NoMethodError: undefined method silence for Logger after 2.0.0 upgrade about activerecord-session_store HOT 21 CLOSED

I ran into the same issue. ActiveRecord::SessionStore::Extension::LoggerSilencer was removed in this commit

I replaced my use of ActiveRecord::SessionStore::Extension::LoggerSilencer with the following.

Rails.logger.class.include ActiveSupport::LoggerSilence

from activerecord-session_store.

@jeremyburks-sikich Thanks for the pointer, that was the problem in my case! ❤️

from activerecord-session_store.

If anyone else is having this issue, I forked the project and added ActiveRecord::SessionStore::Extension::LoggerSilencer back in to version 2.0.0 with the CVE fix.

That fork is located here: https://github.com/egallup02360/activerecord-session_store

Can confirm my logging works through GELF/Lograge->Graylog and the session IDs are properly secured with this fork. Obviously we would want to continue with the official repo at some point if a workaround or solution is found for this particular issue.

from activerecord-session_store.

Thanks! That seemed to resolve things for me as well. I'm curious if this should be pulled into this gem directly? Feels weird to require changes to logging in consuming applications.

from activerecord-session_store.

Hi, I'm having the same issue after 2.0.0 upgrade. Where should I put the following code?

Rails.logger.class.include ActiveSupport::LoggerSilence

I don't see any ActiveRecord::SessionStore::Extension::LoggerSilencer in my repo.

You could put it in your initializer: config/initializers/session_store.rb

from activerecord-session_store.

@powerwlsl Maybe compare staging.rb to production.rb and see if you can isolate any differences. Not sure though, I only was having trouble in my test environment.

Not sure it helps but I have these logging related lines in my staging and production environment configs:

  # Use the lowest log level to ensure availability of diagnostic information
  # when problems arise.
  config.log_level = :debug

  # Prepend all log lines with the following tags.
  config.log_tags = [ :request_id ]
  
  # Use default logging formatter so that PID and timestamp are not suppressed.
  config.log_formatter = ::Logger::Formatter.new

  # Use a different logger for distributed setups.
  # require 'syslog/logger'
  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')

  if ENV["RAILS_LOG_TO_STDOUT"].present?
    logger           = ActiveSupport::Logger.new(STDOUT)
    logger.formatter = config.log_formatter
    config.logger    = ActiveSupport::TaggedLogging.new(logger)
  end

In my case, I removed the config.logger = Logger.new(nil) setting in my test environment and that solved the issue without add Rails.logger.class.include ActiveSupport::LoggerSilence.

from activerecord-session_store.

I just stop receiving my application logs.

It's either misconfigured (LoggerSilence makes the level a per thread variable, which might impact you configuration) or GELF::Logger is incompatible with LoggerSilence. Is GELF open source? Can you repo in isolation?

Should I open a separate issue for this?

No, this isn't a problem with activerecord-session_store, it expects a contract from ActiveRecord::Base.logger, and the logger in your app doesn't fulfil that contract. That's on you to figure it out.

Alternatively if you just want an easy way out, you can vendor the old ActiveRecord::SessionStore::Extension::LoggerSilencer in your app and just use that (you'll have to rename the method though).

That's fair, and I'm going to find my own way around this, I do appreciate your responses and suggestions. I'd just like to point out that prior to upgrading this gem, and only this gem, that logging worked perfectly for my use case.

This is just my opinion, but ripping an extension out that is documented in your README without a prior release that includes a depreciation warning is bad practice. Rails, in general, is really good about doing this, why is activerecord-session_store any different?

I understand patching the CVE was urgent, but that could have been fixed in a minor release rather than introducing almost two years worth of undocumented changes, since your last release, all at once. Again, just my opinion.

Thank you for your continued work on this project and I hope my opinions don't offend you or come off as rude, that's not my intention at all. We're on Github for collaboration and sharing our opinions, after all.

from activerecord-session_store.

@swanson Does your app use a logger other than the default? For example, mine does which is why I need to include ActiveSupport::LoggerSilence.

It looks like the default logger includes ActiveSupport::LoggerSilence.

from activerecord-session_store.

@swanson Does your app use a logger other than the default? For example, mine does which is why I need to include ActiveSupport::LoggerSilence.

It looks like the default logger includes ActiveSupport::LoggerSilence.

Hmm, I didn't think I was using anything fancy, but I did notice that in my test environment I am setting config.logger = Logger.new(nil) which may be the problem.

from activerecord-session_store.

Hi, I'm having the same issue after 2.0.0 upgrade. Where should I put the following code?

Rails.logger.class.include ActiveSupport::LoggerSilence

I don't see any ActiveRecord::SessionStore::Extension::LoggerSilencer in my repo.

from activerecord-session_store.

Hey @swanson, thanks for the reply. I added that in the initializer file, but I still get the error.

NoMethodError: undefined method `silence' for #<Logger:0x000055de16b77330>

    /usr/local/bundle/gems/activerecord-session_store-2.0.0/lib/action_dispatch/session/active_record_store.rb:119:in `get_session_model'

    /usr/local/bundle/gems/activerecord-session_store-2.0.0/lib/action_dispatch/session/active_record_store.rb:147:in `find_session'

Oddly it only happens on staging, so I also added

    logger           = ActiveSupport::Logger.new(STDOUT)
    logger.formatter = config.log_formatter
    config.logger    = ActiveSupport::TaggedLogging.new(logger)

into config/environments/stage.rb, but the error didn't go away.

Do you have any idea?

Ruby 2.5.3
Rails 6.0.3.5

from activerecord-session_store.

