changeset 6065:bbbfb024a967

log abuse when abused action is not presented to user
author 'Karl O. Pinc' <kop@meme.com>
date Thu, 04 Sep 2014 13:16:01 -0500
parents b40799be6932
children 68092d872ecc
files MoinMoin/util/abuse.py MoinMoin/wsgiapp.py
diffstat 2 files changed, 6 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/util/abuse.py	Thu Sep 04 11:47:12 2014 -0500
+++ b/MoinMoin/util/abuse.py	Thu Sep 04 13:16:01 2014 -0500
@@ -25,7 +25,7 @@
     @param username: user's name (optional, if None: determined from request)
     """
     if username is None:
-        if request and request.user.valid:
+        if request and hasattr(request, 'user') and request.user.valid:
             username = request.user.name
         else:
             username = u'anonymous'
--- a/MoinMoin/wsgiapp.py	Thu Sep 04 11:47:12 2014 -0500
+++ b/MoinMoin/wsgiapp.py	Thu Sep 04 13:16:01 2014 -0500
@@ -19,6 +19,7 @@
 from MoinMoin.Page import Page
 from MoinMoin import auth, config, i18n, user, wikiutil, xmlrpc, error
 from MoinMoin.action import get_names, get_available_actions
+from MoinMoin.util.abuse import log_attempt
 
 
 def set_umask(new_mask=0777^config.umask):
@@ -133,12 +134,12 @@
         response = redirect_last_visited(context)
     # 2. handle action
     else:
-        response = handle_action(context, pagename, action_name)
+        response = handle_action(request, context, pagename, action_name)
     if isinstance(response, Context):
         response = response.request
     return response
 
-def handle_action(context, pagename, action_name='show'):
+def handle_action(request, context, pagename, action_name='show'):
     """ Actual dispatcher function for non-XMLRPC actions.
 
     Also sets up the Page object for this request, normalizes and
@@ -170,6 +171,7 @@
     # Disallow non available actions
     elif action_name[0].isupper() and not action_name in \
             get_available_actions(cfg, context.page, context.user):
+        log_attempt(action_name, False, request)
         msg = _("You are not allowed to do %(action_name)s on this page.") % {
                 'action_name': wikiutil.escape(action_name), }
         if not context.user.valid:
@@ -184,6 +186,7 @@
         from MoinMoin import action
         handler = action.getHandler(context, action_name)
         if handler is None:
+            log_attempt(action_name, False, request)
             msg = _("You are not allowed to do %(action_name)s on this page.") % {
                     'action_name': wikiutil.escape(action_name), }
             if not context.user.valid: