logging, added tests, fixed code only flow. #202
Conversation
renamed id's, spelling _verbose controls test output
ghost
added
the
|
|
||
| if (logLevelDebug) | ||
| { | ||
| if (logLevelDebug) |
There was a problem hiding this comment.
I will fix that.
|
yay for tests, only major thing worth considering is removing all of the log level guards for readability, as its really not needed given how straight forward your log message generation is. |
|
This is just the beginning for tests. I was trying to figure out a pattern. About the annoying external log level check, it's a perf thing, stops the context switch. I plan on lots and lots of logging. Can you live with it? Sent from my Windows Phone From: Hao Kungmailto:notifications@github.com yay for tests, only major thing worth considering is removing all of the log level guards for readability, as its really not needed given how straight forward your log message generation is. Reply to this email directly or view it on GitHub: |
|
@brentschmaltz honestly, these changes make the code far harder to read (it's really a PITA 😄) If you're particularly concerned about performance, why not using the logger extensions that take a format string and multiple arguments instead of manually calling BTW, @GrabYourPitchforks has done great things with string interpolation in aspnet/DataProtection, and it really makes logging clearer: aspnet/DataProtection@4365b53 😄 |
|
@PinpointTownes Thanks for the kind words! Unfortunately one of the downsides to what I did in DataProtection is that logging messages are hardcoded literal strings and thus are non-localized. The code Brent submitted here is more future-proof once localization work is performed. Calling the logger extensions that take format strings is certainly a good idea. Not only is performance improved, it also gives logging sinks a crack at the raw values without requiring them to parse the string manually. |
|
re: logging - the state of the art is like this: https://github.com/aspnet/Routing/pull/172/files#diff-4997dfe8056272b794ccb3bcdfe214d9R117 Our logging framework understands the key-values - so that loggers that work with key-value-pairs can have them, and loggers that don't still get a new message. /cc @loudej in case he wants to comment. |
|
@GrabYourPitchforks interesting, I didn't know that the ASP.NET team wanted to localize tracing messages 😄 I wonder if an i18n + string interpolation mix wouldn't be the best of both worlds: you'd simply call |
|
Actually we decided against localizing log messages at this time since we didn't want admins to potentially know all their users languages. Log Messages should always be in English at this time.
|
|
Just to clarify, the existing ASP.NET runtime and other .NET Framework components localize log messages using the system installed culture, not the invoking thread's culture. That way sysadmins always see log messages in their own language. Presumably this will be the behavior in the future, but it's just not ready at this time. |
|
I always use CurrentCulture for the localization reason, just a habit. I actually like to use string.cat as it is much faster than string.format. If you are not convinced, run some numbers on loops of: string.Format vs. About the 'loglevel' check, I favor that even though it's a bit messy, macros remember them made that style neater, I want to minimize the perf hit. |
…ts.cs. Added some comments on the 'public' handler and middleware types.
|
BTW log level guidance is available here: https://github.com/aspnet/Logging/wiki/Guidelines#log-levels Regarding string concatenation, that doesn't work with resource strings and so should never be used for anything that goes in a resx file (regardless of whether it's ultimately localized). And regarding the culture, there's no matter of taste or style, it's a correctness issue, per what @GrabYourPitchforks mentioned. |
|
clarifying commnet on what @GrabYourPitchforks said, using String.Format(CultureInfo.CurrentCulture, ...) is correct or NOT correct? |
|
CurrentCulture is incorrect. I think you want InvariantCulture. |
|
Yes, it is not a style thing but a correctness thing. I have always used InvariantCulture when the data was not presented to the user and CurrentCulture when the data was displayed to the user, such as a log entry. Are you saying that is not correct and we should always use InvariantCulture? |
|
The problem is that there are two users, the remote client and the local admin. CurrentCulture represents the remote client, correct? |
|
Welcome back Tratcher :-) I thought CurrentCulture represents the culture of the current thread. For logs, I am tailoring them for the dev who uses them for debugging. I know GrabYourPitchforks spoke about the system admin, but I was leaning towards the dev. |
|
Right, the CurrentCulture will be set to whatever the person using the site/service/API wanted. I.e. someone accessing an API in France could conceivably get French messages. But the developer should always get a single culture. Currently we've said that's the InvariantCulture, but in the future we might want a way for the developer to configure in which culture they want to see all their log messages. |
|
OK, do you want to introduce extensibility for 'culture' now or just go with InvariantCulture. |
|
Right, the dev doing debugging certainly doesn't want to use the culture of the person visiting the site. I wouldn't do anything special here: just use InvariantCulture. |
Or better, don't use |
|
@PinpointTownes yep, I am going to investigate just that, let the logger do the string format. Then we just need to modify the logger. |
|
Oh right yeah that's best. Do as little work as possible here, let the logging system do it. |
| /// </summary> | ||
| public string SignInScheme | ||
| { | ||
| // [brentschmaltz] - it is not clear to me why we need both AuthenticationScheme and SignInScheme. | ||
| // and, why this maps to AuthenticationType. | ||
| get { return TokenValidationParameters.AuthenticationType; } |
There was a problem hiding this comment.
I fixed SignInScheme in my PR: https://github.com/PinpointTownes/Security/commit/d959eab910a188f9b2cac4b425572fb43decc5ca
There was a problem hiding this comment.
I am not ignoring this, but there are some other issues in the runtime that when addressed I am hoping will make this moot.
|
@brentschmaltz unfortunately StyleCop doesn't support C# 6. We worked on trying to add support for it but it was too complex. |
|
@brentschmaltz not particularly. I'll clone and play with the final bits in the next hours 🎮 |
| Response.StatusCode = 403; | ||
| return; | ||
| } | ||
|
|
||
| if (Response.StatusCode != 401) | ||
| { | ||
| _logger.LogDebug(Resources.OIDCH_0028_StatusCodeNot401, Response.StatusCode.ToString()); |
There was a problem hiding this comment.
Why are you doing .ToString everywhere?
There was a problem hiding this comment.
I do that to ensure a string is passed in the case another API shows up that takes the type.
There was a problem hiding this comment.
It will cause the data type to change (obviously), which would affect loggers that store strongly-typed data. E.g. some loggers will store int's as int's, which would allow for richer querying of logs (e.g. select * from logs where log.statusCode >= 400 && log.statusCode < 500).
There was a problem hiding this comment.
(As such it's not strictly wrong, but its making the data potentially less useful in some logging systems.)
There was a problem hiding this comment.
That is good reasoning, I will change it.
|
@HaoK good, then who can merge it in? |
Updated tests Fixed resource string
Conflicts: src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
| } | ||
| } | ||
|
|
||
| public class CustomConfigureOptions : ConfigureOptions<OpenIdConnectAuthenticationOptions> |
There was a problem hiding this comment.
Why do you need a custom configure options that doesn't do anything different than the base?
There was a problem hiding this comment.
Good Question. Extensibility.
I want to make sure that my class is called.
Currently, name isn't used, future tests will start making use of the name.
Backed out change Added adjustment for 'ExtenalAuthenticationOptions'
| /// responsible of persisting user's identity after a successful authentication. | ||
| /// This value typically corresponds to a cookie middleware registered in the Startup class. | ||
| /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value. | ||
| /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>. |
There was a problem hiding this comment.
Huh, why does this PR contain already merged commits? 😢
/cc @HaoK
There was a problem hiding this comment.
Rebasing messes up PRs, there are ways to fix it (force push)
There was a problem hiding this comment.
Another option is to just create a new PR and branch with squashed changes for final review
There was a problem hiding this comment.
I'm definitely not a git expert, but it seems that @brentschmaltz did a git merge instead of a git rebase, which causes these weird issues: https://github.com/brentschmaltz/Security/commit/efaef8952a09c4ec0681db5e0a3c28cb1d96270f
There was a problem hiding this comment.
I am also not a git expert, I did a 'git pull' and git went off on its own.
I will tidy it up guys.
There was a problem hiding this comment.
@PinpointTownes @HaoK it looks like when I did the pull, it hit a merge conflict. The updated versions are showing as 'unstagged'. I will commit them and push to my fork.
|
@HaoK Is there anything blocking this pull request? |
|
I don't think there's anything particularly blocking no |
|
@HaoK Can you merge it? I don't think I have the ability to execute the merge. |
|
You've checked in changes before, so you must have permission. Just you will want to squash all your changes together before you push to dev (when you merge this branch, just do git merge --squash), and then it should just be one change that you push to dev |
|
I till try, I had pushed to Katana, but never aspnet. |
|
Merged 501bd4f |
still lots of additional testing to come.