chore: Add OIDC debug logging (#4658)

Signed-off-by: Dan Webb <dan.webb@damacus.io>
mealie-recipes · Dec 30, 2024 · 716c5c1 · 716c5c1
1 parent 5d33694
commit 716c5c1
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/mealie/core/security/providers/openid_provider.py b/mealie/core/security/providers/openid_provider.py
@@ -27,6 +27,11 @@ def authenticate(self) -> tuple[str, timedelta] | None:
             self._logger.error("[OIDC] No claims in the id_token")
             return None
 
+        # Log all claims for debugging
+        self._logger.debug("[OIDC] Received claims:")
+        for key, value in claims.items():
+            self._logger.debug("[OIDC]   %s: %s", key, value)
+
         if not self.required_claims.issubset(claims.keys()):
             self._logger.error(
                 "[OIDC] Required claims not present. Expected: %s Actual: %s",
@@ -35,6 +40,12 @@ def authenticate(self) -> tuple[str, timedelta] | None:
             )
             return None
 
+        # Check for empty required claims
+        for claim in self.required_claims:
+            if not claims.get(claim):
+                self._logger.error("[OIDC] Required claim '%s' is empty", claim)
+                return None
+
         repos = get_repositories(self.session, group_id=None, household_id=None)
 
         is_admin = False

diff --git a/tests/unit_tests/core/security/providers/test_openid_provider.py b/tests/unit_tests/core/security/providers/test_openid_provider.py
@@ -1,5 +1,6 @@
 import pytest
 from pytest import MonkeyPatch, Session
+import logging
 
 from mealie.core.config import get_app_settings
 from mealie.core.security.providers.openid_provider import OpenIDProvider
@@ -20,6 +21,18 @@ def test_empty_claims():
     assert auth_provider.authenticate() is None
 
 
+def test_empty_required_claims():
+    data = {
+        "preferred_username": "dude1",
+        "email": "",  # Empty required claim
+        "name": "Firstname Lastname",
+        "groups": ["mealie_user"],
+    }
+    auth_provider = OpenIDProvider(None, data)
+
+    assert auth_provider.authenticate() is None
+
+
 def test_missing_claims():
     data = {"preferred_username": "dude1"}
     auth_provider = OpenIDProvider(None, data)
@@ -162,3 +175,19 @@ def test_ldap_user_creation_invalid_group_or_household(
         assert user is not None
     else:
         assert user is None
+
+
+def test_claims_logging(caplog, session: Session):
+    caplog.set_level(logging.DEBUG)
+    data = {
+        "preferred_username": "testuser",
+        "email": "test@example.com",
+        "name": "Test User",
+        "groups": ["mealie_user"],
+    }
+    auth_provider = OpenIDProvider(session, data)
+    auth_provider.authenticate()
+
+    # Verify that all claims are logged
+    for key, value in data.items():
+        assert f"{key}: {value}" in caplog.text