Enhanced BroadcastAuthDebug middleware for improved error logging and channel information parsing

- Updated BroadcastAuthDebug middleware to log additional details on failed broadcast authentication attempts, including user anonymity and channel type.

Author: marcoAntonioNina

ProcessMaker/Http/Middleware/BroadcastAuthDebug.php

@@ -24,22 +24,67 @@ public function handle($request, Closure $next)
             return $response;
         }
 
+        if ($response->getStatusCode() < 400) {
+            return $response;
+        }
+
         $user = Auth::user();
+        $channelName = $request->input('channel_name');
+        $channelInfo = $this->parseChannelInfo($channelName);
 
-        if ($response->getStatusCode() >= 400) {
-            Log::error('Broadcast auth failed', [
-                'status' => $response->getStatusCode(),
-                'user_id' => $user?->id,
-                'user_type' => $user ? get_class($user) : null,
-                'has_session' => $request->hasSession(),
-                'session_id' => $request->session()?->getId(),
-                'channel' => $request->input('channel_name'),
-                'cookie_present' => $request->hasCookie(config('session.cookie')),
-                'ip' => $request->ip(),
-                'timestamp' => now()->toIso8601String(),
-            ]);
-        }
+        Log::error('Broadcast auth failed', [
+            'status' => $response->getStatusCode(),
+            'user_id' => $user?->id,
+            'user_type' => $user ? get_class($user) : null,
+            'user_is_anonymous' => $user && method_exists($user, 'isAnonymous') ? $user->isAnonymous : null,
+            'has_session' => $request->hasSession(),
+            'session_id' => $request->session()?->getId(),
+            'channel_name' => $channelName,
+            'channel_type' => $channelInfo['type'],
+            'channel_resource_id' => $channelInfo['id'],
+            'user_channel_mismatch' => $channelInfo['type'] === 'User' && $user && $channelInfo['id']
+                ? (string) $user->id !== (string) $channelInfo['id']
+                : null,
+            'cookie_present' => $request->hasCookie(config('session.cookie')),
+            'ip' => $request->ip(),
+            'origin' => $request->header('Origin'),
+            'referer' => $request->header('Referer'),
+            'user_agent' => $request->userAgent(),
+            'socket_id' => $request->input('socket_id'),
+            'response_body' => $this->getResponseBody($response),
+            'timestamp' => now()->toIso8601String(),
+        ]);
 
         return $response;
     }
+
+    private function parseChannelInfo(?string $channelName): array
+    {
+        if (!$channelName) {
+            return ['type' => null, 'id' => null];
+        }
+        // Strip tenant prefix: tenant_X.ProcessMaker.Models.User.14 -> ProcessMaker.Models.User.14
+        $channel = preg_replace('/^tenant_\d+\./', '', $channelName);
+        if (preg_match('/ProcessMaker\.Models\.User\.(\d+)/', $channel, $m)) {
+            return ['type' => 'User', 'id' => $m[1]];
+        }
+        if (preg_match('/ProcessMaker\.Models\.ProcessRequest\.(\d+)/', $channel, $m)) {
+            return ['type' => 'ProcessRequest', 'id' => $m[1]];
+        }
+        if (preg_match('/ProcessMaker\.Models\.ProcessRequestToken\.(\d+)/', $channel, $m)) {
+            return ['type' => 'ProcessRequestToken', 'id' => $m[1]];
+        }
+
+        return ['type' => 'other', 'id' => null];
+    }
+
+    private function getResponseBody($response): ?string
+    {
+        $content = $response->getContent();
+        if (is_string($content) && strlen($content) < 500) {
+            return $content;
+        }
+
+        return $content ? '[truncated]' : null;
+    }
 }

ProcessMaker/Providers/BroadcastServiceProvider.php

@@ -15,7 +15,6 @@ class BroadcastServiceProvider extends ServiceProvider
      */
     public function boot()
     {
-        //auth:web,anon is needed to allow anonymous users to listen to channels
         Broadcast::routes(['middleware' => ['web', 'auth:web,anon', BroadcastAuthDebug::class]]);
         require base_path('routes/channels.php');
     }

resources/js/bootstrap.js

@@ -347,6 +347,7 @@ if (window.Processmaker && window.Processmaker.broadcasting) {
     config.authEndpoint = `${window.location.origin}/broadcasting/auth`;
   }
   config.auth = config.auth || {};
+  config.auth.headers = config.auth.headers || {};
   if (config.auth.withCredentials === undefined) {
     config.auth.withCredentials = true;
   }

routes/web.php

@@ -215,9 +215,6 @@
     Route::get('tasks/update_variable/{token_abe}', [TaskController::class, 'updateVariable'])->name('tasks.abe.update');
 });
 
-// Add our broadcasting routes
-Broadcast::routes();
-
 // Authentication Routes...
 Route::get('login', [LoginController::class, 'showLoginForm'])->name('login');
 Route::post('login', [LoginController::class, 'loginWithIntendedCheck']);