
  const logErrorEvent: ILogEvent = errorLogEvent;
- logErrorEvent.roles = [{ name: "name1", access: "read" }];
+ const jwtJsonClone = JSON.parse(JSON.stringify(jwtJson));
+ logErrorEvent.roles = jwtJsonClone.payload.roles;
 
  context("when only the log event is passed in", () => {
  it("should return no errors", () => {
- const returnValue: ILogEvent = writeLogMessage(successLogEvent, "mock-jwt", null);
+ const returnValue: ILogEvent = writeLogMessage(successLogEvent, null);
 
  expect(returnValue.statusCode).toBe(200);
  });
@@ -23,46 +25,52 @@ describe("test writeLogMessage method", () => {
  console.log = jest.fn();
 
  logError.name = "TokenExpiredError";
- const returnValue: ILogEvent = writeLogMessage(logErrorEvent,"mock-jwt", error);
+ const returnValue: ILogEvent = writeLogMessage(logErrorEvent, error);
 
  expect(returnValue.error?.name).toBe("TokenExpiredError");
  expect(returnValue.error?.message).toBe("[JWT-ERROR-07] Error at undefined");
- expect(returnValue.error?.token).toBe("mock-jwt");
+ expect(returnValue.error?.username).toBe(logErrorEvent.email);
+ expect(returnValue.error?.roles).toBe(logErrorEvent.roles);
+ });
  });
 
  it("should log NotBeforeError", () => {
  const error: ILogError = { name: "NotBeforeError" };
  console.log = jest.fn();
 
  logError.name = "NotBeforeError";
- const returnValue: ILogEvent = writeLogMessage(logErrorEvent,"mock-jwt", error);
+ const returnValue: ILogEvent = writeLogMessage(logErrorEvent, error);
 
  expect(returnValue.error?.name).toBe("NotBeforeError");
  expect(returnValue.error?.message).toBe("[JWT-ERROR-08] undefined until undefined");
- expect(returnValue.error?.token).toBe("mock-jwt");
+ expect(returnValue.error?.username).toBe(logErrorEvent.email);
+ expect(returnValue.error?.roles).toBe(logErrorEvent.roles);
+
  });
 
  it("should log JsonWebTokenError", () => {
  const error: ILogError = { name: "JsonWebTokenError", message: "test" };
  console.log = jest.fn();
 
  logError.name = "JsonWebTokenError";
- const returnValue: ILogEvent = writeLogMessage(logErrorEvent,"mock-jwt", error);
+ const returnValue: ILogEvent = writeLogMessage(logErrorEvent, error);
 
  expect(returnValue.error?.name).toBe("JsonWebTokenError");
  expect(returnValue.error?.message).toBe("[JWT-ERROR-09] test");
- expect(returnValue.error?.token).toBe("mock-jwt");
+ expect(returnValue.error?.username).toBe(logErrorEvent.email);
+ expect(returnValue.error?.roles).toBe(logErrorEvent.roles);
+
  });
 
  it("should log the default error", () => {
  const error: ILogError = { name: "Error", message: "Error" };
  console.log = jest.fn();
 
- const returnValue: ILogEvent = writeLogMessage(logErrorEvent,"mock-jwt", error);
+ const returnValue: ILogEvent = writeLogMessage(logErrorEvent, error);
 
  expect(returnValue.error?.name).toBe("Error");
  expect(returnValue.error?.message).toBe("Error");
- expect(returnValue.error?.token).toBe("mock-jwt");
+ expect(returnValue.error?.username).toBe(logErrorEvent.email);
+ expect(returnValue.error?.roles).toBe(logErrorEvent.roles);
  });
- });
 });