changeset 3125:40c4670c3410

refactored auth package to use own logger
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Wed, 27 Feb 2008 10:05:20 +0100
parents 5d7582e47c50
children fac1b1e9ea95
files MoinMoin/auth/__init__.py MoinMoin/auth/interwiki.py MoinMoin/auth/ldap_login.py MoinMoin/auth/log.py MoinMoin/auth/mysql_group.py MoinMoin/auth/smb_mount.py
diffstat 6 files changed, 68 insertions(+), 48 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py	Wed Feb 27 02:52:12 2008 +0100
+++ b/MoinMoin/auth/__init__.py	Wed Feb 27 10:05:20 2008 +0100
@@ -117,12 +117,15 @@
     @copyright: 2005-2006 Bastian Blank, Florian Festi,
                           MoinMoin:AlexanderSchremmer, Nick Phillips,
                           MoinMoin:FrankieChow, MoinMoin:NirSoffer,
-                2005-2007 MoinMoin:ThomasWaldmann,
+                2005-2008 MoinMoin:ThomasWaldmann,
                 2007      MoinMoin:JohannesBerg
 
     @license: GNU GPL, see COPYING for details.
 """
 
+from MoinMoin import log
+logging = log.getLogger(__name__)
+
 from MoinMoin import user, wikiutil
 
 
@@ -220,17 +223,17 @@
 
         verbose = self.verbose
 
-        if verbose: request.log("moin_login performing login action")
+        if verbose: logging.info("performing login action")
 
         if username and not password:
             return ContinueLogin(user_obj, _('Missing password. Please enter user name and password.'))
 
         u = user.User(request, name=username, password=password, auth_method=self.name)
         if u.valid:
-            if verbose: request.log("moin_login got valid user...")
+            if verbose: logging.info("got valid user %r" % u.name)
             return ContinueLogin(u)
         else:
-            if verbose: request.log("moin_login not valid, previous valid=%d." % user_obj.valid)
+            if verbose: logging.info("login not valid, previous valid=%d." % user_obj.valid)
             return ContinueLogin(user_obj, _("Invalid username or password."))
 
     def login_hint(self, request):
@@ -241,3 +244,4 @@
                  '<a href="%(sendmypasswordlink)s">Forgot your password?</a>') % {
                'userprefslink': userprefslink,
                'sendmypasswordlink': sendmypasswordlink}
+
--- a/MoinMoin/auth/interwiki.py	Wed Feb 27 02:52:12 2008 +0100
+++ b/MoinMoin/auth/interwiki.py	Wed Feb 27 10:05:20 2008 +0100
@@ -3,13 +3,17 @@
     MoinMoin - authentication using a remote wiki
 
     @copyright: 2005 by Florian Festi,
-                2007 by MoinMoin:ThomasWaldmann
+                2007-2008 by MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
 
 verbose = False
 
 import xmlrpclib
+
+from MoinMoin import log
+logging = log.getLogger(__name__)
+
 from MoinMoin import auth, wikiutil, user
 from MoinMoin.auth import BaseAuth, ContinueLogin, CancelLogin
 
@@ -29,22 +33,21 @@
         if not username or not password:
             return ContinueLogin(user_obj)
 
-        if verbose: request.log("interwiki auth: trying to auth %r" % username)
+        if verbose: logging.info("trying to auth %r" % username)
         wikiname, username = username.split(' ', 1) # XXX Hack because ':' is not allowed in name field
         wikitag, wikiurl, name, err = wikiutil.resolve_interwiki(request, wikiname, username)
 
-        if verbose: request.log("interwiki auth: resolve wiki returned: %r %r %r %r" % (wikitag, wikiurl, name, err))
+        if verbose: logging.info("resolve wiki returned: %r %r %r %r" % (wikitag, wikiurl, name, err))
         if err or wikitag not in self.trusted_wikis:
             return ContinueLogin(user_obj)
 
         homewiki = xmlrpclib.ServerProxy(wikiurl + "?action=xmlrpc2")
         auth_token = homewiki.getAuthToken(name, password)
         if not auth_token:
-            if verbose: request.log("interwiki auth: %r wiki did not return an auth token." % wikitag)
+            if verbose: logging.info("%r wiki did not return an auth token." % wikitag)
             return ContinueLogin(user_obj)
 
