Rsa signature validation error logging (#718)

nrostrow-meta · Noah Ostrowski · web-flow · commit 6c101246daa6 · 2024-04-22T13:36:59.000-07:00
* Adding error logging for RSA signature validation and fixed error with having empty string in extra_data

* empty_string -&gt; empty_str

* Fixing static test failure

* Attempting to resolve static test failure

---------

Co-authored-by: Noah Ostrowski &lt;nrostrow@fb.com&gt;
diff --git a/app/code/Meta/BusinessExtension/Model/Api/CustomApiKey/Authenticator.php b/app/code/Meta/BusinessExtension/Model/Api/CustomApiKey/Authenticator.php
@@ -23,6 +23,7 @@
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\Request\Http;
 use Magento\Framework\Exception\LocalizedException;
+use Meta\BusinessExtension\Helper\FBEHelper;
 use Meta\BusinessExtension\Model\System\Config as SystemConfig;
 
 class Authenticator
@@ -42,33 +43,42 @@ class Authenticator
      */
     private SystemConfig $systemConfig;
 
+    /**
+     * @var FBEHelper
+     */
+    private FBEHelper $fbeHelper;
+
     /**
      * Authenticator constructor
      *
      * @param ScopeConfigInterface $scopeConfig
      * @param Http                 $httpRequest
      * @param SystemConfig         $systemConfig
+     * @param FBEHelper            $fbeHelper
      */
     public function __construct(
         ScopeConfigInterface $scopeConfig,
         Http                 $httpRequest,
-        SystemConfig         $systemConfig
+        SystemConfig         $systemConfig,
+        FBEHelper            $fbeHelper
     ) {
         $this->scopeConfig = $scopeConfig;
         $this->httpRequest = $httpRequest;
         $this->systemConfig = $systemConfig;
+        $this->fbeHelper = $fbeHelper;
     }
 
     /**
      * Authenticate an API request (validate the token and RSA signature)
      *
+     * @param string|null $storeId
      * @return void
      * @throws LocalizedException
      */
-    public function authenticateRequest(): void
+    public function authenticateRequest(?string $storeId = null): void
     {
         $this->authenticateToken();
-        $this->authenticateSignature();
+        $this->authenticateSignature($storeId);
     }
 
     /**
@@ -104,10 +114,11 @@ private function authenticateToken(): void
     /**
      * Authenticate RSA Signature for API Request
      *
+     * @param string|null $storeId
      * @return void
      * @throws LocalizedException
      */
-    private function authenticateSignature(): void
+    private function authenticateSignature(?string $storeId = null): void
     {
         // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $publicKey = file_get_contents(__DIR__ . '/PublicKey.pem');
@@ -130,7 +141,23 @@ private function authenticateSignature(): void
         $verification = openssl_verify($originalMessage, $decodedSignature, $publicKeyResource, OPENSSL_ALGO_SHA256);
 
         if (!$verification) {
-            throw new LocalizedException(__('RSA Signature Validation Failed'));
+            $ex = new LocalizedException(__('RSA Signature Validation Failed'));
+            if ($storeId !== null) {
+                $this->fbeHelper->logExceptionImmediatelyToMeta(
+                    $ex,
+                    [
+                        'store_id' => $storeId,
+                        'event' => 'authentication_error',
+                        'event_type' => 'rsa_signature_validation_error',
+                        'extra_data' => [
+                            'request_uri' => $requestUri,
+                            'request_body' => $requestBody,
+                            'request_signature' => $signature
+                        ]
+                    ]
+                );
+            }
+            throw $ex;
         }
     }
 }
diff --git a/app/code/Meta/BusinessExtension/Model/PersistMetaLogImmediatelyHandler.php b/app/code/Meta/BusinessExtension/Model/PersistMetaLogImmediatelyHandler.php
@@ -65,8 +65,12 @@ public function persistMetaLogImmediately(string $message): void
         // Meta expects extra_data field to be dict<string, string>
         $context['extra_data'] = array_map(
             function ($value) {
+                if ($value === '') {
+                    return 'empty_str';
+                }
                 return is_string($value) ? $value : json_encode($value);
-            }, $context['extra_data']
+            },
+            $context['extra_data']
         );
         $this->graphApiAdapter->persistLogToMeta($context, $accessToken);
     }
diff --git a/app/code/Meta/Sales/Model/Api/HealthCheckApi.php b/app/code/Meta/Sales/Model/Api/HealthCheckApi.php
@@ -57,8 +57,8 @@ public function __construct(
      */
     public function healthCheck(string $externalBusinessId): bool
     {
-        $this->authenticator->authenticateRequest();
-        $this->orderHelper->getStoreIdByExternalBusinessId($externalBusinessId);
+        $storeId = $this->orderHelper->getStoreIdByExternalBusinessId($externalBusinessId);
+        $this->authenticator->authenticateRequest($storeId);
 
         return true;
     }

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,8 @@ public function __construct(`
`57`	`57`	`*/`
`58`	`58`	`public function healthCheck(string $externalBusinessId): bool`
`59`	`59`	`{`
`60`		`- $this->authenticator->authenticateRequest();`
`61`		`- $this->orderHelper->getStoreIdByExternalBusinessId($externalBusinessId);`
	`60`	`+ $storeId = $this->orderHelper->getStoreIdByExternalBusinessId($externalBusinessId);`
	`61`	`+ $this->authenticator->authenticateRequest($storeId);`
`62`	`62`
`63`	`63`	`return true;`
`64`	`64`	`}`