👌 IMPROVE: Check firewall logging is enabled before creating DB Table (#40)

* 👌 IMPROVE: Check firewall logging is enabled before creating DB Table
* 🐛 FIX: Don't try to proceed with an empty datasource string

`this.datasource` may be an empty string - not NULL - on Lucee.

Co-authored-by: michaelborn <[email protected]>

Author: michaelborn

interceptors/Security.cfc

@@ -64,7 +64,10 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 				variables.rulesLoader
 					.getRuleTemplate()
 					.append( variables.properties.visualizer.securityRule )
-					.append( { secureList : "^cbsecurity:Visualizer.*", action : "block" } )
+					.append( {
+						secureList : "^cbsecurity:Visualizer.*",
+						action     : "block"
+					} )
 			);
 		}
 
@@ -187,19 +190,21 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 		}
 
 		// Log it
-		log.info( "+ Registered module (#arguments.module#) with cbSecurity using #arrayLen( arguments.settings.firewall.rules.inline )# rules." );
+		log.info(
+			"+ Registered module (#arguments.module#) with cbSecurity using #arrayLen( arguments.settings.firewall.rules.inline )# rules."
+		);
 
 		return this;
 	}
 
 	/**
 	 * Listen to module loadings, so we can do module rule registrations
 	 *
-	 * @event
+	 * @event        
 	 * @interceptData
-	 * @rc
-	 * @prc
-	 * @buffer
+	 * @rc           
+	 * @prc          
+	 * @buffer       
 	 */
 	function postModuleLoad( event, interceptData, rc, prc, buffer ){
 		// Is this a cbSecurity Module & not registered
@@ -218,11 +223,11 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 	/**
 	 * Listen to module unloadings, so we can do module rule cleanups
 	 *
-	 * @event
+	 * @event        
 	 * @interceptData
-	 * @rc
-	 * @prc
-	 * @buffer
+	 * @rc           
+	 * @prc          
+	 * @buffer       
 	 */
 	function postModuleUnload( event, interceptData, rc, prc, buffer ){
 		// Is the module registered?
@@ -241,11 +246,11 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 	/**
 	 * Our firewall kicks in at preProcess
 	 *
-	 * @event
+	 * @event        
 	 * @interceptData
-	 * @rc
-	 * @prc
-	 * @buffer
+	 * @rc           
+	 * @prc          
+	 * @buffer       
 	 */
 	function preProcess( event, interceptData, rc, prc, buffer ){
 		// Add SecureView() into the requestcontext
@@ -285,9 +290,9 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 	/**
 	 * Process handler annotation based security rules.
 	 *
-	 * @event
+	 * @event        
 	 * @interceptData
-	 * @currentEvent
+	 * @currentEvent 
 	 */
 	function processAnnotationRules(
 		required event,

interceptors/SecurityHeaders.cfc

@@ -104,11 +104,11 @@ component extends="coldbox.system.Interceptor" {
 				log.debug( "Non-SSL URI detected (#event.getFullUrl()#), redirecting in ssl" );
 			}
 			variables.dbLogger.log(
-				action     : "redirect",
-				blockType  : "NON-SSL",
-				ip         : variables.cbSecurity.getRealIp(),
-				host       : variables.cbSecurity.getRealHost(),
-				userId     : variables.cbSecurity.isLoggedIn() ? variables.cbSecurity.getUser().getId() : ""
+				action   : "redirect",
+				blockType: "NON-SSL",
+				ip       : variables.cbSecurity.getRealIp(),
+				host     : variables.cbSecurity.getRealHost(),
+				userId   : variables.cbSecurity.isLoggedIn() ? variables.cbSecurity.getUser().getId() : ""
 			);
 			relocate( url: arguments.event.getFullUrl(), ssl: true );
 			return;
@@ -139,11 +139,11 @@ component extends="coldbox.system.Interceptor" {
 				}
 
 				variables.dbLogger.log(
-					action     : "block",
-					blockType  : "INVALID-HOST",
-					ip         : variables.cbSecurity.getRealIp(),
-					host       : variables.cbSecurity.getRealHost(),
-					userId     : variables.cbSecurity.isLoggedIn() ? variables.cbSecurity.getUser().getId() : ""
+					action   : "block",
+					blockType: "INVALID-HOST",
+					ip       : variables.cbSecurity.getRealIp(),
+					host     : variables.cbSecurity.getRealHost(),
+					userId   : variables.cbSecurity.isLoggedIn() ? variables.cbSecurity.getUser().getId() : ""
 				);
 