-        if verbose: request.log("interwiki: successfully got an auth token for %r" % name)
-        if verbose: request.log("interwiki: trying to get user profile data for %r" % name)
+        if verbose: logging.info("successfully got an auth token for %r. trying to get user profile data..." % name)
 
         mc = xmlrpclib.MultiCall(homewiki)
         mc.applyAuthToken(auth_token)
@@ -52,14 +55,14 @@
         result, account_data = mc()
 
         if result != "SUCCESS":
-            if verbose: request.log("interwiki auth: %r wiki did not accept auth token." % wikitag)
+            if verbose: logging.info("%r wiki did not accept auth token." % wikitag)
             return ContinueLogin(None)
 
         if not account_data:
-            if verbose: request.log("interwiki auth: %r wiki did not return a user profile." % wikitag)
+            if verbose: logging.info("%r wiki did not return a user profile." % wikitag)
             return ContinueLogin(None)
 
-        if verbose: request.log("interwiki auth: %r wiki returned a user profile." % wikitag)
+        if verbose: logging.info("%r wiki returned a user profile." % wikitag)
 
         # TODO: check remote auth_attribs
         u = user.User(request, name=name, auth_method=self.name, auth_attribs=('name', 'aliasname', 'password', 'email', ))
@@ -68,7 +71,6 @@
                 setattr(u, key, value)
         u.valid = True
         u.create_or_update(True)
-        if verbose: request.log("interwiki: successful interwiki auth for %r" % name)
+        if verbose: logging.info("successful interwiki auth for %r" % name)
         return ContinueLogin(u)
 
-
--- a/MoinMoin/auth/ldap_login.py	Wed Feb 27 02:52:12 2008 +0100
+++ b/MoinMoin/auth/ldap_login.py	Wed Feb 27 10:05:20 2008 +0100
@@ -15,13 +15,16 @@
           allow more configuration (alias name, ...) by using
           callables as parameters
 
-    @copyright: 2006-2007 MoinMoin:ThomasWaldmann,
+    @copyright: 2006-2008 MoinMoin:ThomasWaldmann,
                 2006 Nick Phillips
     @license: GNU GPL, see COPYING for details.
 """
 import sys
 import ldap
 
+from MoinMoin import log
+logging = log.getLogger(__name__)
+
 from MoinMoin import user
 from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin
 
@@ -54,7 +57,7 @@
                 u = None
                 dn = None
                 coding = cfg.ldap_coding
-                if verbose: request.log("LDAP: Setting misc. options...")
+                if verbose: logging.info("Setting misc. ldap options...")
                 ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) # ldap v2 is outdated
                 ldap.set_option(ldap.OPT_REFERRALS, cfg.ldap_referrals)
                 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.ldap_timeout)
@@ -74,28 +77,28 @@
                             ldap.set_option(option, value)
 
                 server = cfg.ldap_uri
-                if verbose: request.log("LDAP: Trying to initialize %r." % server)
+                if verbose: logging.info("Trying to initialize %r." % server)
                 l = ldap.initialize(server)
-                if verbose: request.log("LDAP: Connected to LDAP server %r." % server)
+                if verbose: logging.info("Connected to LDAP server %r." % server)
 
                 if starttls and server.startswith('ldap:'):
-                    if verbose: request.log("LDAP: Trying to start TLS to %r." % server)
+                    if verbose: logging.info("Trying to start TLS to %r." % server)
                     try:
                         l.start_tls_s()
-                        if verbose: request.log("LDAP: Using TLS to %r." % server)
+                        if verbose: logging.info("Using TLS to %r." % server)
                     except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR), err:
-                        if verbose: request.log("LDAP: Couldn't establish TLS to %r (err: %s)." % (server, str(err)))
+                        if verbose: logging.info("Couldn't establish TLS to %r (err: %s)." % (server, str(err)))
                         raise
 
                 # you can use %(username)s and %(password)s here to get the stuff entered in the form:
                 ldap_binddn = cfg.ldap_binddn % locals()
                 ldap_bindpw = cfg.ldap_bindpw % locals()
                 l.simple_bind_s(ldap_binddn.encode(coding), ldap_bindpw.encode(coding))
-                if verbose: request.log("LDAP: Bound with binddn %r" % ldap_binddn)
+                if verbose: logging.info("Bound with binddn %r" % ldap_binddn)
 
                 # you can use %(username)s here to get the stuff entered in the form:
                 filterstr = cfg.ldap_filter % locals()
-                if verbose: request.log("LDAP: Searching %r" % filterstr)
+                if verbose: logging.info("Searching %r" % filterstr)
                 attrs = [getattr(cfg, attr) for attr in [
                                          'ldap_email_attribute',
                                          'ldap_aliasname_attribute',
@@ -108,23 +111,23 @@
                 lusers = [(dn, ldap_dict) for dn, ldap_dict in lusers if dn is not None]
                 if verbose:
                     for dn, ldap_dict in lusers:
-                        request.log("LDAP: dn:%r" % dn)
+                        logging.info("dn:%r" % dn)
                         for key, val in ldap_dict.items():
-                            request.log("    %r: %r" % (key, val))
+                            logging.info("    %r: %r" % (key, val))
 
                 result_length = len(lusers)
                 if result_length != 1:
                     if result_length > 1:
-                        request.log("LDAP: Search found more than one (%d) matches for %r." % (result_length, filterstr))
+                        logging.info("Search found more than one (%d) matches for %r." % (result_length, filterstr))
                     if result_length == 0:
-                        if verbose: request.log("LDAP: Search found no matches for %r." % (filterstr, ))
+                        if verbose: logging.info("Search found no matches for %r." % (filterstr, ))
                     return CancelLogin(_("Invalid username or password."))
 
                 dn, ldap_dict = lusers[0]
                 if not cfg.ldap_bindonce:
-                    if verbose: request.log("LDAP: DN found is %r, trying to bind with pw" % dn)
+                    if verbose: logging.info("DN found is %r, trying to bind with pw" % dn)
                     l.simple_bind_s(dn, password.encode(coding))
-                    if verbose: request.log("LDAP: Bound with dn %r (username: %r)" % (dn, username))
+                    if verbose: logging.info("Bound with dn %r (username: %r)" % (dn, username))
 
                 if cfg.ldap_email_callback is None:
                     if cfg.ldap_email_attribute:
@@ -156,10 +159,10 @@
                 u.name = username
                 u.aliasname = aliasname
                 u.remember_me = 0 # 0 enforces cookie_lifetime config param
-                if verbose: request.log("LDAP: creating userprefs with name %r email %r alias %r" % (username, email, aliasname))
+                if verbose: logging.info("creating userprefs with name %r email %r alias %r" % (username, email, aliasname))
 
             except ldap.INVALID_CREDENTIALS, err:
-                request.log("LDAP: invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username))
+                logging.info("invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username))
                 return CancelLogin(_("Invalid username or password."))
 
             if u:
@@ -169,7 +172,7 @@
         except:
             import traceback
             info = sys.exc_info()
-            request.log("LDAP: caught an exception, traceback follows...")
-            request.log(''.join(traceback.format_exception(*info)))
+            logging.error("caught an exception, traceback follows...")
+            logging.error(''.join(traceback.format_exception(*info)))
             return CancelLogin(None)
 
--- a/MoinMoin/auth/log.py	Wed Feb 27 02:52:12 2008 +0100
+++ b/MoinMoin/auth/log.py	Wed Feb 27 10:05:20 2008 +0100
@@ -5,10 +5,13 @@
     This does nothing except logging the auth parameters (the password is NOT
     logged, of course).
 
-    @copyright: 2006 MoinMoin:ThomasWaldmann
+    @copyright: 2006-2008 MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
 
+from MoinMoin import log
+logging = log.getLogger(__name__)
+
 from MoinMoin.auth import BaseAuth, ContinueLogin
 
 class AuthLog(BaseAuth):
@@ -16,7 +19,7 @@
     name = "log"
 
     def log(self, request, action, user_obj, kw):
-        request.log('auth.log: %s: user_obj=%r kw=%r' % (action, user_obj, kw))
+        logging.info('%s: user_obj=%r kw=%r' % (action, user_obj, kw))
 
     def login(self, request, user_obj, **kw):
         self.log(request, 'login', user_obj, kw)
--- a/MoinMoin/auth/mysql_group.py	Wed Feb 27 02:52:12 2008 +0100
+++ b/MoinMoin/auth/mysql_group.py	Wed Feb 27 10:05:20 2008 +0100
@@ -2,12 +2,17 @@
 """
     MoinMoin - auth plugin doing a check against MySQL group db
 
