feat: oauth debug toggle

extend.php

@@ -67,7 +67,8 @@
         ->default('fof-oauth.fullscreenPopup', true)
         ->serializeToForum('fof-oauth.popupWidth', 'fof-oauth.popupWidth', 'intval')
         ->serializeToForum('fof-oauth.popupHeight', 'fof-oauth.popupHeight', 'intval')
-        ->serializeToForum('fof-oauth.fullscreenPopup', 'fof-oauth.fullscreenPopup', 'boolVal'),
+        ->serializeToForum('fof-oauth.fullscreenPopup', 'fof-oauth.fullscreenPopup', 'boolVal')
+        ->default('fof-oauth.log-oauth-errors', false),
 
     (new Extend\Event())
         ->listen(OAuthLoginSuccessful::class, Listeners\UpdateEmailFromProvider::class)

js/src/admin/components/AuthSettingsPage.js

@@ -54,6 +54,18 @@ export default class AuthSettingsPage extends ExtensionPage {
 
             {this.providerSettingsItems().toArray()}
 
+            <hr />
+
+            <div className="AuthSettingsPage--advanced">
+              <h4>{app.translator.trans('fof-oauth.admin.settings.advanced.heading')}</h4>
+              {this.buildSettingComponent({
+                type: 'boolean',
+                setting: 'fof-oauth.log-oauth-errors',
+                label: app.translator.trans('fof-oauth.admin.settings.advanced.log-oauth-errors-label'),
+                help: app.translator.trans('fof-oauth.admin.settings.advanced.log-oauth-errors-help'),
+              })}
+            </div>
+
             {this.submitButton()}
           </div>
         </div>

resources/locale/en.yml

@@ -5,6 +5,10 @@ fof-oauth:
     settings_accessibility_label: "{name} settings"
 
     settings:
+      advanced:
+        heading: Advanced
+        log-oauth-errors-label: Log OAuth errors
+        log-oauth-errors-help: If enabled, OAuth errors will be logged to the Flarum log. This may help with debugging OAuth issues, but may also contain sensitive information.
       only_icons_label: Only show the Log In Button icons (alternative layout)
       update_email_from_provider_label: Update email address from provider
       update_email_from_provider_help: If enabled, the user's email address will be updated to match the one provided by the OAuth provider on each login to the forum. Not all providers provide the updated email, in which case this setting will not have any effect with those providers.

src/Controller.php

@@ -12,18 +12,41 @@
 namespace FoF\OAuth;
 
 use Exception;
+use Flarum\Forum\Auth\ResponseFactory;
 use Flarum\Http\Exception\RouteNotFoundException;
+use Flarum\Http\UrlGenerator;
+use Flarum\Settings\SettingsRepositoryInterface;
 use FoF\Extend\Controllers\AbstractOAuthController;
 use FoF\OAuth\Errors\AuthenticationException;
+use Illuminate\Contracts\Cache\Store as CacheStore;
+use Illuminate\Contracts\Events\Dispatcher;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use Psr\Log\LoggerInterface;
 
 abstract class Controller extends AbstractOAuthController
 {
+    /**
+     * @var SettingsRepositoryInterface
+     */
+    protected $settings;
+
+    public function __construct(
+        ResponseFactory $response,
+        SettingsRepositoryInterface $settings,
+        UrlGenerator $url,
+        Dispatcher $events,
+        CacheStore $cache,
+    ) {
+        parent::__construct($response, $settings, $url, $events, $cache);
+
+        $this->settings = $settings;
+    }
+
     protected function getRouteName(): string
     {
-        return 'auth.'.$this->getProviderName();
+        return 'auth.' . $this->getProviderName();
     }
 
     protected function getIdentifier($user): string
@@ -40,13 +63,29 @@ protected function getIdentifier($user): string
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        if (!(bool) (int) $this->settings->get('fof-oauth.'.$this->getProviderName())) {
+        if (!(bool) (int) $this->settings->get('fof-oauth.' . $this->getProviderName())) {
             throw new RouteNotFoundException();
         }
 
         try {
             return parent::handle($request);
         } catch (Exception $e) {
+            if ((bool) $this->settings->get('fof-oauth.log-oauth-errors')) {
+                /** @var LoggerInterface $logger */
+                $logger = resolve('log');
+                $detail = json_encode([
+                    'server_params' => $request->getServerParams(),
+                    'request_attrs' => $request->getAttributes(),
+                    'cookie_params' => $request->getCookieParams(),
+                    'query_params'  => $request->getQueryParams(),
+                    'parsed_body'   => $request->getParsedBody(),
+                    'code'    => $e->getCode(),
+                    'trace'   => $e->getTraceAsString(),
+                ], JSON_PRETTY_PRINT);
+
+                $logger->error("[OAuth][{$this->getProviderName()}] {$e->getMessage()}: {$detail}");
+            }
+
             if ($e->getMessage() === 'Invalid state' || $e instanceof IdentityProviderException) {
                 throw new AuthenticationException($e->getMessage());
             }