changeset 6068:4dbfb3fec02a

merge upstream
author 'Karl O. Pinc' <kop@meme.com>
date Thu, 04 Sep 2014 14:48:36 -0500
parents 082b1a458d55 (diff) e1e9c0f9d7dd (current diff)
children 0e1b5fdca6bc
files
diffstat 7 files changed, 36 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/PageEditor.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/PageEditor.py	Thu Sep 04 14:48:36 2014 -0500
@@ -27,6 +27,7 @@
 from MoinMoin.mail.sendmail import encodeSpamSafeEmail
 from MoinMoin.support.python_compatibility import set
 from MoinMoin.util import filesys, timefuncs, web
+from MoinMoin.util.abuse import log_attempt
 from MoinMoin.events import PageDeletedEvent, PageRenamedEvent, PageCopiedEvent, PageRevertedEvent
 from MoinMoin.events import PagePreSaveEvent, Abort, send_event
 import MoinMoin.events.notification as notification
@@ -168,8 +169,10 @@
 
         # check edit permissions
         if not request.user.may.write(self.page_name):
+            log_attempt('edit: edit', False, request, name=self.page_name)
             msg = _('You are not allowed to edit this page.')
         elif not self.isWritable():
+            log_attempt('edit: immutable', False, request, name=self.page_name)
             msg = _('Page is immutable!')
         elif self.rev:
             # Trying to edit an old version, this is not possible via
@@ -551,6 +554,7 @@
             return False, _("You can't copy to an empty pagename.")
 
         if not self.request.user.may.write(newpagename):
+            log_attempt('edit: copy', False, request, name=self.page_name)
             return False, _('You are not allowed to copy this page!')
 
         newpage = PageEditor(request, newpagename)
@@ -603,6 +607,7 @@
 
         if not (request.user.may.delete(self.page_name)
                 and request.user.may.write(newpagename)):
+            log_attempt('edit: rename', False, request, name=self.page_name)
             msg = _('You are not allowed to rename this page!')
             raise self.AccessDenied(msg)
 
@@ -710,6 +715,7 @@
         success = True
         if not (request.user.may.write(self.page_name)
                 and request.user.may.delete(self.page_name)):
+            log_attempt('edit: delete', False, request, name=self.page_name)
             msg = _('You are not allowed to delete this page!')
             raise self.AccessDenied(msg)
 
@@ -1074,9 +1080,11 @@
 
         msg = ""
         if not request.user.may.save(self, newtext, rev, **kw):
+            log_attempt('edit: edit', False, request, name=self.page_name)
             msg = _('You are not allowed to edit this page!')
             raise self.AccessDenied(msg)
         elif not self.isWritable():
+            log_attempt('edit: immutable', False, request, name=self.page_name)
             msg = _('Page is immutable!')
             raise self.Immutable(msg)
         elif not newtext:
@@ -1120,6 +1128,7 @@
             if (not request.user.may.admin(self.page_name) and
                 parseACL(request, newtext).acl != acl.acl and
                 action != "SAVE/REVERT"):
+                log_attempt('edit: acl', False, request, name=self.page_name)
                 msg = _("You can't change ACLs on this page since you have no admin rights on it!")
                 raise self.NoAdmin(msg)
 
--- a/MoinMoin/action/edit.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/action/edit.py	Thu Sep 04 14:48:36 2014 -0500
@@ -11,6 +11,7 @@
 from MoinMoin import wikiutil
 from MoinMoin.Page import Page
 from MoinMoin.web.utils import check_surge_protect
+from MoinMoin.util.abuse import log_attempt
 
 def execute(pagename, request):
     """ edit a page """
@@ -22,6 +23,7 @@
         return
 
     if not request.user.may.write(pagename):
+        log_attempt('edit: edit', False, request, page=pagename)
         page = wikiutil.getLocalizedPage(request, 'PermissionDeniedPage')
         page.body = _('You are not allowed to edit this page.')
         page.page_name = pagename
--- a/MoinMoin/action/newpage.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/action/newpage.py	Thu Sep 04 14:48:36 2014 -0500
@@ -12,6 +12,7 @@
 
 import time
 from MoinMoin.Page import Page
+from MoinMoin.util.abuse import log_attempt
 
 class NewPage:
     """ Open editor for a new page, using template """
@@ -65,6 +66,7 @@
         page = Page(self.request, self.pagename)
         if not (page.isWritable() and self.request.user.may.read(self.pagename)):
             # Same error as the edit page for localization reasons
+            log_attempt('newpage', False, self.request, page=self.pagename)
             return _('You are not allowed to edit this page.')
         return ''
 
