From 2a6895b0154e96bb0bb280d8106468c3f3616cbc Mon Sep 17 00:00:00 2001
From: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Date: Thu, 29 Sep 2022 09:25:45 -0500
Subject: [PATCH] Log user email upon successful SSO login (#8012)

---
 changes/issue-7888-sso-login-log | 1 +
 server/service/sessions.go       | 8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 changes/issue-7888-sso-login-log

diff --git a/changes/issue-7888-sso-login-log b/changes/issue-7888-sso-login-log
new file mode 100644
index 0000000000..4263344652
--- /dev/null
+++ b/changes/issue-7888-sso-login-log
@@ -0,0 +1 @@
+* Added logging to capture user email upon successful SSO login
\ No newline at end of file
diff --git a/server/service/sessions.go b/server/service/sessions.go
index d9b009dd69..e4c252305d 100644
--- a/server/service/sessions.go
+++ b/server/service/sessions.go
@@ -270,7 +270,7 @@ func (svc *Service) InitiateSSO(ctx context.Context, redirectURL string) (string
 	// initiate SSO.
 	svc.authz.SkipAuthorization(ctx)
 
-	logging.WithLevel(ctx, level.Info)
+	logging.WithLevel(logging.WithNoUser(ctx), level.Info)
 
 	appConfig, err := svc.ds.AppConfig(ctx)
 	if err != nil {
@@ -409,7 +409,7 @@ func (svc *Service) InitSSOCallback(ctx context.Context, auth fleet.Auth) (strin
 	// hit the SSO callback.
 	svc.authz.SkipAuthorization(ctx)
 
-	logging.WithLevel(ctx, level.Info)
+	logging.WithLevel(logging.WithNoUser(ctx), level.Info)
 
 	appConfig, err := svc.ds.AppConfig(ctx)
 	if err != nil {
@@ -487,6 +487,8 @@ func (svc *Service) GetSSOUser(ctx context.Context, auth fleet.Auth) (*fleet.Use
 }
 
 func (svc *Service) LoginSSOUser(ctx context.Context, user *fleet.User, redirectURL string) (*fleet.SSOSession, error) {
+	logging.WithExtras(ctx, "email", user.Email)
+
 	// if the user is not sso enabled they are not authorized
 	if !user.SSOEnabled {
 		err := ctxerr.New(ctx, "user not configured to use sso")
@@ -530,7 +532,7 @@ func (svc *Service) SSOSettings(ctx context.Context) (*fleet.SessionSSOSettings,
 	// that they have the necessary information to initiate SSO).
 	svc.authz.SkipAuthorization(ctx)
 
-	logging.WithLevel(ctx, level.Info)
+	logging.WithLevel(logging.WithNoUser(ctx), level.Info)
 
 	appConfig, err := svc.ds.AppConfig(ctx)
 	if err != nil {