CAS debugging

closes CORE-1813

test plan:
 * configure a CAS server
 * start debugging
 * login in a different window
 * refresh debugger; you should have info
 * login again
 * refresh debugger; it should not change (only captures one)

Change-Id: I691648e659a025bec51a4b5490db0097573959dd
Reviewed-on: https://gerrit.instructure.com/163074
Reviewed-by: Rob Orton <[email protected]>
QA-Review: Jeremy Putnam <[email protected]>
Product-Review: Cody Cutrer <[email protected]>
Tested-by: Jenkins

app/controllers/login/cas_controller.rb

@@ -37,6 +37,9 @@ def new
 
   def create
     logger.info "Attempting CAS login with ticket #{params[:ticket]} in account #{@domain_root_account.id}"
+    # only record further information if we're the first incoming ticket to fill out debugging info
+    debugging = aac.debug_set(:ticket_received, params[:ticket], overwrite: false) if aac.debugging?
+
     st = CASClient::ServiceTicket.new(params[:ticket], cas_login_url)
     begin
       default_timeout = Setting.get('cas_timelimit', 5.seconds.to_s).to_f
@@ -48,12 +51,14 @@ def create
       end
     rescue => e
       logger.warn "Failed to validate CAS ticket: #{e.inspect}"
+      aac.debug_set(:validate_service_ticket, t("Failed to validate CAS ticket: %{error}", error: e)) if debugging
       flash[:delegated_message] = t("There was a problem logging in at %{institution}",
                                     institution: @domain_root_account.display_name)
       return redirect_to login_url
     end
 
     if st.is_valid?
+      aac.debug_set(:validate_service_ticket, t("Validated ticket for %{username}", username: st.user)) if debugging
       reset_session_for_login
 
       pseudonym = @domain_root_account.pseudonyms.for_auth_configuration(st.user, aac)
@@ -73,7 +78,14 @@ def create
         redirect_to unknown_user_url
       end
     else
-      logger.warn "Failed CAS login attempt."
+      if debugging
+        if st.failure_code || st.failure_message
+          aac.debug_set(:validate_service_ticket, t("CAS server rejected ticket: %{message} (%{code})", message: st.failure_message, code: st.failure_code))
+        else
+          aac.debug_set(:validate_service_ticket, t("CAS server rejected ticket."))
+        end
+      end
+      logger.warn "Failed CAS login attempt. (#{st.failure_code}: #{st.failure_message})"
       flash[:delegated_message] = t("There was a problem logging in at %{institution}",
                                     institution: @domain_root_account.display_name)
       redirect_to login_url

app/models/authentication_provider.rb

@@ -303,13 +303,13 @@ def apply_federated_attributes(pseudonym, provider_attributes, purpose: :login)
 
   def debugging?
     unless instance_variable_defined?(:@debugging)
-      @debugging = !!Rails.cache.fetch(debug_key(:debugging))
+      @debugging = !!debug_get(:debugging)
     end
     @debugging
   end
 
   def stop_debugging
-    self.class.debugging_keys.map(&:keys).flatten.each { |key| Rails.cache.delete(debug_key(key)) }
+    self.class.debugging_keys.map(&:keys).flatten.each { |key| ::Canvas.redis.del(debug_key(key)) }
   end
 
   def start_debugging
@@ -319,11 +319,11 @@ def start_debugging
   end
 
   def debug_get(key)
-    Rails.cache.fetch(debug_key(key))
+    ::Canvas.redis.get(debug_key(key))
   end
 
-  def debug_set(key, value)
-    Rails.cache.write(debug_key(key), value, expires_in: debug_expire)
+  def debug_set(key, value, overwrite: true)
+    ::Canvas.redis.set(debug_key(key), value, ex: debug_expire.to_i, nx: overwrite ? nil : true)
   end
 
   protected
@@ -390,7 +390,7 @@ def enable_canvas_authentication
   end
 
   def debug_key(key)
-    ['auth_provider_debugging', self.id, key.to_s].cache_key
+    ['auth_provider_debugging', self.global_id, key.to_s].cache_key
   end
 
   def debug_expire

app/models/authentication_provider/cas.rb

@@ -32,6 +32,22 @@ def self.deprecated_params
     [ :unknown_user_url ].freeze
   end
 
+  def self.supports_debugging?
+    true
+  end
+
+  def self.debugging_sections
+    [nil]
+  end
+
+  def self.debugging_keys
+    [{
+       debugging: -> { t("Testing state") },
+       ticket_received: -> { t("Received CAS Ticket") },
+       validate_service_ticket: -> { t("Validated Service Ticket") },
+     }]
+  end
+
   def auth_provider_filter
     [nil, self]
   end