From d73064a718c40e5cb1f8888037656c9034b830b7 Mon Sep 17 00:00:00 2001
From: Jonathan van Rij <jonathan@blijnder.nl>
Date: Thu, 19 Mar 2026 10:43:39 +0100
Subject: [PATCH] adds logging

---
 .../Controllers/Auth/SocialiteController.php  | 110 ++++++++++++++----
 1 file changed, 87 insertions(+), 23 deletions(-)

diff --git a/app/Http/Controllers/Auth/SocialiteController.php b/app/Http/Controllers/Auth/SocialiteController.php
index e99c894..2d7659d 100644
--- a/app/Http/Controllers/Auth/SocialiteController.php
+++ b/app/Http/Controllers/Auth/SocialiteController.php
@@ -11,47 +11,51 @@
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\Log;
 use Laravel\Socialite\Facades\Socialite;
 
 final class SocialiteController extends Controller
 {
     /**
      * Redirect the user to the Azure AD authentication page.
+     * Logs the Azure config (client_id prefix, redirect URI, tenant) and generated redirect URL.
      */
     public function redirect(): RedirectResponse
     {
-        return Socialite::driver('azure')->redirect();
+        $azureConfig = config('services.azure');
+
+        Log::channel('single')->info('[Azure SSO] Initiating redirect', [
+            'client_id_prefix' => substr((string) Arr::get($azureConfig, 'client_id', ''), 0, 4),
+            'redirect_uri' => Arr::get($azureConfig, 'redirect'),
+            'tenant' => Arr::get($azureConfig, 'tenant'),
+        ]);
+
+        $response = Socialite::driver('azure')->redirect();
+
+        Log::channel('single')->info('[Azure SSO] Redirect URL generated', [
+            'redirect_url' => $response->getTargetUrl(),
+        ]);
+
+        return $response;
     }
 
     /**
      * Handle the callback from Azure AD after authentication.
+     * Logs request parameters, the resolved Azure user, and the upserted local user.
+     * Wraps the entire flow in a try/catch to capture and log any exceptions.
      */
     public function callback(): RedirectResponse
     {
-        $azureUser = Socialite::driver('azure')->user();
+        try {
+            return $this->processCallback();
+        } catch (\Throwable $e) {
+            Log::channel('single')->error('[Azure SSO] Exception during callback', [
+                'message' => $e->getMessage(),
+                'exception' => $e->getTraceAsString(),
+            ]);
 
-        $user = User::query()->updateOrCreate(
-            ['email' => $azureUser->getEmail()],
-            [
-                'name' => $azureUser->getName(),
-                'azure_id' => $azureUser->getId(),
-                'photo' => $azureUser->getAvatar(),
-                'job_title' => Arr::get($azureUser->user, 'jobTitle'),
-                'department' => Arr::get($azureUser->user, 'department'),
-                'company_name' => Arr::get($azureUser->user, 'companyName'),
-                'phone' => Arr::get($azureUser->user, 'mobilePhone', Arr::get($azureUser->user, 'businessPhones.0')),
-            ]
-        );
-
-        if ($user->role_id === null) {
-            $user->update(['role_id' => Role::where('name', 'user')->first()->id]);
+            throw $e;
         }
-
-        auth()->login($user);
-
-        ActivityLogger::log('login', $user->id, metadata: ['email' => $user->email, 'firm_name' => Arr::get($azureUser->user, 'companyName')]);
-
-        return redirect('/');
     }
 
     /**
@@ -68,4 +72,64 @@ public function logout(Request $request): RedirectResponse
 
         return redirect('/');
     }
+
+    /**
+     * Execute the full Azure AD callback flow: resolve the user, upsert the local record,
+     * assign a default role if needed, log the user in, and record the activity.
+     */
+    private function processCallback(): RedirectResponse
+    {
+        Log::channel('single')->info('[Azure SSO] Callback received', [
+            'query_code' => substr((string) request()->query('code', ''), 0, 8).'…',
+            'query_state' => request()->query('state'),
+            'query_error' => request()->query('error'),
+            'query_error_description' => request()->query('error_description'),
+        ]);
+
+        $azureUser = Socialite::driver('azure')->user();
+
+        Log::channel('single')->info('[Azure SSO] Azure user resolved', [
+            'azure_id' => $azureUser->getId(),
+            'email' => $azureUser->getEmail(),
+            'name' => $azureUser->getName(),
+            'job_title' => Arr::get($azureUser->user, 'jobTitle'),
+            'department' => Arr::get($azureUser->user, 'department'),
+            'company' => Arr::get($azureUser->user, 'companyName'),
+        ]);
+
+        $user = User::query()->updateOrCreate(
+            ['email' => $azureUser->getEmail()],
+            [
+                'name' => $azureUser->getName(),
+                'azure_id' => $azureUser->getId(),
+                'photo' => $azureUser->getAvatar(),
+                'job_title' => Arr::get($azureUser->user, 'jobTitle'),
+                'department' => Arr::get($azureUser->user, 'department'),
+                'company_name' => Arr::get($azureUser->user, 'companyName'),
+                'phone' => Arr::get($azureUser->user, 'mobilePhone', Arr::get($azureUser->user, 'businessPhones.0')),
+            ]
+        );
+
+        Log::channel('single')->info('[Azure SSO] Local user upserted', [
+            'user_id' => $user->id,
+            'email' => $user->email,
+            'was_recent' => $user->wasRecentlyCreated,
+            'role_id' => $user->role_id,
+        ]);
+
+        if ($user->role_id === null) {
+            $user->update(['role_id' => Role::where('name', 'user')->first()->id]);
+
+            Log::channel('single')->info('[Azure SSO] Default role assigned', [
+                'user_id' => $user->id,
+                'role_id' => $user->role_id,
+            ]);
+        }
+
+        auth()->login($user);
+
+        ActivityLogger::log('login', $user->id, metadata: ['email' => $user->email, 'firm_name' => Arr::get($azureUser->user, 'companyName')]);
+
+        return redirect('/');
+    }
 }