web: add support for PII for sentry, add user feedback dialog

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-13 18:35:26 +02:00
parent 30cb468ec5
commit 513d3c1c31
5 changed files with 83 additions and 60 deletions

View File

@ -1,8 +1,4 @@
import * as Sentry from "@sentry/browser";
import { Integrations } from "@sentry/tracing";
import { VERSION } from "../constants";
import { SentryIgnoredError } from "../common/errors";
import { Config, Configuration, Middleware, ResponseContext, RootApi } from "authentik-api";
import { Configuration, Middleware, ResponseContext } from "authentik-api";
import { getCookie } from "../utils";
import { API_DRAWER_MIDDLEWARE } from "../elements/notifications/APIDrawer";
import { MessageMiddleware } from "../elements/messages/Middleware";
@ -13,6 +9,7 @@ export class LoggingMiddleware implements Middleware {
console.debug(`authentik/api: ${context.response.status} ${context.init.method} ${context.url}`);
return Promise.resolve(context.response);
}
}
export const DEFAULT_CONFIG = new Configuration({
@ -27,27 +24,3 @@ export const DEFAULT_CONFIG = new Configuration({
new LoggingMiddleware(),
],
});
export function configureSentry(): Promise<Config> {
return new RootApi(DEFAULT_CONFIG).rootConfigList().then((config) => {
if (config.errorReportingEnabled) {
Sentry.init({
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
release: `authentik@${VERSION}`,
integrations: [
new Integrations.BrowserTracing(),
],
tracesSampleRate: 0.6,
environment: config.errorReportingEnvironment,
beforeSend(event: Sentry.Event, hint: Sentry.EventHint) {
if (hint.originalException instanceof SentryIgnoredError) {
return null;
}
return event;
},
});
console.debug("authentik/config: Sentry enabled.");
}
return config;
});
}

50
web/src/api/Sentry.ts Normal file
View File

@ -0,0 +1,50 @@
import * as Sentry from "@sentry/browser";
import { Integrations } from "@sentry/tracing";
import { VERSION } from "../constants";
import { SentryIgnoredError } from "../common/errors";
import { Config, RootApi } from "authentik-api";
import { me } from "./Users";
import { DEFAULT_CONFIG } from "./Config";
export function configureSentry(): Promise<Config> {
return new RootApi(DEFAULT_CONFIG).rootConfigList().then((config) => {
if (config.errorReportingEnabled) {
Sentry.init({
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
release: `authentik@${VERSION}`,
integrations: [
new Integrations.BrowserTracing({
tracingOrigins: [window.location.host, "localhost"],
}),
],
tracesSampleRate: 0.6,
environment: config.errorReportingEnvironment,
beforeSend(event: Sentry.Event, hint: Sentry.EventHint) {
if (hint.originalException instanceof SentryIgnoredError) {
return null;
}
if (event.exception) {
me().then(user => {
Sentry.showReportDialog({
eventId: event.event_id,
user: {
email: user.user.email,
name: user.user.name,
}
});
});
}
return event;
},
});
console.debug("authentik/config: Sentry enabled.");
if (config.errorReportingSendPii) {
me().then(user => {
Sentry.setUser({ email: user.user.email });
console.debug("authentik/config: Sentry with PII enabled.");
});
}
}
return config;
});
}

View File

@ -1,7 +1,7 @@
import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
import PFPage from "@patternfly/patternfly/components/Page/page.css";
import PFGlobal from "@patternfly/patternfly/patternfly-base.css";
import { configureSentry } from "../../api/Config";
import { configureSentry } from "../../api/Sentry";
import { Config } from "authentik-api";
import { ifDefined } from "lit-html/directives/if-defined";

View File

@ -1394,7 +1394,7 @@ msgstr "Form didn't return a promise for submitting"
msgid "Friendly Name"
msgstr "Friendly Name"
#: src/pages/stages/email/EmailStageForm.ts:109
#: src/pages/stages/email/EmailStageForm.ts:107
msgid "From address"
msgstr "From address"
@ -1728,7 +1728,7 @@ msgstr "Loading"
#: src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts:90
#: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts:96
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:131
#: src/pages/stages/email/EmailStageForm.ts:172
#: src/pages/stages/email/EmailStageForm.ts:170
#: src/pages/stages/identification/IdentificationStageForm.ts:120
#: src/pages/stages/identification/IdentificationStageForm.ts:138
#: src/pages/stages/password/PasswordStageForm.ts:106
@ -1900,7 +1900,7 @@ msgstr "Monitor"
#: src/pages/stages/consent/ConsentStageForm.ts:57
#: src/pages/stages/deny/DenyStageForm.ts:54
#: src/pages/stages/dummy/DummyStageForm.ts:54
#: src/pages/stages/email/EmailStageForm.ts:124
#: src/pages/stages/email/EmailStageForm.ts:122
#: src/pages/stages/identification/IdentificationStageForm.ts:63
#: src/pages/stages/invitation/InvitationStageForm.ts:56
#: src/pages/stages/password/PasswordStageForm.ts:63
@ -2607,7 +2607,7 @@ msgstr "SLO URL"
msgid "SMTP Host"
msgstr "SMTP Host"
#: src/pages/stages/email/EmailStageForm.ts:80
#: src/pages/stages/email/EmailStageForm.ts:79
msgid "SMTP Password"
msgstr "SMTP Password"
@ -2872,7 +2872,7 @@ msgstr "Stage used to validate any authenticator. This stage should be used duri
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:71
#: src/pages/stages/captcha/CaptchaStageForm.ts:62
#: src/pages/stages/consent/ConsentStageForm.ts:64
#: src/pages/stages/email/EmailStageForm.ts:131
#: src/pages/stages/email/EmailStageForm.ts:129
#: src/pages/stages/identification/IdentificationStageForm.ts:70
#: src/pages/stages/invitation/InvitationStageForm.ts:63
#: src/pages/stages/password/PasswordStageForm.ts:70
@ -2927,7 +2927,7 @@ msgstr "Status: Enabled"
msgid "Stop impersonation"
msgstr "Stop impersonation"
#: src/pages/stages/email/EmailStageForm.ts:154
#: src/pages/stages/email/EmailStageForm.ts:152
msgid "Subject"
msgstr "Subject"
@ -3262,7 +3262,7 @@ msgstr "Task finished with errors"
msgid "Task finished with warnings"
msgstr "Task finished with warnings"
#: src/pages/stages/email/EmailStageForm.ts:160
#: src/pages/stages/email/EmailStageForm.ts:158
msgid "Template"
msgstr "Template"
@ -3331,7 +3331,7 @@ msgstr "This stage checks the user's current session against the Google reCaptch
msgid "Threshold"
msgstr "Threshold"
#: src/pages/stages/email/EmailStageForm.ts:151
#: src/pages/stages/email/EmailStageForm.ts:149
msgid "Time in minutes the token sent is valid."
msgstr "Time in minutes the token sent is valid."
@ -3345,7 +3345,7 @@ msgstr "Time-based One-Time Passwords"
#: src/pages/policies/BoundPoliciesList.ts:39
#: src/pages/policies/PolicyBindingForm.ts:209
#: src/pages/stages/email/EmailStageForm.ts:103
#: src/pages/stages/email/EmailStageForm.ts:101
msgid "Timeout"
msgstr "Timeout"
@ -3367,7 +3367,7 @@ msgstr "Token URL"
msgid "Token count"
msgstr "Token count"
#: src/pages/stages/email/EmailStageForm.ts:147
#: src/pages/stages/email/EmailStageForm.ts:145
msgid "Token expiry"
msgstr "Token expiry"
@ -3588,11 +3588,11 @@ msgstr "Update details"
msgid "Update {0}"
msgstr "Update {0}"
#: src/pages/stages/email/EmailStageForm.ts:98
#: src/pages/stages/email/EmailStageForm.ts:96
msgid "Use SSL"
msgstr "Use SSL"
#: src/pages/stages/email/EmailStageForm.ts:90
#: src/pages/stages/email/EmailStageForm.ts:88
msgid "Use TLS"
msgstr "Use TLS"
@ -3604,7 +3604,7 @@ msgstr "Use a code-based authenticator."
msgid "Use a security key to prove your identity."
msgstr "Use a security key to prove your identity."
#: src/pages/stages/email/EmailStageForm.ts:141
#: src/pages/stages/email/EmailStageForm.ts:139
msgid "Use global settings"
msgstr "Use global settings"
@ -3731,7 +3731,7 @@ msgstr "Validity days"
msgid "Verification Certificate"
msgstr "Verification Certificate"
#: src/pages/stages/email/EmailStageForm.ts:121
#: src/pages/stages/email/EmailStageForm.ts:119
msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
msgstr "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
@ -3804,7 +3804,7 @@ msgstr "Webhook URL"
msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
msgstr "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
#: src/pages/stages/email/EmailStageForm.ts:144
#: src/pages/stages/email/EmailStageForm.ts:142
msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
msgstr "When enabled, global Email connection settings will be used and connection settings below will be ignored."