This causes issues with GELF and Lograge, previously we used

GELF::Logger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

which resulted in an error and a failed deploy, I tried changing this to

GELF::Logger.send :include, ActiveSupport::LoggerSilence
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

This no longer causes an error or failed deploy, but now we don't have any logs... which is obviously a huge problem.

Any ideas?

from activerecord-session_store.

@byroot Any ideas?

from activerecord-session_store.

@byroot Any ideas?

It's all explained in this issue and in my commit, ActiveRecord::Base.logger is expected to implement the logger silencer interface on its own. If it doesn't your are responsible for extending it yourself.

#<Logger:0x0000555d12a49218> is the stdlib logger, use ActiveSupport::Logger instead.

from activerecord-session_store.

It's all explained in this issue and in my commit, ActiveRecord::Base.logger is expected to implement the logger silencer interface on its own. If it doesn't your are responsible for extending it yourself.

#<Logger:0x0000555d12a49218> is the stdlib logger, use ActiveSupport::Logger instead.

Thanks for the reply, I tried changing

GELF::Logger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

to

GELF::Logger.send :include, ActiveSupport::Logger
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

And my deploy fails giving an error of (first message in traceback)

TypeError: wrong argument type Class (expected Module)

I already tried, what this issue suggests with

GELF::Logger.send :include, ActiveSupport::LoggerSilence
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

Deploy succeeds, but nothing is transmitted to our Graylog cluster.

I confirmed this by running ngrep -W byline -d any udp and host ENV['LOGGING_SERVER'] and dst port ENV['LOGGING_PORT'] and watching the output when navigating around our rails app.

We haven't upgraded the gem to 2.0 in our production environment yet (due to these issues we're having with our logging solution), so I ran the ngrep command above there and I see messages sent. I run the same command in our staging environment with gem version 2.0 and I see no messages being sent at all.

Clearly ActiveRecord::SessionStore::Extension::LoggerSilencer implements something in a way that ActiveSupport::LoggerSilence doesn't.

I should point out that your README still reads

Please note that you will need to manually include the silencer module to your custom logger if you are using a logger other than Logger and Syslog::Logger and their subclasses:

MyLogger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer

This silencer is being used to silence the logger and not leaking private information into the log, and it is required for security reason.

But obviously that doesn't work anymore with the official gem at version 2.0.

I understand that this upgrade was of an urgent priority due to the nature of the CVE, but people who use custom logging solutions are going to have problems with the removal of the LoggerSilencer extension.

Could you take a deeper look at another way to rectify the situation?

Edit: Also, I'm not asking you to drop everything and fix this, it's not of an urgent priority. I'm just going to continue using our fork where I manually added ActiveRecord::SessionStore::Extension::LoggerSilencer back in, but like I said we would ideally want to be using the official gem.

from activerecord-session_store.

GELF::Logger.send :include, ActiveSupport::Logger

I mentioned ActiveSupport::Logger as an answer to @swanson who pinged me not to you. Not sure what made you think AS::Logger could be included.

The AS module that can be included is https://api.rubyonrails.org/classes/ActiveSupport/LoggerSilence.html

from activerecord-session_store.

GELF::Logger.send :include, ActiveSupport::Logger

I mentioned ActiveSupport::Logger as an answer to @swanson who pinged me not to you. Not sure what made you think AS::Logger could be included.

The AS module that can be included is https://api.rubyonrails.org/classes/ActiveSupport/LoggerSilence.html

Using MyLogger.include ActiveSupport::LoggerSilence or more accurately for my use case GELF::Logger.include ActiveSupport::LoggerSilence or GELF::Logger.send :include, ActiveSupport::LoggerSilence does not work.

No errors in sight. I just stop receiving my application logs. Should I open a separate issue for this?

from activerecord-session_store.

I just stop receiving my application logs.

It's either misconfigured (LoggerSilence makes the level a per thread variable, which might impact you configuration) or GELF::Logger is incompatible with LoggerSilence. Is GELF open source? Can you repo in isolation?

Should I open a separate issue for this?

No, this isn't a problem with activerecord-session_store, it expects a contract from ActiveRecord::Base.logger, and the logger in your app doesn't fulfil that contract. That's on you to figure it out.

Alternatively if you just want an easy way out, you can vendor the old ActiveRecord::SessionStore::Extension::LoggerSilencer in your app and just use that (you'll have to rename the method though).

from activerecord-session_store.

Since I upgraded to rails6.1, I met this problem.
finally, I fixed by add this line in application.rb:

ActiveRecord::Base.logger.class.include ActiveSupport::LoggerSilence

because in my project, Rails.logger use ActiveSupport::Logger, but ActiveRecord::Base.logger use Logger.

from activerecord-session_store.

The solution from @cnhuye works with ruby 2.7, but with ruby 3 it fails with:

class variable @@logger of ActiveRecord::Base is overtaken by Spawn (RuntimeError)

Has anyone experienced this issue?

from activerecord-session_store.

This causes issues with GELF and Lograge, previously we used

GELF::Logger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

which resulted in an error and a failed deploy, I tried changing this to

GELF::Logger.send :include, ActiveSupport::LoggerSilence
config.logger = GELF::Logger.new(ENV['LOGGING_SERVER'], ENV['LOGGING_PORT'], "WAN", { :facility => "Testing", :protocol => GELF::Protocol::UDP })

This no longer causes an error or failed deploy, but now we don't have any logs... which is obviously a huge problem.

Any ideas?

Hi, did you manage to solve this? I've spent a few days on this now without a solution :/

from activerecord-session_store.