-    @copyright: 2006 Nick Phillips
-                2007 MoinMoin:JohannesBerg
+    @copyright: 2006 Nick Phillips,
+                2007 MoinMoin:JohannesBerg,
+                2008 MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
 
 import MySQLdb
+
+from MoinMoin import log
+logging = log.getLogger(__name__)
+
 from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin
 
 class MysqlGroupAuth(BaseAuth):
@@ -31,17 +36,16 @@
 
         verbose = self.verbose
 
-        if verbose: request.log("auth.mysql_group: user_obj=%r" % user_obj)
+        if verbose: logging.info("got: user_obj=%r" % user_obj)
 
         if not (user_obj and user_obj.valid):
             # No other method succeeded, so we cannot authorize
             # but maybe some following auth methods can still "fix" that.
-            if verbose: request.log("auth.mysql_group did not get valid user from previous auth method")
+            if verbose: logging.info("did not get valid user from previous auth method")
             return ContinueLogin(user_obj)
 
         # Got a valid user object - we can do stuff!
-        if verbose:
-            request.log("auth.mysql_group got valid user (name=%s) from previous auth method" % user_obj.auth_username)
+        if verbose: logging.info("got valid user (name=%s) from previous auth method" % user_obj.auth_username)
 
         # XXX Check auth_username for dodgy chars (should be none as it is authenticated, but...)
         # shouldn't really be necessary since execute() quotes them all...
@@ -54,8 +58,8 @@
             import sys
             import traceback
             info = sys.exc_info()
-            request.log("auth.mysql_group: authorization failed due to exception connecting to DB, traceback follows...")
-            request.log(''.join(traceback.format_exception(*info)))
+            logging.error("authorization failed due to exception connecting to DB, traceback follows...")
+            logging.error(''.join(traceback.format_exception(*info)))
             return CancelLogin(_('Failed to connect to database.'))
 
         c = m.cursor()
@@ -63,10 +67,10 @@
         results = c.fetchall()
         if results:
             # Checked out OK
-            if verbose: request.log("auth.mysql_group got %d results -- authorized!" % len(results))
+            if verbose: logging.info("got %d results -- authorized!" % len(results))
             return ContinueLogin(user_obj)
         else:
-            if verbose: request.log("auth.mysql_group did not get match from DB -- not authorized")
+            if verbose: logging.info("did not get match from DB -- not authorized")
             return CancelLogin(_("Invalid username or password."))
 
     # XXX do we really want this? could it be enough to check when they log in?
@@ -74,3 +78,4 @@
     def request(self, request, user_obj, **kw):
         retval = self.login(request, user_obj, **kw)
         return retval.user_obj, retval.continue_flag
+
--- a/MoinMoin/auth/smb_mount.py	Wed Feb 27 02:52:12 2008 +0100
+++ b/MoinMoin/auth/smb_mount.py	Wed Feb 27 10:05:20 2008 +0100
@@ -6,11 +6,14 @@
     authentication at the SMB server). This can be used if you need access
     to files on some share via the wiki, but needs more code to be useful.
 
-    @copyright: 2006 MoinMoin:ThomasWaldmann
+    @copyright: 2006-2008 MoinMoin:ThomasWaldmann
                 2007 MoinMoin:JohannesBerg
     @license: GNU GPL, see COPYING for details.
 """
 
+from MoinMoin import log
+logging = log.getLogger(__name__)
+
 from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin
 
 class SMBMount(BaseAuth):
@@ -33,7 +36,7 @@
 
     def do_smb(self, request, username, password, login):
         verbose = self.verbose
-        if verbose: request.log("SMBMount login=%s logout=%s: got name=%s" % (login, not login, username))
+        if verbose: logging.info("login=%s logout=%s: got name=%s" % (login, not login, username))
 
         import os, pwd, subprocess
         web_username = self.smb_dir_user