View File

@ -1386,7 +1386,7 @@ msgstr ""
msgid "Friendly Name"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:109
#: src/pages/stages/email/EmailStageForm.ts:107
msgid "From address"
msgstr ""
@ -1720,7 +1720,7 @@ msgstr ""
#: src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts:90
#: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts:96
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:131
#: src/pages/stages/email/EmailStageForm.ts:172
#: src/pages/stages/email/EmailStageForm.ts:170
#: src/pages/stages/identification/IdentificationStageForm.ts:120
#: src/pages/stages/identification/IdentificationStageForm.ts:138
#: src/pages/stages/password/PasswordStageForm.ts:106
@ -1892,7 +1892,7 @@ msgstr ""
#: src/pages/stages/consent/ConsentStageForm.ts:57
#: src/pages/stages/deny/DenyStageForm.ts:54
#: src/pages/stages/dummy/DummyStageForm.ts:54
#: src/pages/stages/email/EmailStageForm.ts:124
#: src/pages/stages/email/EmailStageForm.ts:122
#: src/pages/stages/identification/IdentificationStageForm.ts:63
#: src/pages/stages/invitation/InvitationStageForm.ts:56
#: src/pages/stages/password/PasswordStageForm.ts:63
@ -2599,7 +2599,7 @@ msgstr ""
msgid "SMTP Host"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:80
#: src/pages/stages/email/EmailStageForm.ts:79
msgid "SMTP Password"
msgstr ""
@ -2864,7 +2864,7 @@ msgstr ""
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:71
#: src/pages/stages/captcha/CaptchaStageForm.ts:62
#: src/pages/stages/consent/ConsentStageForm.ts:64
#: src/pages/stages/email/EmailStageForm.ts:131
#: src/pages/stages/email/EmailStageForm.ts:129
#: src/pages/stages/identification/IdentificationStageForm.ts:70
#: src/pages/stages/invitation/InvitationStageForm.ts:63
#: src/pages/stages/password/PasswordStageForm.ts:70
@ -2919,7 +2919,7 @@ msgstr ""
msgid "Stop impersonation"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:154
#: src/pages/stages/email/EmailStageForm.ts:152
msgid "Subject"
msgstr ""
@ -3254,7 +3254,7 @@ msgstr ""
msgid "Task finished with warnings"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:160
#: src/pages/stages/email/EmailStageForm.ts:158
msgid "Template"
msgstr ""
@ -3321,7 +3321,7 @@ msgstr ""
msgid "Threshold"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:151
#: src/pages/stages/email/EmailStageForm.ts:149
msgid "Time in minutes the token sent is valid."
msgstr ""
@ -3335,7 +3335,7 @@ msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:39
#: src/pages/policies/PolicyBindingForm.ts:209
#: src/pages/stages/email/EmailStageForm.ts:103
#: src/pages/stages/email/EmailStageForm.ts:101
msgid "Timeout"
msgstr ""
@ -3357,7 +3357,7 @@ msgstr ""
msgid "Token count"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:147
#: src/pages/stages/email/EmailStageForm.ts:145
msgid "Token expiry"
msgstr ""
@ -3578,11 +3578,11 @@ msgstr ""
msgid "Update {0}"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:98
#: src/pages/stages/email/EmailStageForm.ts:96
msgid "Use SSL"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:90
#: src/pages/stages/email/EmailStageForm.ts:88
msgid "Use TLS"
msgstr ""
@ -3594,7 +3594,7 @@ msgstr ""
msgid "Use a security key to prove your identity."
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:141
#: src/pages/stages/email/EmailStageForm.ts:139
msgid "Use global settings"
msgstr ""
@ -3721,7 +3721,7 @@ msgstr ""
msgid "Verification Certificate"
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:121
#: src/pages/stages/email/EmailStageForm.ts:119
msgid "Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity."
msgstr ""
@ -3794,7 +3794,7 @@ msgstr ""
msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:144
#: src/pages/stages/email/EmailStageForm.ts:142
msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
msgstr ""