From 799b9e19c8f39a6fab48ccb6b84a927c9af2fa78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Tue, 29 Mar 2016 08:54:55 +0300 Subject: [PATCH] Use unicode literals for logging --- certidude/api/__init__.py | 4 ++-- certidude/api/request.py | 14 +++++++------- certidude/api/revoked.py | 2 +- certidude/api/tag.py | 6 +++--- certidude/auth.py | 8 ++++---- certidude/decorators.py | 6 +++--- certidude/firewall.py | 2 +- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/certidude/api/__init__.py b/certidude/api/__init__.py index 98619be..923ca65 100644 --- a/certidude/api/__init__.py +++ b/certidude/api/__init__.py @@ -31,7 +31,7 @@ class CertificateStatusResource(object): class CertificateAuthorityResource(object): def on_get(self, req, resp): - logger.info("Served CA certificate to %s", req.context.get("remote_addr")) + logger.info(u"Served CA certificate to %s", req.context.get("remote_addr")) resp.stream = open(config.AUTHORITY_CERTIFICATE_PATH, "rb") resp.append_header("Content-Type", "application/x-x509-ca-cert") resp.append_header("Content-Disposition", "attachment; filename=%s.crt" % @@ -104,7 +104,7 @@ class BundleResource(object): @login_required def on_get(self, req, resp): common_name = req.context["user"].mail - logger.info("Signing bundle %s for %s", common_name, req.context.get("user")) + logger.info(u"Signing bundle %s for %s", common_name, req.context.get("user")) resp.set_header("Content-Type", "application/x-pkcs12") resp.set_header("Content-Disposition", "attachment; filename=%s.p12" % common_name.encode("ascii")) resp.body, cert = authority.generate_pkcs12_bundle(common_name, diff --git a/certidude/api/request.py b/certidude/api/request.py index 1188918..e0b5058 100644 --- a/certidude/api/request.py +++ b/certidude/api/request.py @@ -32,7 +32,7 @@ class RequestListResource(object): csr = Request(body) if not csr.common_name: - logger.warning("Rejected signing request without common name from %s", + logger.warning(u"Rejected signing request without common name from %s", req.context.get("remote_addr")) raise falcon.HTTPBadRequest( "Bad request", @@ -71,7 +71,7 @@ class RequestListResource(object): pass except errors.DuplicateCommonNameError: # TODO: Certificate renewal - logger.warning("Rejected signing request with overlapping common name from %s", + logger.warning(u"Rejected signing request with overlapping common name from %s", req.context.get("remote_addr")) raise falcon.HTTPConflict( "CSR with such CN already exists", @@ -86,11 +86,11 @@ class RequestListResource(object): click.echo("Redirecting to: %s" % url) resp.status = falcon.HTTP_SEE_OTHER resp.set_header("Location", url.encode("ascii")) - logger.debug("Redirecting signing request from %s to %s", req.context.get("remote_addr"), url) + logger.debug(u"Redirecting signing request from %s to %s", req.context.get("remote_addr"), url) else: # Request was accepted, but not processed resp.status = falcon.HTTP_202 - logger.info("Signing request from %s stored", req.context.get("remote_addr")) + logger.info(u"Signing request from %s stored", req.context.get("remote_addr")) class RequestDetailResource(object): @@ -100,7 +100,7 @@ class RequestDetailResource(object): Fetch certificate signing request as PEM """ csr = authority.get_request(cn) - logger.debug("Signing request %s was downloaded by %s", + logger.debug(u"Signing request %s was downloaded by %s", csr.common_name, req.context.get("remote_addr")) return csr @@ -118,7 +118,7 @@ class RequestDetailResource(object): resp.body = "Certificate successfully signed" resp.status = falcon.HTTP_201 resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn) - logger.info("Signing request %s signed by %s from %s", csr.common_name, + logger.info(u"Signing request %s signed by %s from %s", csr.common_name, req.context.get("user"), req.context.get("remote_addr")) @@ -131,6 +131,6 @@ class RequestDetailResource(object): # Logging implemented in the function above except EnvironmentError as e: resp.body = "No certificate CN=%s found" % cn - logger.warning("User %s failed to delete signing request %s from %s, reason: %s", + logger.warning(u"User %s failed to delete signing request %s from %s, reason: %s", req.context["user"], cn, req.context.get("remote_addr"), e) raise falcon.HTTPNotFound() diff --git a/certidude/api/revoked.py b/certidude/api/revoked.py index 175f12d..1308f65 100644 --- a/certidude/api/revoked.py +++ b/certidude/api/revoked.py @@ -6,7 +6,7 @@ logger = logging.getLogger("api") class RevocationListResource(object): def on_get(self, req, resp): - logger.debug("Revocation list requested by %s", req.context.get("remote_addr")) + logger.debug(u"Revocation list requested by %s", req.context.get("remote_addr")) resp.set_header("Content-Type", "application/x-pkcs7-crl") resp.append_header("Content-Disposition", "attachment; filename=ca.crl") resp.body = export_crl() diff --git a/certidude/api/tag.py b/certidude/api/tag.py index 48b6ee7..cf0e807 100644 --- a/certidude/api/tag.py +++ b/certidude/api/tag.py @@ -26,7 +26,7 @@ class TagResource(RelationalMixin): args = req.get_param("cn"), req.get_param("key"), req.get_param("value") rowid = self.sql_execute("tag_insert.sql", *args) push.publish("tag-added", str(rowid)) - logger.debug("Tag cn=%s, key=%s, value=%s added" % args) + logger.debug(u"Tag cn=%s, key=%s, value=%s added" % args) class TagDetailResource(RelationalMixin): @@ -60,7 +60,7 @@ class TagDetailResource(RelationalMixin): from certidude import push args = req.get_param("value"), identifier self.sql_execute("tag_update.sql", *args) - logger.debug("Tag %s updated, value set to %s", + logger.debug(u"Tag %s updated, value set to %s", identifier, req.get_param("value")) push.publish("tag-updated", identifier) @@ -73,4 +73,4 @@ class TagDetailResource(RelationalMixin): from certidude import push self.sql_execute("tag_delete.sql", identifier) push.publish("tag-removed", identifier) - logger.debug("Tag %s removed" % identifier) + logger.debug(u"Tag %s removed" % identifier) diff --git a/certidude/auth.py b/certidude/auth.py index 20bd96b..4f6406f 100644 --- a/certidude/auth.py +++ b/certidude/auth.py @@ -131,7 +131,7 @@ def authenticate(optional=False): conn.simple_bind_s(user if "@" in user else "%s@%s" % (user, constants.DOMAIN), passwd) except ldap.LDAPError, e: resp.append_header("WWW-Authenticate", "Basic") - logger.critical("LDAP bind authentication failed for user %s from %s", + logger.critical(u"LDAP bind authentication failed for user %s from %s", repr(user), req.context.get("remote_addr")) raise falcon.HTTPUnauthorized("Forbidden", "Please authenticate with %s domain account or supply UPN" % constants.DOMAIN) @@ -166,7 +166,7 @@ def authenticate(optional=False): import simplepam if not simplepam.authenticate(user, passwd, "sshd"): - logger.critical("Basic authentication failed for user %s from %s", + logger.critical(u"Basic authentication failed for user %s from %s", repr(user), req.context.get("remote_addr")) raise falcon.HTTPUnauthorized("Forbidden", "Invalid password") @@ -194,7 +194,7 @@ def authorize_admin(func): def whitelist_authorize_admin(resource, req, resp, *args, **kwargs): # Check for username whitelist if not req.context.get("user") or req.context.get("user") not in config.ADMIN_WHITELIST: - logger.info("Rejected access to administrative call %s by %s from %s, user not whitelisted", + logger.info(u"Rejected access to administrative call %s by %s from %s, user not whitelisted", req.env["PATH_INFO"], req.context.get("user"), req.context.get("remote_addr")) raise falcon.HTTPForbidden("Forbidden", "User %s not whitelisted" % req.context.get("user")) return func(resource, req, resp, *args, **kwargs) @@ -203,7 +203,7 @@ def authorize_admin(func): if req.context.get("user").is_admin(): req.context["admin_authorized"] = True return func(resource, req, resp, *args, **kwargs) - logger.info("User '%s' not authorized to access administrative API", req.context.get("user").name) + logger.info(u"User '%s' not authorized to access administrative API", req.context.get("user").name) raise falcon.HTTPForbidden("Forbidden", "User not authorized to perform administrative operations") if config.AUTHORIZATION_BACKEND == "whitelist": diff --git a/certidude/decorators.py b/certidude/decorators.py index 83ea9f6..cf7b057 100644 --- a/certidude/decorators.py +++ b/certidude/decorators.py @@ -29,7 +29,7 @@ def csrf_protection(func): return func(self, req, resp, *args, **kwargs) # Kaboom! - logger.warning("Prevented clickbait from '%s' with user agent '%s'", + logger.warning(u"Prevented clickbait from '%s' with user agent '%s'", referrer or "-", req.user_agent) raise falcon.HTTPUnauthorized("Forbidden", "No suitable UA or referrer provided, cross-site scripting disabled") @@ -105,12 +105,12 @@ def serialize(func): ("attachment; filename=%s" % r.suggested_filename).encode("ascii")) resp.body = r.dump() elif hasattr(r, "content_type"): - logger.debug("Client did not accept application/json or %s, " + logger.debug(u"Client did not accept application/json or %s, " "client expected %s", r.content_type, req.accept) raise falcon.HTTPUnsupportedMediaType( "Client did not accept application/json or %s" % r.content_type) else: - logger.debug("Client did not accept application/json, client expected %s", req.accept) + logger.debug(u"Client did not accept application/json, client expected %s", req.accept) raise falcon.HTTPUnsupportedMediaType( "Client did not accept application/json") return r diff --git a/certidude/firewall.py b/certidude/firewall.py index 8354482..7b4410a 100644 --- a/certidude/firewall.py +++ b/certidude/firewall.py @@ -15,7 +15,7 @@ def whitelist_subnets(subnets): if req.context.get("remote_addr") in subnet: break else: - logger.info("Rejected access to administrative call %s by %s from %s, source address not whitelisted", + logger.info(u"Rejected access to administrative call %s by %s from %s, source address not whitelisted", req.env["PATH_INFO"], req.context.get("user", "unauthenticated user"), req.context.get("remote_addr"))