 				// Announce
@@ -187,11 +187,11 @@ component extends="coldbox.system.Interceptor" {
 				}
 
 				variables.dbLogger.log(
-					action     : "block",
-					blockType  : "INVALID-IP",
-					ip         : variables.cbSecurity.getRealIp(),
-					host       : variables.cbSecurity.getRealHost(),
-					userId     : variables.cbSecurity.isLoggedIn() ? variables.cbSecurity.getUser().getId() : ""
+					action   : "block",
+					blockType: "INVALID-IP",
+					ip       : variables.cbSecurity.getRealIp(),
+					host     : variables.cbSecurity.getRealHost(),
+					userId   : variables.cbSecurity.isLoggedIn() ? variables.cbSecurity.getUser().getId() : ""
 				);
 
 				// Announce

models/CBSecurity.cfc

@@ -149,7 +149,9 @@ component threadsafe singleton accessors="true" {
 			)
 		) {
 			variables.settings.authentication.userService = variables.moduleSettings.cbauth.settings.userServiceClass;
-			log.info( "+ cbAuth detected and no UserService detected -> User Service set to cbAuth's UserServiceClass" );
+			log.info(
+				"+ cbAuth detected and no UserService detected -> User Service set to cbAuth's UserServiceClass"
+			);
 		}
 
 		// User service default if basic auth is selected

models/auth/BasicAuthUserService.cfc

@@ -17,11 +17,11 @@ component accessors="true" singleton {
 
 	variables.DEFAULT_SETTINGS = {
 		// Hashing algorithm to use
-		"hashAlgorithm" : "SHA-512",
+		"hashAlgorithm"  : "SHA-512",
 		// Iterates the number of times the hash is computed to create a more computationally intensive hash.
 		"hashIterations" : 5,
 		// User storage
-		"users" : {}
+		"users"          : {}
 	};
 
 	/**
@@ -33,7 +33,10 @@ component accessors="true" singleton {
 
 	function onDIComplete(){
 		// Normalize settings
-		variables.settings.basicAuth = duplicate( variables.DEFAULT_SETTINGS ).append( variables.settings.basicAuth, true );
+		variables.settings.basicAuth = duplicate( variables.DEFAULT_SETTINGS ).append(
+			variables.settings.basicAuth,
+			true
+		);
 		// Normalize User Storage + password encryption
 		settings.basicAuth.users = settings.basicAuth.users.map( ( key, value ) => {
 			var user      = getNewUserTemplate().append( arguments.value, true );
@@ -45,10 +48,16 @@ component accessors="true" singleton {
 
 	/**
 	 * Hash the incoming target according to our hashing algorithm and settings
+	 *
 	 * @target The string target to hash
 	 */
 	string function hashSecurely( required string target ){
-		return hash( arguments.target, variables.settings.basicAuth.hashAlgorithm, "UTF-8", variables.settings.basicAuth.hashIterations );
+		return hash(
+			arguments.target,
+			variables.settings.basicAuth.hashAlgorithm,
+			"UTF-8",
+			variables.settings.basicAuth.hashIterations
+		);
 	}
 
 	/**

models/jwt/JwtService.cfc

@@ -163,7 +163,7 @@ component accessors="true" singleton threadsafe {
 	/**
 	 * Logout a user and invalidate their access token
 	 *
-	 * @user
+	 * @user        
 	 * @customClaims
 	 */
 	function logout(){
@@ -245,10 +245,7 @@ component accessors="true" singleton threadsafe {
 		// Verify it
 		if ( isNull( oUser ) || !len( oUser.getId() ) ) {
 			// Announce the invalid user
-			variables.interceptorService.announce(
-				"cbSecurity_onJWTInvalidUser",
-				{ payload : arguments.payload }
-			);
+			variables.interceptorService.announce( "cbSecurity_onJWTInvalidUser", { payload : arguments.payload } );
 			throw( message = "The user was not found by the user service", type = "InvalidTokenUser" );
 		}
 

models/jwt/storages/CacheTokenStorage.cfc

@@ -7,9 +7,9 @@
 component accessors="true" singleton threadsafe {
 
 	// DI
-	property name="wirebox" inject="wirebox";
-	property name="cachebox" inject="cachebox";
-	property name="settings" inject="coldbox:moduleSettings:cbSecurity";
+	property name="wirebox"    inject="wirebox";
+	property name="cachebox"   inject="cachebox";
+	property name="settings"   inject="coldbox:moduleSettings:cbSecurity";
 	property name="jwtService" inject="JwtService@cbSecurity";
 
