Skip to content

feat: improve observability for the app registration flow by adding structured logs#60

Merged
Ghaith (Gaitholabi) merged 4 commits into
mainfrom
add/log-registration-process-signature
Jun 30, 2026
Merged

feat: improve observability for the app registration flow by adding structured logs#60
Ghaith (Gaitholabi) merged 4 commits into
mainfrom
add/log-registration-process-signature

Conversation

@leonbeckamp

Copy link
Copy Markdown
Contributor

Improve observability for the app registration flow by adding structured logging around key registration phases.

This adds log events for:

  • registration start before signature verification
  • registration preparation after shop creation/update
  • confirmation start before confirmation signature verification
  • secret rotation during confirmation
  • final registration confirmation

A small registrationLogContext() helper keeps the logged context consistent across these events. The context includes shop identity and state flags such as whether the shop exists, is confirmed, has a pending secret, or has a previous secret.

@leonbeckamp
Leon Beckamp (leonbeckamp) force-pushed the add/log-registration-process-signature branch from 48999d7 to 666fa9d Compare June 3, 2026 13:31
Ghaith (Gaitholabi) added a commit that referenced this pull request Jun 23, 2026
…t-free context

Extends PR #60's happy-path INFO logs with failure-path observability:

- RegistrationService: log a warning (and re-throw) when register/
  registerConfirm signature verification throws, with the existing
  registrationLogContext plus the exception class (G1).
- registrationLogContext: add enforce-double-signature and
  has-verified-with-double-signature flags (G4).
- DualSignatureRequestVerifier: inject an optional PSR-3 logger
  (NullLogger default, BC-safe). Log the three rotation-window
  branches in authenticateWithPreviousSecret -- fallback used (info),
  refused after the inflight window (warning, with secretsRotatedAt /
  allowance / delta), unavailable (warning) (G2). Log request-path
  verification failures on POST/GET/storefront entry points with shop
  id, method/path and exception class (G3).

All context is secret-free: only ids, urls, booleans, the exception
::class, ISO timestamps and numeric deltas. Failures are warning-level,
never error (G6). G5 (SDK version) skipped: no clean runtime version
source exists in the SDK.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Gaitholabi
Ghaith (Gaitholabi) force-pushed the add/log-registration-process-signature branch from 27571ca to 9391620 Compare June 24, 2026 13:35

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves observability of the app registration and request-signature verification flows by adding structured log events (with consistent context) across key phases, and by extending tests to assert on those emitted logs.

Changes:

  • Added new registration-phase log events (start, confirmation start, secret rotation) and enriched existing ones with Shopware version and signature payload context.
  • Refactored DualSignatureRequestVerifier to support structured logging for verification failures and previous-secret fallback behavior.
  • Updated/extended PHPUnit tests to record and assert log messages + context without depending on call order.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File Description
src/Registration/RegistrationService.php Adds structured registration logging, helper context builder, and Shopware-version extraction for registration/confirm requests.
src/Authentication/DualSignatureRequestVerifier.php Adds logger support, centralizes verification flow, logs fallback usage/refusal/unavailability and final verification failures with secret-free context.
tests/Registration/RegistrationServiceTest.php Introduces a recording logger helper and new/updated assertions for registration log events and contexts.
tests/Authentication/DualSignatureRequestVerifierTest.php Adds recording logger + assertions to validate verifier logging (including secret-rotation fallback paths) and enforce “no secrets in log context”.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/Registration/RegistrationService.php
Comment thread src/Registration/RegistrationService.php
Comment thread src/Registration/RegistrationService.php
Comment thread src/Registration/RegistrationService.php
Comment thread src/Authentication/DualSignatureRequestVerifier.php

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

Comment thread tests/Authentication/DualSignatureRequestVerifierTest.php Outdated
Comment thread src/Authentication/DualSignatureRequestVerifier.php
Comment thread src/Authentication/DualSignatureRequestVerifier.php Outdated
@Gaitholabi
Ghaith (Gaitholabi) force-pushed the add/log-registration-process-signature branch 2 times, most recently from 18c0ca4 to 02b9f06 Compare June 26, 2026 08:41
@Gaitholabi
Ghaith (Gaitholabi) force-pushed the add/log-registration-process-signature branch 10 times, most recently from de8d10d to 44d6a6a Compare June 26, 2026 11:49
…red logging around key registration phases

This adds log events for:
  - registration start before signature verification
  - registration preparation after shop creation/update
  - confirmation start before confirmation signature verification
  - secret rotation during confirmation
  - final registration confirmation

A small `registrationLogContext()` helper keeps the logged context
consistent across these events. The context includes shop identity and
state flags such as whether the shop exists,is confirmed, has a pending
secret, or has a previous secret.

  - Ran `php -l src/Registration/RegistrationService.php`
  - Confirmed no syntax errors
added signature-payload for logging
…erification

Adds structured log events across the registration and signature-verification
flow behind a shared, secret-free log context, and exposes verificationStage as
a public readonly property on the signature exceptions so the failing
verification leg is captured in the logs.
@Gaitholabi
Ghaith (Gaitholabi) force-pushed the add/log-registration-process-signature branch from bd83486 to 9923408 Compare June 30, 2026 10:11
Kills the escaped mutants in DualSignatureRequestVerifier::incomingShopwareVersion()
where a signed GET request carries sw-version as a query parameter rather than a
header, which had no test coverage.
@Gaitholabi Ghaith (Gaitholabi) changed the title Improve observability for the app registration flow by adding structu… feat: improve observability for the app registration flow by adding structured logs Jun 30, 2026
@Gaitholabi
Ghaith (Gaitholabi) merged commit 9fd9b59 into main Jun 30, 2026
12 checks passed
@Gaitholabi
Ghaith (Gaitholabi) deleted the add/log-registration-process-signature branch June 30, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants