From b2095689fc301fff8071c6df1c7bc2fa3a4d8647 Mon Sep 17 00:00:00 2001 From: Sean Date: Thu, 13 Feb 2025 00:23:02 +0000 Subject: [PATCH] Bug 1930742 - Add a glean probe for SSO cookie parsing success/failure a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D228715 Differential Revision: https://phabricator.services.mozilla.com/D237074 --- netwerk/metrics.yaml | 41 +++++++++++++++++++ .../protocol/http/MicrosoftEntraSSOUtils.mm | 32 ++++++++++++++- 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/netwerk/metrics.yaml b/netwerk/metrics.yaml index 7d8c64f22aaf..bae8c539589d 100644 --- a/netwerk/metrics.yaml +++ b/netwerk/metrics.yaml @@ -1086,3 +1086,44 @@ networking: - necko@mozilla.com - kershaw@mozilla.com expires: never + +network.sso: + entra_success: + type: labeled_counter + description: > + Counts how often Entra SSO succeeded/failed (macOS only). Labels are ordered in reverse chronological relation to SSO success, meaning the labels higher up are closer to the SSO success. + device_headers_missing: only device_headers is missing in the SSO cookie. + prt_headers_missing: only prt_headers is missing in the SSO cookie. + both_headers_missing: both prt_headers and device_headers are missing in the SSO cookie. + invalid_cookie: Failed to parse SSO cookie (could be a null cookie/format is incorrect). + no_credential: ASAuthorizationSingleSignOnCredential is not present + broker_error: An error from Microsoft's broker. + invalid_controller_setup: ASAuthorizationController is setup incorrectly. + bugs: + - https://bugzilla.mozilla.org/1930742 + data_reviews: + - https://bugzilla.mozilla.org/show_bug.cgi?id=1930742 + notification_emails: + - necko@mozilla.com + expires: never + labels: + - success + - device_headers_missing + - prt_headers_missing + - both_headers_missing + - invalid_cookie + - no_credential + - broker_error + - invalid_controller_setup + + total_entra_uses: + type: counter + description: > + Counts how often Entra SSO is used (macOS only). + bugs: + - https://bugzilla.mozilla.org/1930742 + data_reviews: + - https://bugzilla.mozilla.org/show_bug.cgi?id=1930742 + notification_emails: + - necko@mozilla.com + expires: never diff --git a/netwerk/protocol/http/MicrosoftEntraSSOUtils.mm b/netwerk/protocol/http/MicrosoftEntraSSOUtils.mm index b3a5a238f3ee..e2072a528a6f 100644 --- a/netwerk/protocol/http/MicrosoftEntraSSOUtils.mm +++ b/netwerk/protocol/http/MicrosoftEntraSSOUtils.mm @@ -10,6 +10,7 @@ #include "MicrosoftEntraSSOUtils.h" #include "nsIURI.h" +#include "nsHttp.h" #include "nsHttpChannel.h" #include "nsCocoaUtils.h" #include "nsTHashMap.h" @@ -17,6 +18,7 @@ #include "nsThreadUtils.h" #include "mozilla/Logging.h" #include "mozilla/SyncRunnable.h" +#include "mozilla/glean/GleanMetrics.h" namespace { static mozilla::LazyLogModule gMacOSWebAuthnServiceLog("macOSSingleSignOn"); @@ -104,12 +106,14 @@ class API_AVAILABLE(macos(13.3)) MicrosoftEntraSSOUtils final { if (!err) { NSMutableArray* allHeaders = [NSMutableArray array]; + nsCString entraSuccessLabel; if (ssoCookiesDict[@"device_headers"]) { [allHeaders addObject:ssoCookiesDict[@"device_headers"]]; } else { MOZ_LOG(gMacOSWebAuthnServiceLog, mozilla::LogLevel::Debug, ("SSORequestDelegate::didCompleteWithAuthorization: " "Missing device_headers")); + entraSuccessLabel = "device_headers_missing"_ns; } if (ssoCookiesDict[@"prt_headers"]) { @@ -118,6 +122,11 @@ class API_AVAILABLE(macos(13.3)) MicrosoftEntraSSOUtils final { MOZ_LOG(gMacOSWebAuthnServiceLog, mozilla::LogLevel::Debug, ("SSORequestDelegate::didCompleteWithAuthorization: " "Missing prt_headers")); + entraSuccessLabel = "prt_headers_missing"_ns; + } + + if (allHeaders.count == 0) { + entraSuccessLabel = "both_headers_missing"_ns; } // We would like to have both device_headers and prt_headers before @@ -145,7 +154,10 @@ class API_AVAILABLE(macos(13.3)) MicrosoftEntraSSOUtils final { } } } + mozilla::glean::network_sso::entra_success.Get("success"_ns).Add(1); } else { + mozilla::glean::network_sso::entra_success.Get(entraSuccessLabel) + .Add(1); MOZ_LOG(gMacOSWebAuthnServiceLog, mozilla::LogLevel::Debug, ("SSORequestDelegate::didCompleteWithAuthorization: " "sso_cookies has missing headers")); @@ -155,21 +167,28 @@ class API_AVAILABLE(macos(13.3)) MicrosoftEntraSSOUtils final { ("SSORequestDelegate::didCompleteWithAuthorization: " "Failed to parse sso_cookies: %s", [[err localizedDescription] UTF8String])); + mozilla::glean::network_sso::entra_success.Get("invalid_cookie"_ns) + .Add(1); } } else { MOZ_LOG(gMacOSWebAuthnServiceLog, mozilla::LogLevel::Debug, ("SSORequestDelegate::didCompleteWithAuthorization: " "sso_cookies is not present")); + mozilla::glean::network_sso::entra_success.Get("invalid_cookie"_ns) + .Add(1); } } else { MOZ_LOG(gMacOSWebAuthnServiceLog, mozilla::LogLevel::Debug, ("SSORequestDelegate::didCompleteWithAuthorization: " "authenticatedResponse is nil")); + mozilla::glean::network_sso::entra_success.Get("invalid_cookie"_ns) + .Add(1); } } else { MOZ_LOG(gMacOSWebAuthnServiceLog, mozilla::LogLevel::Debug, ("SSORequestDelegate::didCompleteWithAuthorization: " "should have ASAuthorizationSingleSignOnCredential")); + mozilla::glean::network_sso::entra_success.Get("no_credential"_ns).Add(1); } NS_DispatchToMainThread(NS_NewRunnableFunction( @@ -232,6 +251,7 @@ class API_AVAILABLE(macos(13.3)) MicrosoftEntraSSOUtils final { } } + mozilla::glean::network_sso::entra_success.Get("broker_error"_ns).Add(1); NS_DispatchToMainThread(NS_NewRunnableFunction( "SSORequestDelegate::didCompleteWithError", [callback(mCallback)]() { MOZ_ASSERT(NS_IsMainThread()); @@ -373,7 +393,17 @@ nsresult AddMicrosoftEntraSSO(nsHttpChannel* aChannel, // after AddMicrosoftEntraSSO returns. RefPtr service = new MicrosoftEntraSSOUtils(aChannel, std::move(aResultCallback)); - return service->AddMicrosoftEntraSSOInternal() ? NS_OK : NS_ERROR_FAILURE; + + mozilla::glean::network_sso::total_entra_uses.Add(1); + + if (!service->AddMicrosoftEntraSSOInternal()) { + mozilla::glean::network_sso::entra_success + .Get("invalid_controller_setup"_ns) + .Add(1); + return NS_ERROR_FAILURE; + } + + return NS_OK; } } // namespace net } // namespace mozilla