 	/**
@@ -53,10 +53,10 @@ component accessors="true" singleton threadsafe {
 	/**
 	 * Set a token in the storage
 	 *
-	 * @key The cache key
-	 * @token The token to store
+	 * @key        The cache key
+	 * @token      The token to store
 	 * @expiration The token expiration
-	 * @payload The payload
+	 * @payload    The payload
 	 *
 	 * @return JWTStorage
 	 */
@@ -92,7 +92,7 @@ component accessors="true" singleton threadsafe {
 	/**
 	 * Retrieve the token via the cache key, if the key doesn't exist a TokenNotFoundException will be thrown
 	 *
-	 * @key The cache key
+	 * @key          The cache key
 	 * @defaultValue If not found, return a default value
 	 *
 	 * @throws TokenNotFoundException

models/util/DBLogger.cfc

@@ -63,6 +63,9 @@ component accessors="true" singleton threadsafe {
 	 */
 	function configure(){
 		// Log settings check
+		if ( !variables.settings.firewall.logs.enabled ) {
+			return;
+		}
 		if ( !len( variables.settings.firewall.logs.table ) ) {
 			throw(
 				message = "No 'table' property defined for the firewall logs: firewall.logs.table",
@@ -210,10 +213,7 @@ component accessors="true" singleton threadsafe {
 			{},
 			{ datasource : variables.settings.firewall.logs.dsn }
 		).reduce( ( results, row ) => {
-			results[ row.action ] = {
-				"total" : row.total,
-				"percentage" : row.percentage
-			};
+			results[ row.action ] = { "total" : row.total, "percentage" : row.percentage };
 			return results;
 		}, {} );
 	}
@@ -348,7 +348,7 @@ component accessors="true" singleton threadsafe {
 		}
 
 		// else default to app datasource
-		if ( !isNull( settings.datasource ) ) {
+		if ( !isNull( settings.datasource ) && len( settings.datasource ) ) {
 			return settings.datasource;
 		}
 

models/validators/AuthValidator.cfc

@@ -74,7 +74,9 @@ component singleton threadsafe {
 			// Validate new interface if not, just warn
 			// TODO: Change to just use the hasRole() by vNext : Compat for now.
 			if ( !structKeyExists( oUser, "hasRole" ) ) {
-				variables.log.warn( "CBSecurity User object does not implement the `hasRole()` method. Please add it." );
+				variables.log.warn(
+					"CBSecurity User object does not implement the `hasRole()` method. Please add it."
+				);
 			}
 
 			// Check roles

models/validators/BasicAuthValidator.cfc

@@ -101,7 +101,9 @@ component singleton threadsafe {
 		// Validate new interface if not, just warn
 		// TODO: Change to just use the hasRole() by vNext : Compat for now.
 		if ( !structKeyExists( oUser, "hasRole" ) ) {
-			variables.log.warn( "CBSecurity User object does not implement the `hasRole()` method. Please add it." );
+			variables.log.warn(
+				"CBSecurity User object does not implement the `hasRole()` method. Please add it."
+			);
 		}
 
 		// Check roles

models/validators/CBAuthValidator.cfc

@@ -1,7 +1,9 @@
-component singleton threadsafe extends="AuthValidator"{
+component singleton threadsafe extends="AuthValidator" {
 
 	function onDIComplete(){
-		variables.log.warn( "The CBAuthValidator has been deprecated, please change your references to just `AuthValidator@cbsecurity` " );
+		variables.log.warn(
+			"The CBAuthValidator has been deprecated, please change your references to just `AuthValidator@cbsecurity` "
+		);
 	}
 
 }