Mercurial > moin > 1.9
changeset 6047:a9bfc8e99775
abuse logging: add logging for setuid, improve CHANGES entry
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Fri, 06 Jun 2014 14:23:58 +0200 |
parents | f7175dbb081e |
children | ee7209311a0e |
files | MoinMoin/auth/__init__.py docs/CHANGES |
diffstat | 2 files changed, 10 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py Fri Jun 06 14:08:21 2014 +0200 +++ b/MoinMoin/auth/__init__.py Fri Jun 06 14:23:58 2014 +0200 @@ -468,6 +468,8 @@ uid = request.session['setuid'] userobj = user.User(request, uid, auth_method='setuid') userobj.valid = True + log_attempt("auth: login (setuid from %r)" % old_user.name, + True, request, userobj.name) logging.debug("setup_suid returns %r, %r" % (userobj, old_user)) return (userobj, old_user)
--- a/docs/CHANGES Fri Jun 06 14:08:21 2014 +0200 +++ b/docs/CHANGES Fri Jun 06 14:23:58 2014 +0200 @@ -43,9 +43,14 @@ TIME is in seconds, the slowness indicator is "." for sub-second requests or N times "!" for requests taking N seconds (so you easily can grep for slow stuff). - * add "abuse" logging. currently this is only used by authentication system - (and there only for "moin" and "given" auth). abuse logging is configured - via the logging configuration, see example: wiki/config/logging/abuse + * add "abuse" logging. this will log every attempt to login (successful ones + as well as unsuccessful ones). abuse logging is configured via the logging + configuration, see example in wiki/config/logging/abuse. + Currently, abuse logging is implemented for: + * authentication system + * "moin" auth + * "given" auth + * setuid (when superuser switches to another user) * backlinks performance tuning: the pagename in the theme has historically been used to trigger a "linkto:ThisPage" search. While this is a nice feature for human users of the wiki (esp. on category pages), it has one