Improve logging

Log failed login attempts more clearly and also log access violations of authenticated users.
This commit is contained in:
Unrud 2017-05-23 03:13:28 +02:00
parent f2fb07fa84
commit cf78a23856

View File

@ -314,7 +314,7 @@ class Application:
status = "%i %s" % (
status, client.responses.get(status, "Unknown"))
self.logger.info(
"%s answer status for %s in %s sec: %s",
"%s answer status for %s in %.3f seconds: %s",
environ["REQUEST_METHOD"], environ["PATH_INFO"] + depthinfo,
(time_end - time_begin).total_seconds(), status)
start_response(status, list(headers.items()))
@ -386,6 +386,7 @@ class Application:
else:
is_authenticated = self.Auth.is_authenticated(user, password)
if not is_authenticated:
self.logger.info("Failed login attempt: %s", user)
# Random delay to avoid timing oracles and bruteforce attacks
delay = self.configuration.getfloat("auth", "delay")
if delay > 0:
@ -421,13 +422,16 @@ class Application:
environ, base_prefix, path, user)
except socket.timeout:
return response(*REQUEST_TIMEOUT)
if (status, headers, answer) == NOT_ALLOWED:
self.logger.info("Access denied for %s",
"'%s'" % user if user else "anonymous user")
else:
status, headers, answer = NOT_ALLOWED
if (status, headers, answer) == NOT_ALLOWED and not (
user and is_authenticated):
# Unknown or unauthorized user
self.logger.info("%s refused" % (user or "Anonymous user"))
self.logger.debug("Asking client for authentication")
status = client.UNAUTHORIZED
realm = self.configuration.get("server", "realm")
headers = dict(headers)