log and report login errors

currently the login service only logs an error if a admin unit is not found, but
this could be expanded on

Author: nvdk

config/authorization/config.ex

@@ -89,6 +89,21 @@ defmodule Acl.UserGroups.Config do
                       resource_prefix: "http://mu.semte.ch/sessions/"
                     } } ] },
 
+      # // LOGIN ERROR LOGS
+      %GroupSpec {
+        name: "error-logs",
+        useage: [:write],
+        access: %AlwaysAccessible{},
+        graphs: [ %GraphSpec{
+                    graph: "http://mu.semte.ch/graphs/login-error-logs",
+                    constraint: %ResourceConstraint{
+                                     resource_types: [
+                                       "http://persistence.uni-leipzig.org/nlp2rdf/ontologies/rlog#Entry"
+                                     ]
+                                  }}
+                  ]
+      },
+
       # // ORGANIZATION HAS POSSIBLY DUPLICATE USER DATA
       %GroupSpec{
         name: "org",

config/reports/index.js

@@ -1,5 +1,7 @@
 import historicalReport from "./historicalReport";
 import monthlyReport from "./monthlyReport";
 import ivReport from "./ivReport";
+import loginErrorReport from './loginErrorReport';
+
+export default [monthlyReport, historicalReport, ivReport, loginErrorReport];
 
-export default [monthlyReport, historicalReport, ivReport];

config/reports/loginErrorReport.js

@@ -0,0 +1,59 @@
+import {generateReportFromData} from '../helpers.js';
+import { querySudo as query } from '@lblod/mu-auth-sudo';
+import { getToday } from "./utils/date.js";
+import { MONTHS } from "./utils/constants.js";
+
+export default {
+  cronPattern: "0 17 * * * *",
+  name: "dailyLoginErrorReport",
+  execute: async () => {
+    const { day, month, year } = getToday();
+    const metadata = {
+      title: `Login errors ${day} ${MONTHS[month]} ${year}`,
+      description: "Dagelijks overzicht van errors gelogged door de login service",
+      filePrefix: `login-errors-${day}-${month +1 }-${year}`,
+    };
+    const data = await fetchErrorLogs();
+    await generateReportFromData(
+      data,
+      [
+        "message",
+        "date",
+        "specificInfo",
+        "type"
+      ],
+      metadata
+    );
+  }
+}
+
+async function fetchErrorLogs() {
+  const queryString = `
+     PREFIX rlog: <http://persistence.uni-leipzig.org/nlp2rdf/ontologies/rlog#>
+     PREFIX dct: <http://purl.org/dc/terms/>
+     PREFIX ext: <http://mu.semte.ch/vocabularies/ext/>
+     SELECT ?message ?date ?specificInfo ?type
+     WHERE {
+       GRAPH <http://mu.semte.ch/graphs/login-error-logs> {
+          ?log a rlog:Entry ;
+          rlog:className ?type ;
+          rlog:message ?message;
+          rlog:date ?date;
+          rlog:level ?level;
+          ext:specificInformation ?specificInfo.
+          FILTER (?date >= xsd:dateTime(NOW() - "P1D"^^xsd:duration))
+     }
+     }
+
+`;
+  const queryResponse = await query(queryString);
+  const data = queryResponse.results.bindings.map((entry) => {
+    return {
+      message: entry.message.value,
+      date: entry.date.value,
+      specificInfo: entry.specificInfo.value,
+      type: entry.type.value
+    };
+  });
+  return data;
+}

config/reports/reportGenerator.js

@@ -1,4 +1,4 @@
-import {generateReportFromData} from '../helpers.js'
+import {generateReportFromData} from '../helpers.js';
 import { querySudo as query } from '@lblod/mu-auth-sudo';
 
 /**

docker-compose.yml

@@ -87,6 +87,7 @@ services:
       MU_APPLICATION_AUTH_CLIENT_SECRET: "secret"
       MU_APPLICATION_AUTH_ROLE_CLAIM: "abb_gelinktNotuleren_rol_3d"
       LOG_SINK_URL: "http://sink"
+      LOGS_GRAPH: "http://mu.semte.ch/graphs/login-error-logs"
     restart: always
     logging: *default-logging
     labels: