changeset 6066:68092d872ecc

add page name to abuse log
author 'Karl O. Pinc' <kop@meme.com>
date Thu, 04 Sep 2014 14:09:28 -0500
parents bbbfb024a967
children 082b1a458d55
files MoinMoin/PageEditor.py MoinMoin/action/edit.py MoinMoin/action/newpage.py MoinMoin/action/revert.py MoinMoin/util/abuse.py MoinMoin/wsgiapp.py
diffstat 6 files changed, 17 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/PageEditor.py	Thu Sep 04 13:16:01 2014 -0500
+++ b/MoinMoin/PageEditor.py	Thu Sep 04 14:09:28 2014 -0500
@@ -169,10 +169,10 @@
 
         # check edit permissions
         if not request.user.may.write(self.page_name):
-            log_attempt('edit: edit', False, request)
+            log_attempt('edit: edit', False, request, name=self.page_name)
             msg = _('You are not allowed to edit this page.')
         elif not self.isWritable():
-            log_attempt('edit: immutable', False, request)
+            log_attempt('edit: immutable', False, request, name=self.page_name)
             msg = _('Page is immutable!')
         elif self.rev:
             # Trying to edit an old version, this is not possible via
@@ -554,7 +554,7 @@
             return False, _("You can't copy to an empty pagename.")
 
         if not self.request.user.may.write(newpagename):
-            log_attempt('edit: copy', False, request)
+            log_attempt('edit: copy', False, request, name=self.page_name)
             return False, _('You are not allowed to copy this page!')
 
         newpage = PageEditor(request, newpagename)
@@ -607,7 +607,7 @@
 
         if not (request.user.may.delete(self.page_name)
                 and request.user.may.write(newpagename)):
-            log_attempt('edit: rename', False, request)
+            log_attempt('edit: rename', False, request, name=self.page_name)
             msg = _('You are not allowed to rename this page!')
             raise self.AccessDenied(msg)
 
@@ -715,7 +715,7 @@
         success = True
         if not (request.user.may.write(self.page_name)
                 and request.user.may.delete(self.page_name)):
-            log_attempt('edit: delete', False, request)
+            log_attempt('edit: delete', False, request, name=self.page_name)
             msg = _('You are not allowed to delete this page!')
             raise self.AccessDenied(msg)
 
@@ -1080,11 +1080,11 @@
 
         msg = ""
         if not request.user.may.save(self, newtext, rev, **kw):
-            log_attempt('edit: edit', False, request)
+            log_attempt('edit: edit', False, request, name=self.page_name)
             msg = _('You are not allowed to edit this page!')
             raise self.AccessDenied(msg)
         elif not self.isWritable():
-            log_attempt('edit: immutable', False, request)
+            log_attempt('edit: immutable', False, request, name=self.page_name)
             msg = _('Page is immutable!')
             raise self.Immutable(msg)
         elif not newtext:
@@ -1128,7 +1128,7 @@
             if (not request.user.may.admin(self.page_name) and
                 parseACL(request, newtext).acl != acl.acl and
                 action != "SAVE/REVERT"):
-                log_attempt('edit: acl', False, request)
+                log_attempt('edit: acl', False, request, name=self.page_name)
                 msg = _("You can't change ACLs on this page since you have no admin rights on it!")
                 raise self.NoAdmin(msg)
 
--- a/MoinMoin/action/edit.py	Thu Sep 04 13:16:01 2014 -0500
+++ b/MoinMoin/action/edit.py	Thu Sep 04 14:09:28 2014 -0500
@@ -23,7 +23,7 @@
         return
 
     if not request.user.may.write(pagename):
-        log_attempt('edit: edit', False, request)
+        log_attempt('edit: edit', False, request, page=pagename)
         page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage')
         page.body = _('You are not allowed to edit this page.')
         page.page_name = pagename
--- a/MoinMoin/action/newpage.py	Thu Sep 04 13:16:01 2014 -0500
+++ b/MoinMoin/action/newpage.py	Thu Sep 04 14:09:28 2014 -0500
@@ -66,7 +66,7 @@
         page = Page(self.request, self.pagename)
         if not (page.isWritable() and self.request.user.may.read(self.pagename)):
             # Same error as the edit page for localization reasons
-            log_attempt('newpage', False, self.request)
+            log_attempt('newpage', False, self.request, page=self.pagename)
             return _('You are not allowed to edit this page.')
         return ''
 
--- a/MoinMoin/action/revert.py	Thu Sep 04 13:16:01 2014 -0500
+++ b/MoinMoin/action/revert.py	Thu Sep 04 14:09:28 2014 -0500
@@ -34,7 +34,7 @@
         may = self.request.user.may
         allowed = may.write(self.pagename) and may.revert(self.pagename)
         if not allowed:
-            log_attempt('revert', False, self.request)
+            log_attempt('revert', False, self.request, page=self.pagename)
         return allowed, _('You are not allowed to revert this page!')
 
     def check_condition(self):
--- a/MoinMoin/util/abuse.py	Thu Sep 04 13:16:01 2014 -0500
+++ b/MoinMoin/util/abuse.py	Thu Sep 04 14:09:28 2014 -0500
@@ -14,7 +14,7 @@
 logging = log.getLogger(__name__)
 
 
-def log_attempt(system, success, request=None, username=None):
+def log_attempt(system, success, request=None, username=None, page=None):
     """
     log attempts to use <system>, log success / failure / username / ip
 
@@ -23,6 +23,7 @@
     @param success: whether the attempt was successful
     @param request: request object (optional, to determine remote's ip address)
     @param username: user's name (optional, if None: determined from request)
+    @param page: name of the page (optional)
     """
     if username is None:
         if request and hasattr(request, 'user') and request.user.valid:
@@ -30,7 +31,7 @@
         else:
             username = u'anonymous'
     level = (logging.WARNING, logging.INFO)[success]
-    msg = """%s status: %s username: "%s" ip: %s"""
+    msg = """%s status: %s username: "%s" ip: %s page: %s"""
     status = ("failure", "success")[success]
     ip = request and request.remote_addr or 'unknown'
-    logging.log(level, msg, system, status, username, ip)
+    logging.log(level, msg, system, status, username, ip, page)
--- a/MoinMoin/wsgiapp.py	Thu Sep 04 13:16:01 2014 -0500
+++ b/MoinMoin/wsgiapp.py	Thu Sep 04 14:09:28 2014 -0500
@@ -171,7 +171,7 @@
     # Disallow non available actions
     elif action_name[0].isupper() and not action_name in \
             get_available_actions(cfg, context.page, context.user):
-        log_attempt(action_name, False, request)
+        log_attempt(action_name, False, request, page=pagename)
         msg = _("You are not allowed to do %(action_name)s on this page.") % {
                 'action_name': wikiutil.escape(action_name), }
         if not context.user.valid:
@@ -186,7 +186,7 @@
         from MoinMoin import action
         handler = action.getHandler(context, action_name)
         if handler is None:
-            log_attempt(action_name, False, request)
+            log_attempt(action_name, False, request, page=pagename)
             msg = _("You are not allowed to do %(action_name)s on this page.") % {
                     'action_name': wikiutil.escape(action_name), }
             if not context.user.valid: