diff --git a/backend/scripts/build b/backend/scripts/build index bfb5ec475..64f71b758 100755 --- a/backend/scripts/build +++ b/backend/scripts/build @@ -12,6 +12,7 @@ cp ../CHANGES.md target/classes/changelog.md; clojure -T:build jar; mv target/penpot.jar target/dist/penpot.jar +cp resources/log4j2.xml target/dist/log4j2.xml cp scripts/run.template.sh target/dist/run.sh; cp scripts/manage.py target/dist/manage.py chmod +x target/dist/run.sh; diff --git a/backend/scripts/run.template.sh b/backend/scripts/run.template.sh index acc2212cf..8e3b0dc49 100644 --- a/backend/scripts/run.template.sh +++ b/backend/scripts/run.template.sh @@ -18,5 +18,7 @@ if [ -f ./environ ]; then source ./environ fi +export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow $JVM_OPTS" + set -x exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main diff --git a/backend/src/app/auth/oidc.clj b/backend/src/app/auth/oidc.clj index 14d479e35..a58518958 100644 --- a/backend/src/app/auth/oidc.clj +++ b/backend/src/app/auth/oidc.clj @@ -64,10 +64,17 @@ nil) (= 200 (:status response)) - (let [data (json/decode (:body response))] - {:token-uri (get data :token_endpoint) - :auth-uri (get data :authorization_endpoint) - :user-uri (get data :userinfo_endpoint)}) + (let [data (json/decode (:body response)) + token-uri (get data :token_endpoint) + auth-uri (get data :authorization_endpoint) + user-uri (get data :userinfo_endpoint)] + (l/debug :hint "oidc uris discovered" + :token-uri token-uri + :auth-uri auth-uri + :user-uri user-uri) + {:token-uri token-uri + :auth-uri auth-uri + :user-uri user-uri}) :else (do @@ -110,7 +117,7 @@ (if-let [opts (prepare-oidc-opts cfg)] (do (l/info :hint "provider initialized" - :provider :oidc + :provider "oidc" :method (if (:discover? opts) "discover" "manual") :client-id (:client-id opts) :client-secret (obfuscate-string (:client-secret opts)) @@ -122,7 +129,7 @@ :roles (:roles opts)) opts) (do - (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :oidc) + (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "oidc") nil)))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -144,13 +151,13 @@ (string? (:client-secret opts))) (do (l/info :hint "provider initialized" - :provider :google + :provider "google" :client-id (:client-id opts) :client-secret (obfuscate-string (:client-secret opts))) opts) (do - (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :google) + (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "google") nil))))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -196,13 +203,13 @@ (string? (:client-secret opts))) (do (l/info :hint "provider initialized" - :provider :github + :provider "github" :client-id (:client-id opts) :client-secret (obfuscate-string (:client-secret opts))) opts) (do - (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :github) + (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "github") nil))))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -225,14 +232,14 @@ (string? (:client-secret opts))) (do (l/info :hint "provider initialized" - :provider :gitlab + :provider "gitlab" :base-uri base :client-id (:client-id opts) :client-secret (obfuscate-string (:client-secret opts))) opts) (do - (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :gitlab) + (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "gitlab") nil))))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -275,8 +282,19 @@ "accept" "application/json"} :uri (:token-uri provider) :body (u/map->query-string params)}] + + (l/trace :hint "request access token" + :provider (:name provider) + :client-id (:client-id provider) + :client-secret (obfuscate-string (:client-secret provider)) + :grant-type (:grant_type params) + :redirect-uri (:redirect_uri params)) + (->> (http/req! cfg req) (p/map (fn [{:keys [status body] :as res}] + (l/trace :hint "access token response" + :status status + :body body) (if (= status 200) (let [data (json/decode body)] {:token (get data :access_token) @@ -289,12 +307,19 @@ (defn- retrieve-user-info [{:keys [provider] :as cfg} tdata] (letfn [(retrieve [] + (l/trace :hint "request user info" + :uri (:user-uri provider) + :token (obfuscate-string (:token tdata)) + :token-type (:type tdata)) (http/req! cfg {:uri (:user-uri provider) :headers {"Authorization" (str (:type tdata) " " (:token tdata))} :timeout 6000 :method :get})) (validate-response [response] + (l/trace :hint "user info response" + :status (:status response) + :body (:body response)) (when-not (s/int-in-range? 200 300 (:status response)) (ex/raise :type :internal :code :unable-to-retrieve-user-info @@ -309,7 +334,7 @@ (if-let [get-email-fn (:get-email-fn provider)] (get-email-fn tdata info) (let [attr-kw (cf/get :oidc-email-attr :email)] - (get info attr-kw)))) + (p/resolved (get info attr-kw))))) (get-name [info] (let [attr-kw (cf/get :oidc-name-attr :name)] @@ -325,6 +350,7 @@ (qualify-props provider))})) (validate-info [info] + (l/trace :hint "authentication info" :info info) (when-not (s/valid? ::info info) (l/warn :hint "received incomplete profile info object (please set correct scopes)" :info (pr-str info)) @@ -334,10 +360,10 @@ :info info)) info)] - (-> (retrieve) - (p/then validate-response) - (p/then process-response) - (p/then validate-info)))) + (->> (retrieve) + (p/fmap validate-response) + (p/mcat process-response) + (p/fmap validate-info)))) (s/def ::backend ::us/not-empty-string) (s/def ::email ::us/not-empty-string) diff --git a/docker/images/Dockerfile.backend b/docker/images/Dockerfile.backend index 7b6a4ee5b..63693b275 100644 --- a/docker/images/Dockerfile.backend +++ b/docker/images/Dockerfile.backend @@ -13,6 +13,7 @@ RUN set -ex; \ apt-get -qq update; \ apt-get -qq upgrade; \ apt-get -qqy --no-install-recommends install \ + nano \ curl \ tzdata \ locales \ diff --git a/frontend/src/app/main/ui/routes.cljs b/frontend/src/app/main/ui/routes.cljs index c704cadfc..222ae33e2 100644 --- a/frontend/src/app/main/ui/routes.cljs +++ b/frontend/src/app/main/ui/routes.cljs @@ -8,7 +8,6 @@ (:require [app.common.spec :as us] [app.common.uuid :as uuid] - [app.config :as cf] [app.main.data.users :as du] [app.main.repo :as rp] [app.main.store :as st] @@ -35,12 +34,9 @@ (def routes [["/auth" ["/login" :auth-login] - (when (contains? @cf/flags :registration) - ["/register" :auth-register]) - (when (contains? @cf/flags :registration) - ["/register/validate" :auth-register-validate]) - (when (contains? @cf/flags :registration) - ["/register/success" :auth-register-success]) + ["/register" :auth-register] + ["/register/validate" :auth-register-validate] + ["/register/success" :auth-register-success] ["/recovery/request" :auth-recovery-request] ["/recovery" :auth-recovery] ["/verify-token" :auth-verify-token]]