changeset 6081:3253536f55fe

merged
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 16 Sep 2014 23:37:08 +0200
parents e92d1fd9c183 (current diff) 236f7a9370c4 (diff)
children 2e2f7c6f39eb
files
diffstat 8 files changed, 39 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/PageEditor.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/PageEditor.py	Tue Sep 16 23:37:08 2014 +0200
@@ -27,6 +27,7 @@
 from MoinMoin.mail.sendmail import encodeSpamSafeEmail
 from MoinMoin.support.python_compatibility import set
 from MoinMoin.util import filesys, timefuncs, web
+from MoinMoin.util.abuse import log_attempt
 from MoinMoin.events import PageDeletedEvent, PageRenamedEvent, PageCopiedEvent, PageRevertedEvent
 from MoinMoin.events import PagePreSaveEvent, Abort, send_event
 import MoinMoin.events.notification as notification
@@ -168,8 +169,10 @@
 
         # check edit permissions
         if not request.user.may.write(self.page_name):
+            log_attempt('edit/no permissions', False, request, pagename=self.page_name)
             msg = _('You are not allowed to edit this page.')
         elif not self.isWritable():
+            log_attempt('edit/immutable', False, request, pagename=self.page_name)
             msg = _('Page is immutable!')
         elif self.rev:
             # Trying to edit an old version, this is not possible via
@@ -551,6 +554,7 @@
             return False, _("You can't copy to an empty pagename.")
 
         if not self.request.user.may.write(newpagename):
+            log_attempt('copy/no permissions', False, request, pagename=self.page_name)
             return False, _('You are not allowed to copy this page!')
 
         newpage = PageEditor(request, newpagename)
@@ -603,6 +607,7 @@
 
         if not (request.user.may.delete(self.page_name)
                 and request.user.may.write(newpagename)):
+            log_attempt('rename/no permissions', False, request, pagename=self.page_name)
             msg = _('You are not allowed to rename this page!')
             raise self.AccessDenied(msg)
 
@@ -710,6 +715,7 @@
         success = True
         if not (request.user.may.write(self.page_name)
                 and request.user.may.delete(self.page_name)):
+            log_attempt('delete/no permissions', False, request, pagename=self.page_name)
             msg = _('You are not allowed to delete this page!')
             raise self.AccessDenied(msg)
 
@@ -1074,9 +1080,11 @@
 
         msg = ""
         if not request.user.may.save(self, newtext, rev, **kw):
+            log_attempt('save/no permissions', False, request, pagename=self.page_name)
             msg = _('You are not allowed to edit this page!')
             raise self.AccessDenied(msg)
         elif not self.isWritable():
+            log_attempt('save/immutable', False, request, pagename=self.page_name)
             msg = _('Page is immutable!')
             raise self.Immutable(msg)
         elif not newtext:
@@ -1120,6 +1128,7 @@
             if (not request.user.may.admin(self.page_name) and
                 parseACL(request, newtext).acl != acl.acl and
                 action != "SAVE/REVERT"):
+                log_attempt('acl change/no permissions', False, request, pagename=self.page_name)
                 msg = _("You can't change ACLs on this page since you have no admin rights on it!")
                 raise self.NoAdmin(msg)
 
--- a/MoinMoin/action/edit.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/action/edit.py	Tue Sep 16 23:37:08 2014 +0200
@@ -11,6 +11,7 @@
 from MoinMoin import wikiutil
 from MoinMoin.Page import Page
 from MoinMoin.web.utils import check_surge_protect
+from MoinMoin.util.abuse import log_attempt
 
 def execute(pagename, request):
     """ edit a page """
@@ -22,6 +23,7 @@
         return
 
     if not request.user.may.write(pagename):
+        log_attempt('edit/no permissions', False, request, pagename=pagename)
         page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage')
         page.body = _('You are not allowed to edit this page.')
         page.page_name = pagename
--- a/MoinMoin/action/newpage.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/action/newpage.py	Tue Sep 16 23:37:08 2014 +0200
@@ -12,6 +12,7 @@
 
 import time
 from MoinMoin.Page import Page
+from MoinMoin.util.abuse import log_attempt
 
 class NewPage:
     """ Open editor for a new page, using template """
@@ -65,6 +66,7 @@
         page = Page(self.request, self.pagename)
         if not (page.isWritable() and self.request.user.may.read(self.pagename)):
             # Same error as the edit page for localization reasons
+            log_attempt('newpage/immutable or no permissions', False, self.request, pagename=self.pagename)
             return _('You are not allowed to edit this page.')
         return ''
 
--- a/MoinMoin/action/revert.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/action/revert.py	Tue Sep 16 23:37:08 2014 +0200
@@ -12,6 +12,7 @@
 from MoinMoin.Page import Page
 from MoinMoin.PageEditor import PageEditor
 from MoinMoin.action import ActionBase
+from MoinMoin.util.abuse import log_attempt
 
 class revert(ActionBase):
     """ revert page action
@@ -32,6 +33,8 @@
         _ = self._
         may = self.request.user.may
         allowed = may.write(self.pagename) and may.revert(self.pagename)
+        if not allowed:
+            log_attempt('revert/immutable or no permissions', False, self.request, pagename=self.pagename)
         return allowed, _('You are not allowed to revert this page!')
 
     def check_condition(self):
--- a/MoinMoin/auth/__init__.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/auth/__init__.py	Tue Sep 16 23:37:08 2014 +0200
@@ -252,11 +252,11 @@
         u = user.User(request, name=username, password=password, auth_method=self.name)
         if u.valid:
             logging.debug("%s: successfully authenticated user %r (valid)" % (self.name, u.name))
-            log_attempt("auth: login (moin)", True, request, username)
+            log_attempt("auth/login (moin)", True, request, username)
             return ContinueLogin(u)
         else:
             logging.debug("%s: could not authenticate user %r (not valid)" % (self.name, username))
-            log_attempt("auth: login (moin)", False, request, username)
+            log_attempt("auth/login (moin)", False, request, username)
             return ContinueLogin(user_obj, _("Invalid username or password."))
 
     def login_hint(self, request):
@@ -379,12 +379,12 @@
             u.create_or_update()
         if u and u.valid:
             logging.debug("returning valid user %r" % u)
-            log_attempt("auth: request (given)", True, request, auth_username)
+            log_attempt("auth/request (given)", True, request, auth_username)
             return u, True # True to get other methods called, too
         else:
             logging.debug("returning %r" % user_obj)
             if u and not u.valid:
-                log_attempt("auth: request (given)", False, request, auth_username)
+                log_attempt("auth/request (given)", False, request, auth_username)
             return user_obj, True
 
 
@@ -474,8 +474,7 @@
         uid = request.session['setuid']
         userobj = user.User(request, uid, auth_method='setuid')
         userobj.valid = True
-        log_attempt("auth: login (setuid from %r)" % old_user.name,
-                    True, request, userobj.name)
+        log_attempt("auth/login (setuid from %r)" % old_user.name, True, request, userobj.name)
     logging.debug("setup_suid returns %r, %r" % (userobj, old_user))
     return (userobj, old_user)
 
--- a/MoinMoin/events/__init__.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/events/__init__.py	Tue Sep 16 23:37:08 2014 +0200
@@ -14,6 +14,7 @@
 
 from MoinMoin import wikiutil
 from MoinMoin.util import pysupport
+from MoinMoin.util.abuse import log_attempt
 from MoinMoin.wikiutil import PluginAttributeError
 
 # Create a list of extension actions from the package directory
@@ -186,6 +187,7 @@
     req_superuser = True
 
     def __init__(self, request, user):
+        log_attempt('account/created', True, request, user.name)
         Event.__init__(self, request)
         self.user = user
 
--- a/MoinMoin/util/abuse.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/util/abuse.py	Tue Sep 16 23:37:08 2014 +0200
@@ -14,23 +14,24 @@
 logging = log.getLogger(__name__)
 
 
-def log_attempt(system, success, request=None, username=None):
+def log_attempt(system, success, request=None, username=None, pagename=None):
     """
     log attempts to use <system>, log success / failure / username / ip
 
     @param system: some string telling about the system that was used, e.g.
-                   "auth: login" or "textcha"
+                   "auth/login" or "textcha"
     @param success: whether the attempt was successful
     @param request: request object (optional, to determine remote's ip address)
     @param username: user's name (optional, if None: determined from request)
+    @param pagename: name of the page (optional)
     """
     if username is None:
-        if request and request.user.valid:
+        if request and hasattr(request, 'user') and request.user.valid:
             username = request.user.name
         else:
             username = u'anonymous'
     level = (logging.WARNING, logging.INFO)[success]
-    msg = """%s status: %s username: "%s" ip: %s"""
+    msg = """: %s: status %s: username "%s": ip %s: page %s"""
     status = ("failure", "success")[success]
     ip = request and request.remote_addr or 'unknown'
-    logging.log(level, msg, system, status, username, ip)
+    logging.log(level, msg, system, status, username, ip, pagename)
--- a/MoinMoin/wsgiapp.py	Tue Sep 16 14:14:50 2014 +0200
+++ b/MoinMoin/wsgiapp.py	Tue Sep 16 23:37:08 2014 +0200
@@ -19,6 +19,7 @@
 from MoinMoin.Page import Page
 from MoinMoin import auth, config, i18n, user, wikiutil, xmlrpc, error
 from MoinMoin.action import get_names, get_available_actions
+from MoinMoin.util.abuse import log_attempt
 
 
 def set_umask(new_mask=0777^config.umask):
@@ -172,7 +173,11 @@
             get_available_actions(cfg, context.page, context.user):
         msg = _("You are not allowed to do %(action_name)s on this page.") % {
                 'action_name': wikiutil.escape(action_name), }
-        if not context.user.valid:
+        if context.user.valid:
+            log_attempt(action_name + '/action unavailable', False,
+                        context.request, context.user.name, pagename=pagename)
+        else:
+            log_attempt(action_name + '/action unavailable', False, context.request, pagename=pagename)
             # Suggest non valid user to login
             msg += " " + _("Login and try again.")
 
@@ -186,7 +191,10 @@
         if handler is None:
             msg = _("You are not allowed to do %(action_name)s on this page.") % {
                     'action_name': wikiutil.escape(action_name), }
-            if not context.user.valid:
+            if context.user.valid:
+                log_attempt(action_name + '/no handler', False, context.request, context.user.name, pagename=pagename)
+            else:
+                log_attempt(action_name + '/no handler', False, context.request, pagename=pagename)
                 # Suggest non valid user to login
                 msg += " " + _("Login and try again.")
             context.theme.add_msg(msg, "error")