Mercurial > moin > 1.9
changeset 3125:40c4670c3410
refactored auth package to use own logger
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Wed, 27 Feb 2008 10:05:20 +0100 |
parents | 5d7582e47c50 |
children | fac1b1e9ea95 |
files | MoinMoin/auth/__init__.py MoinMoin/auth/interwiki.py MoinMoin/auth/ldap_login.py MoinMoin/auth/log.py MoinMoin/auth/mysql_group.py MoinMoin/auth/smb_mount.py |
diffstat | 6 files changed, 68 insertions(+), 48 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py Wed Feb 27 02:52:12 2008 +0100 +++ b/MoinMoin/auth/__init__.py Wed Feb 27 10:05:20 2008 +0100 @@ -117,12 +117,15 @@ @copyright: 2005-2006 Bastian Blank, Florian Festi, MoinMoin:AlexanderSchremmer, Nick Phillips, MoinMoin:FrankieChow, MoinMoin:NirSoffer, - 2005-2007 MoinMoin:ThomasWaldmann, + 2005-2008 MoinMoin:ThomasWaldmann, 2007 MoinMoin:JohannesBerg @license: GNU GPL, see COPYING for details. """ +from MoinMoin import log +logging = log.getLogger(__name__) + from MoinMoin import user, wikiutil @@ -220,17 +223,17 @@ verbose = self.verbose - if verbose: request.log("moin_login performing login action") + if verbose: logging.info("performing login action") if username and not password: return ContinueLogin(user_obj, _('Missing password. Please enter user name and password.')) u = user.User(request, name=username, password=password, auth_method=self.name) if u.valid: - if verbose: request.log("moin_login got valid user...") + if verbose: logging.info("got valid user %r" % u.name) return ContinueLogin(u) else: - if verbose: request.log("moin_login not valid, previous valid=%d." % user_obj.valid) + if verbose: logging.info("login not valid, previous valid=%d." % user_obj.valid) return ContinueLogin(user_obj, _("Invalid username or password.")) def login_hint(self, request): @@ -241,3 +244,4 @@ '<a href="%(sendmypasswordlink)s">Forgot your password?</a>') % { 'userprefslink': userprefslink, 'sendmypasswordlink': sendmypasswordlink} +
--- a/MoinMoin/auth/interwiki.py Wed Feb 27 02:52:12 2008 +0100 +++ b/MoinMoin/auth/interwiki.py Wed Feb 27 10:05:20 2008 +0100 @@ -3,13 +3,17 @@ MoinMoin - authentication using a remote wiki @copyright: 2005 by Florian Festi, - 2007 by MoinMoin:ThomasWaldmann + 2007-2008 by MoinMoin:ThomasWaldmann @license: GNU GPL, see COPYING for details. """ verbose = False import xmlrpclib + +from MoinMoin import log +logging = log.getLogger(__name__) + from MoinMoin import auth, wikiutil, user from MoinMoin.auth import BaseAuth, ContinueLogin, CancelLogin @@ -29,22 +33,21 @@ if not username or not password: return ContinueLogin(user_obj) - if verbose: request.log("interwiki auth: trying to auth %r" % username) + if verbose: logging.info("trying to auth %r" % username) wikiname, username = username.split(' ', 1) # XXX Hack because ':' is not allowed in name field wikitag, wikiurl, name, err = wikiutil.resolve_interwiki(request, wikiname, username) - if verbose: request.log("interwiki auth: resolve wiki returned: %r %r %r %r" % (wikitag, wikiurl, name, err)) + if verbose: logging.info("resolve wiki returned: %r %r %r %r" % (wikitag, wikiurl, name, err)) if err or wikitag not in self.trusted_wikis: return ContinueLogin(user_obj) homewiki = xmlrpclib.ServerProxy(wikiurl + "?action=xmlrpc2") auth_token = homewiki.getAuthToken(name, password) if not auth_token: - if verbose: request.log("interwiki auth: %r wiki did not return an auth token." % wikitag) + if verbose: logging.info("%r wiki did not return an auth token." % wikitag) return ContinueLogin(user_obj) - if verbose: request.log("interwiki: successfully got an auth token for %r" % name) - if verbose: request.log("interwiki: trying to get user profile data for %r" % name) + if verbose: logging.info("successfully got an auth token for %r. trying to get user profile data..." % name) mc = xmlrpclib.MultiCall(homewiki) mc.applyAuthToken(auth_token) @@ -52,14 +55,14 @@ result, account_data = mc() if result != "SUCCESS": - if verbose: request.log("interwiki auth: %r wiki did not accept auth token." % wikitag) + if verbose: logging.info("%r wiki did not accept auth token." % wikitag) return ContinueLogin(None) if not account_data: - if verbose: request.log("interwiki auth: %r wiki did not return a user profile." % wikitag) + if verbose: logging.info("%r wiki did not return a user profile." % wikitag) return ContinueLogin(None) - if verbose: request.log("interwiki auth: %r wiki returned a user profile." % wikitag) + if verbose: logging.info("%r wiki returned a user profile." % wikitag) # TODO: check remote auth_attribs u = user.User(request, name=name, auth_method=self.name, auth_attribs=('name', 'aliasname', 'password', 'email', )) @@ -68,7 +71,6 @@ setattr(u, key, value) u.valid = True u.create_or_update(True) - if verbose: request.log("interwiki: successful interwiki auth for %r" % name) + if verbose: logging.info("successful interwiki auth for %r" % name) return ContinueLogin(u) -
--- a/MoinMoin/auth/ldap_login.py Wed Feb 27 02:52:12 2008 +0100 +++ b/MoinMoin/auth/ldap_login.py Wed Feb 27 10:05:20 2008 +0100 @@ -15,13 +15,16 @@ allow more configuration (alias name, ...) by using callables as parameters - @copyright: 2006-2007 MoinMoin:ThomasWaldmann, + @copyright: 2006-2008 MoinMoin:ThomasWaldmann, 2006 Nick Phillips @license: GNU GPL, see COPYING for details. """ import sys import ldap +from MoinMoin import log +logging = log.getLogger(__name__) + from MoinMoin import user from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin @@ -54,7 +57,7 @@ u = None dn = None coding = cfg.ldap_coding - if verbose: request.log("LDAP: Setting misc. options...") + if verbose: logging.info("Setting misc. ldap options...") ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) # ldap v2 is outdated ldap.set_option(ldap.OPT_REFERRALS, cfg.ldap_referrals) ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.ldap_timeout) @@ -74,28 +77,28 @@ ldap.set_option(option, value) server = cfg.ldap_uri - if verbose: request.log("LDAP: Trying to initialize %r." % server) + if verbose: logging.info("Trying to initialize %r." % server) l = ldap.initialize(server) - if verbose: request.log("LDAP: Connected to LDAP server %r." % server) + if verbose: logging.info("Connected to LDAP server %r." % server) if starttls and server.startswith('ldap:'): - if verbose: request.log("LDAP: Trying to start TLS to %r." % server) + if verbose: logging.info("Trying to start TLS to %r." % server) try: l.start_tls_s() - if verbose: request.log("LDAP: Using TLS to %r." % server) + if verbose: logging.info("Using TLS to %r." % server) except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR), err: - if verbose: request.log("LDAP: Couldn't establish TLS to %r (err: %s)." % (server, str(err))) + if verbose: logging.info("Couldn't establish TLS to %r (err: %s)." % (server, str(err))) raise # you can use %(username)s and %(password)s here to get the stuff entered in the form: ldap_binddn = cfg.ldap_binddn % locals() ldap_bindpw = cfg.ldap_bindpw % locals() l.simple_bind_s(ldap_binddn.encode(coding), ldap_bindpw.encode(coding)) - if verbose: request.log("LDAP: Bound with binddn %r" % ldap_binddn) + if verbose: logging.info("Bound with binddn %r" % ldap_binddn) # you can use %(username)s here to get the stuff entered in the form: filterstr = cfg.ldap_filter % locals() - if verbose: request.log("LDAP: Searching %r" % filterstr) + if verbose: logging.info("Searching %r" % filterstr) attrs = [getattr(cfg, attr) for attr in [ 'ldap_email_attribute', 'ldap_aliasname_attribute', @@ -108,23 +111,23 @@ lusers = [(dn, ldap_dict) for dn, ldap_dict in lusers if dn is not None] if verbose: for dn, ldap_dict in lusers: - request.log("LDAP: dn:%r" % dn) + logging.info("dn:%r" % dn) for key, val in ldap_dict.items(): - request.log(" %r: %r" % (key, val)) + logging.info(" %r: %r" % (key, val)) result_length = len(lusers) if result_length != 1: if result_length > 1: - request.log("LDAP: Search found more than one (%d) matches for %r." % (result_length, filterstr)) + logging.info("Search found more than one (%d) matches for %r." % (result_length, filterstr)) if result_length == 0: - if verbose: request.log("LDAP: Search found no matches for %r." % (filterstr, )) + if verbose: logging.info("Search found no matches for %r." % (filterstr, )) return CancelLogin(_("Invalid username or password.")) dn, ldap_dict = lusers[0] if not cfg.ldap_bindonce: - if verbose: request.log("LDAP: DN found is %r, trying to bind with pw" % dn) + if verbose: logging.info("DN found is %r, trying to bind with pw" % dn) l.simple_bind_s(dn, password.encode(coding)) - if verbose: request.log("LDAP: Bound with dn %r (username: %r)" % (dn, username)) + if verbose: logging.info("Bound with dn %r (username: %r)" % (dn, username)) if cfg.ldap_email_callback is None: if cfg.ldap_email_attribute: @@ -156,10 +159,10 @@ u.name = username u.aliasname = aliasname u.remember_me = 0 # 0 enforces cookie_lifetime config param - if verbose: request.log("LDAP: creating userprefs with name %r email %r alias %r" % (username, email, aliasname)) + if verbose: logging.info("creating userprefs with name %r email %r alias %r" % (username, email, aliasname)) except ldap.INVALID_CREDENTIALS, err: - request.log("LDAP: invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username)) + logging.info("invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username)) return CancelLogin(_("Invalid username or password.")) if u: @@ -169,7 +172,7 @@ except: import traceback info = sys.exc_info() - request.log("LDAP: caught an exception, traceback follows...") - request.log(''.join(traceback.format_exception(*info))) + logging.error("caught an exception, traceback follows...") + logging.error(''.join(traceback.format_exception(*info))) return CancelLogin(None)
--- a/MoinMoin/auth/log.py Wed Feb 27 02:52:12 2008 +0100 +++ b/MoinMoin/auth/log.py Wed Feb 27 10:05:20 2008 +0100 @@ -5,10 +5,13 @@ This does nothing except logging the auth parameters (the password is NOT logged, of course). - @copyright: 2006 MoinMoin:ThomasWaldmann + @copyright: 2006-2008 MoinMoin:ThomasWaldmann @license: GNU GPL, see COPYING for details. """ +from MoinMoin import log +logging = log.getLogger(__name__) + from MoinMoin.auth import BaseAuth, ContinueLogin class AuthLog(BaseAuth): @@ -16,7 +19,7 @@ name = "log" def log(self, request, action, user_obj, kw): - request.log('auth.log: %s: user_obj=%r kw=%r' % (action, user_obj, kw)) + logging.info('%s: user_obj=%r kw=%r' % (action, user_obj, kw)) def login(self, request, user_obj, **kw): self.log(request, 'login', user_obj, kw)
--- a/MoinMoin/auth/mysql_group.py Wed Feb 27 02:52:12 2008 +0100 +++ b/MoinMoin/auth/mysql_group.py Wed Feb 27 10:05:20 2008 +0100 @@ -2,12 +2,17 @@ """ MoinMoin - auth plugin doing a check against MySQL group db - @copyright: 2006 Nick Phillips - 2007 MoinMoin:JohannesBerg + @copyright: 2006 Nick Phillips, + 2007 MoinMoin:JohannesBerg, + 2008 MoinMoin:ThomasWaldmann @license: GNU GPL, see COPYING for details. """ import MySQLdb + +from MoinMoin import log +logging = log.getLogger(__name__) + from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin class MysqlGroupAuth(BaseAuth): @@ -31,17 +36,16 @@ verbose = self.verbose - if verbose: request.log("auth.mysql_group: user_obj=%r" % user_obj) + if verbose: logging.info("got: user_obj=%r" % user_obj) if not (user_obj and user_obj.valid): # No other method succeeded, so we cannot authorize # but maybe some following auth methods can still "fix" that. - if verbose: request.log("auth.mysql_group did not get valid user from previous auth method") + if verbose: logging.info("did not get valid user from previous auth method") return ContinueLogin(user_obj) # Got a valid user object - we can do stuff! - if verbose: - request.log("auth.mysql_group got valid user (name=%s) from previous auth method" % user_obj.auth_username) + if verbose: logging.info("got valid user (name=%s) from previous auth method" % user_obj.auth_username) # XXX Check auth_username for dodgy chars (should be none as it is authenticated, but...) # shouldn't really be necessary since execute() quotes them all... @@ -54,8 +58,8 @@ import sys import traceback info = sys.exc_info() - request.log("auth.mysql_group: authorization failed due to exception connecting to DB, traceback follows...") - request.log(''.join(traceback.format_exception(*info))) + logging.error("authorization failed due to exception connecting to DB, traceback follows...") + logging.error(''.join(traceback.format_exception(*info))) return CancelLogin(_('Failed to connect to database.')) c = m.cursor() @@ -63,10 +67,10 @@ results = c.fetchall() if results: # Checked out OK - if verbose: request.log("auth.mysql_group got %d results -- authorized!" % len(results)) + if verbose: logging.info("got %d results -- authorized!" % len(results)) return ContinueLogin(user_obj) else: - if verbose: request.log("auth.mysql_group did not get match from DB -- not authorized") + if verbose: logging.info("did not get match from DB -- not authorized") return CancelLogin(_("Invalid username or password.")) # XXX do we really want this? could it be enough to check when they log in? @@ -74,3 +78,4 @@ def request(self, request, user_obj, **kw): retval = self.login(request, user_obj, **kw) return retval.user_obj, retval.continue_flag +
--- a/MoinMoin/auth/smb_mount.py Wed Feb 27 02:52:12 2008 +0100 +++ b/MoinMoin/auth/smb_mount.py Wed Feb 27 10:05:20 2008 +0100 @@ -6,11 +6,14 @@ authentication at the SMB server). This can be used if you need access to files on some share via the wiki, but needs more code to be useful. - @copyright: 2006 MoinMoin:ThomasWaldmann + @copyright: 2006-2008 MoinMoin:ThomasWaldmann 2007 MoinMoin:JohannesBerg @license: GNU GPL, see COPYING for details. """ +from MoinMoin import log +logging = log.getLogger(__name__) + from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin class SMBMount(BaseAuth): @@ -33,7 +36,7 @@ def do_smb(self, request, username, password, login): verbose = self.verbose - if verbose: request.log("SMBMount login=%s logout=%s: got name=%s" % (login, not login, username)) + if verbose: logging.info("login=%s logout=%s: got name=%s" % (login, not login, username)) import os, pwd, subprocess web_username = self.smb_dir_user