--- a/MoinMoin/action/revert.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/action/revert.py	Thu Sep 04 14:48:36 2014 -0500
@@ -12,6 +12,7 @@
 from MoinMoin.Page import Page
 from MoinMoin.PageEditor import PageEditor
 from MoinMoin.action import ActionBase
+from MoinMoin.util.abuse import log_attempt
 
 class revert(ActionBase):
     """ revert page action
@@ -32,6 +33,8 @@
         _ = self._
         may = self.request.user.may
         allowed = may.write(self.pagename) and may.revert(self.pagename)
+        if not allowed:
+            log_attempt('revert', False, self.request, page=self.pagename)
         return allowed, _('You are not allowed to revert this page!')
 
     def check_condition(self):
--- a/MoinMoin/events/__init__.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/events/__init__.py	Thu Sep 04 14:48:36 2014 -0500
@@ -14,6 +14,7 @@
 
 from MoinMoin import wikiutil
 from MoinMoin.util import pysupport
+from MoinMoin.util.abuse import log_attempt
 from MoinMoin.wikiutil import PluginAttributeError
 
 # Create a list of extension actions from the package directory
@@ -186,6 +187,7 @@
     req_superuser = True
 
     def __init__(self, request, user):
+        log_attempt('event: newaccount', True, request, user.name)
         Event.__init__(self, request)
         self.user = user
 
--- a/MoinMoin/util/abuse.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/util/abuse.py	Thu Sep 04 14:48:36 2014 -0500
@@ -14,7 +14,7 @@
 logging = log.getLogger(__name__)
 
 
-def log_attempt(system, success, request=None, username=None):
+def log_attempt(system, success, request=None, username=None, page=None):
     """
     log attempts to use <system>, log success / failure / username / ip
 
@@ -23,14 +23,15 @@
     @param success: whether the attempt was successful
     @param request: request object (optional, to determine remote's ip address)
     @param username: user's name (optional, if None: determined from request)
+    @param page: name of the page (optional)
     """
     if username is None:
-        if request and request.user.valid:
+        if request and hasattr(request, 'user') and request.user.valid:
             username = request.user.name
         else:
             username = u'anonymous'
     level = (logging.WARNING, logging.INFO)[success]
-    msg = """%s status: %s username: "%s" ip: %s"""
+    msg = """%s status: %s username: "%s" ip: %s page: %s"""
     status = ("failure", "success")[success]
     ip = request and request.remote_addr or 'unknown'
-    logging.log(level, msg, system, status, username, ip)
+    logging.log(level, msg, system, status, username, ip, page)
--- a/MoinMoin/wsgiapp.py	Thu Sep 04 14:12:27 2014 +0200
+++ b/MoinMoin/wsgiapp.py	Thu Sep 04 14:48:36 2014 -0500
@@ -19,6 +19,7 @@
 from MoinMoin.Page import Page
 from MoinMoin import auth, config, i18n, user, wikiutil, xmlrpc, error
 from MoinMoin.action import get_names, get_available_actions
+from MoinMoin.util.abuse import log_attempt
 
 
 def set_umask(new_mask=0777^config.umask):
@@ -133,12 +134,12 @@
         response = redirect_last_visited(context)
     # 2. handle action
     else:
-        response = handle_action(context, pagename, action_name)
+        response = handle_action(request, context, pagename, action_name)
     if isinstance(response, Context):
         response = response.request
     return response
 
-def handle_action(context, pagename, action_name='show'):
+def handle_action(request, context, pagename, action_name='show'):
     """ Actual dispatcher function for non-XMLRPC actions.
 
     Also sets up the Page object for this request, normalizes and
@@ -172,7 +173,11 @@
             get_available_actions(cfg, context.page, context.user):
         msg = _("You are not allowed to do %(action_name)s on this page.") % {
                 'action_name': wikiutil.escape(action_name), }
-        if not context.user.valid:
+        if context.user.valid:
+            log_attempt(action_name, False, request,
+                        context.user.name, page=pagename)
+        else:
+            log_attempt(action_name, False, request, page=pagename)
             # Suggest non valid user to login
             msg += " " + _("Login and try again.")
 
@@ -186,7 +191,11 @@
         if handler is None:
             msg = _("You are not allowed to do %(action_name)s on this page.") % {
                     'action_name': wikiutil.escape(action_name), }
-            if not context.user.valid:
+            if context.user.valid:
+                log_attempt(action_name, False, request,
+                            context.user.name, page=pagename)
+            else:
+                log_attempt(action_name, False, request, page=pagename)
                 # Suggest non valid user to login
                 msg += " " + _("Login and try again.")
             context.theme.add_msg(msg, "error")