Middleware Logging (#129)

kevin-carroll · web-flow · commit f5368887cdea · 2023-10-08T16:02:55.000-07:00
* Fixed an issue where some security middleware components would log erroneous messages when they were skipped  and performed no action.
diff --git a/src/graphql-aspnet/Middleware/SchemaItemSecurity/Components/SchemaItemAuthenticationMiddleware.cs b/src/graphql-aspnet/Middleware/SchemaItemSecurity/Components/SchemaItemAuthenticationMiddleware.cs
@@ -6,6 +6,7 @@
 // --
 // License:  MIT
 // *************************************************************
+
 namespace GraphQL.AspNet.Middleware.SchemaItemSecurity.Components
 {
     using System;
@@ -47,22 +48,25 @@ public SchemaItemAuthenticationMiddleware(IAuthenticationSchemeProvider schemePr
         /// <inheritdoc />
         public async Task InvokeAsync(SchemaItemSecurityChallengeContext context, GraphMiddlewareInvocationDelegate<SchemaItemSecurityChallengeContext> next, CancellationToken cancelToken = default)
         {
-            context.Logger?.SchemaItemAuthenticationChallenge(context);
-
             // only attempt an authentication
             // if no result is already deteremined and if no user has already been authenticated
-            IAuthenticationResult authenticationResult = null;
+            //
+            // if a piece of middleware has already set an authenticated user
+            // just skip this component.
             if (context.Result == null && context.AuthenticatedUser == null)
             {
+                context.Logger?.SchemaItemAuthenticationChallenge(context);
+                IAuthenticationResult authenticationResult = null;
+
                 ClaimsPrincipal user;
                 SchemaItemSecurityChallengeResult challengeResult;
 
                 (user, authenticationResult, challengeResult) = await this.AuthenticateUser(context, cancelToken);
                 context.AuthenticatedUser = user;
                 context.Result = challengeResult;
-            }
 
-            context.Logger?.SchemaItemAuthenticationChallengeResult(context, authenticationResult);
+                context.Logger?.SchemaItemAuthenticationChallengeResult(context, authenticationResult);
+            }
 
             await next.Invoke(context, cancelToken).ConfigureAwait(false);
         }
diff --git a/src/graphql-aspnet/Middleware/SchemaItemSecurity/Components/SchemaItemAuthorizationMiddleware.cs b/src/graphql-aspnet/Middleware/SchemaItemSecurity/Components/SchemaItemAuthorizationMiddleware.cs
@@ -45,17 +45,17 @@ public SchemaItemAuthorizationMiddleware(IAuthorizationService authService = nul
         /// <returns>Task.</returns>
         public async Task InvokeAsync(SchemaItemSecurityChallengeContext context, GraphMiddlewareInvocationDelegate<SchemaItemSecurityChallengeContext> next, CancellationToken cancelToken = default)
         {
-            context.Logger?.SchemaItemAuthorizationChallenge(context);
-
             // a result may have been set by other middleware
             // in this auth pipeline, if a result is already determined just skip this step
             if (context.Result == null)
             {
+                context.Logger?.SchemaItemAuthorizationChallenge(context);
+
                 var result = await this.AuthorizeRequestAsync(context).ConfigureAwait(false);
                 context.Result = result ?? SchemaItemSecurityChallengeResult.Default();
-            }
 
-            context.Logger?.SchemaItemAuthorizationChallengeResult(context);
+                context.Logger?.SchemaItemAuthorizationChallengeResult(context);
+            }
 
             await next(context, cancelToken).ConfigureAwait(false);
         }
