From cf78a23856d4c7ca993a848a310c6569cf4ead1c Mon Sep 17 00:00:00 2001 From: Unrud Date: Tue, 23 May 2017 03:13:28 +0200 Subject: [PATCH] Improve logging Log failed login attempts more clearly and also log access violations of authenticated users. --- radicale/__init__.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/radicale/__init__.py b/radicale/__init__.py index c40e81b..b6da193 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -314,7 +314,7 @@ class Application: status = "%i %s" % ( status, client.responses.get(status, "Unknown")) self.logger.info( - "%s answer status for %s in %s sec: %s", + "%s answer status for %s in %.3f seconds: %s", environ["REQUEST_METHOD"], environ["PATH_INFO"] + depthinfo, (time_end - time_begin).total_seconds(), status) start_response(status, list(headers.items())) @@ -386,6 +386,7 @@ class Application: else: is_authenticated = self.Auth.is_authenticated(user, password) if not is_authenticated: + self.logger.info("Failed login attempt: %s", user) # Random delay to avoid timing oracles and bruteforce attacks delay = self.configuration.getfloat("auth", "delay") if delay > 0: @@ -421,13 +422,16 @@ class Application: environ, base_prefix, path, user) except socket.timeout: return response(*REQUEST_TIMEOUT) + if (status, headers, answer) == NOT_ALLOWED: + self.logger.info("Access denied for %s", + "'%s'" % user if user else "anonymous user") else: status, headers, answer = NOT_ALLOWED if (status, headers, answer) == NOT_ALLOWED and not ( user and is_authenticated): # Unknown or unauthorized user - self.logger.info("%s refused" % (user or "Anonymous user")) + self.logger.debug("Asking client for authentication") status = client.UNAUTHORIZED realm = self.configuration.get("server", "realm") headers = dict(headers)