From bc735ce481d03a8ac891d943a0920d074fbe0aa5 Mon Sep 17 00:00:00 2001
From: Trond Magnus Sevre <76692689+trondsevre@users.noreply.github.com>
Date: Mon, 11 Nov 2024 11:56:42 +0100
Subject: [PATCH] Improve logging and make capabilities lowercase (#26)

---
 .../provider/security/AdapterRegistrationValidator.java     | 5 ++++-
 .../fintlabs/provider/security/AdapterRequestValidator.java | 6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main/java/no/fintlabs/provider/security/AdapterRegistrationValidator.java b/src/main/java/no/fintlabs/provider/security/AdapterRegistrationValidator.java
index 99d8333..84103c0 100644
--- a/src/main/java/no/fintlabs/provider/security/AdapterRegistrationValidator.java
+++ b/src/main/java/no/fintlabs/provider/security/AdapterRegistrationValidator.java
@@ -1,6 +1,7 @@
 package no.fintlabs.provider.security;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import no.fintlabs.adapter.models.AdapterCapability;
 import no.fintlabs.provider.exception.InvalidAdapterCapabilityException;
 import no.fintlabs.provider.security.resource.ResourceContext;
@@ -8,6 +9,7 @@
 
 import java.util.Set;
 
+@Slf4j
 @Component
 @RequiredArgsConstructor
 public class AdapterRegistrationValidator {
@@ -16,8 +18,9 @@ public class AdapterRegistrationValidator {
 
     public void validateCapabilities(Set<AdapterCapability> capabilities) {
         capabilities.forEach(capability -> {
-            String componentResource = "%s-%s-%s".formatted(capability.getDomainName(), capability.getPackageName(), capability.getResourceName());
+            String componentResource = "%s-%s-%s".formatted(capability.getDomainName(), capability.getPackageName(), capability.getResourceName()).toLowerCase();
             if (!resourceContext.getValidResources().contains(componentResource)) {
+                log.warn("Validation failed: Capability '{}' from '{}' is not a valid resource.", capability, componentResource);
                 throw new InvalidAdapterCapabilityException("Invalid capability resource: %s".formatted(componentResource));
             }
         });
diff --git a/src/main/java/no/fintlabs/provider/security/AdapterRequestValidator.java b/src/main/java/no/fintlabs/provider/security/AdapterRequestValidator.java
index dda86a2..4be18a1 100644
--- a/src/main/java/no/fintlabs/provider/security/AdapterRequestValidator.java
+++ b/src/main/java/no/fintlabs/provider/security/AdapterRequestValidator.java
@@ -22,18 +22,21 @@ public void validateAdapterId(CorePrincipal corePrincipal, String adapterId) {
 
     public void validateAdapterCapabilityPermission(String adapterId, String domainName, String packageName, String entityName) {
         if (!adapterContractContext.adapterCanPerformCapability(adapterId, domainName, packageName, entityName)) {
+            log.warn("Validation failed: Adapter '{}' lacks capability to perform action on '{}-{}-{}'.", adapterId, domainName, packageName, entityName);
             throw new CapabilityNotSupportedException("Adapter lacks the necessary capabilities to perform this action");
         }
     }
 
     public void validateOrgId(CorePrincipal corePrincipal, String requestedOrgId) {
         if (corePrincipal.doesNotContainAsset(requestedOrgId.replace("-", ".").replace("_", "."))) {
+            log.warn("Validation failed: JWT for user '{}' does not have access to organization '{}'. Available assets: {}", corePrincipal.getUsername(), requestedOrgId, corePrincipal.getAssets());
             throw new InvalidOrgId("Adapter assets does not contain the organization for the request");
         }
     }
 
     public void validateUsername(CorePrincipal corePrincipal, String contractUsername) {
         if (corePrincipal.doesNotHaveMatchingUsername(contractUsername)) {
+            log.warn("Validation failed: Username mismatch. JWT's username '{}' does not match contract username '{}'.", corePrincipal.getUsername(), contractUsername);
             throw new InvalidUsername("Adapter username does not match contract username");
         }
     }
@@ -41,9 +44,8 @@ public void validateUsername(CorePrincipal corePrincipal, String contractUsernam
     public void validateRole(CorePrincipal corePrincipal, String domain, String packageName) {
         String role = String.format("FINT_Adapter_%s_%s", domain.toLowerCase(), packageName.toLowerCase());
         if (corePrincipal.doesNotHaveRole(role)) {
+            log.warn("Validation failed: Principal '{}' is missing required role '{}'. Current roles: {}", corePrincipal.getName(), role, corePrincipal.getRoles());
             throw new MissingRoleException("Adapter does not have the correct role to perform this action");
         }
-
     }
-
 }