mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Use unicode literals for logging
This commit is contained in:
parent
acc0e29109
commit
799b9e19c8
@ -31,7 +31,7 @@ class CertificateStatusResource(object):
|
|||||||
|
|
||||||
class CertificateAuthorityResource(object):
|
class CertificateAuthorityResource(object):
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
logger.info("Served CA certificate to %s", req.context.get("remote_addr"))
|
logger.info(u"Served CA certificate to %s", req.context.get("remote_addr"))
|
||||||
resp.stream = open(config.AUTHORITY_CERTIFICATE_PATH, "rb")
|
resp.stream = open(config.AUTHORITY_CERTIFICATE_PATH, "rb")
|
||||||
resp.append_header("Content-Type", "application/x-x509-ca-cert")
|
resp.append_header("Content-Type", "application/x-x509-ca-cert")
|
||||||
resp.append_header("Content-Disposition", "attachment; filename=%s.crt" %
|
resp.append_header("Content-Disposition", "attachment; filename=%s.crt" %
|
||||||
@ -104,7 +104,7 @@ class BundleResource(object):
|
|||||||
@login_required
|
@login_required
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
common_name = req.context["user"].mail
|
common_name = req.context["user"].mail
|
||||||
logger.info("Signing bundle %s for %s", common_name, req.context.get("user"))
|
logger.info(u"Signing bundle %s for %s", common_name, req.context.get("user"))
|
||||||
resp.set_header("Content-Type", "application/x-pkcs12")
|
resp.set_header("Content-Type", "application/x-pkcs12")
|
||||||
resp.set_header("Content-Disposition", "attachment; filename=%s.p12" % common_name.encode("ascii"))
|
resp.set_header("Content-Disposition", "attachment; filename=%s.p12" % common_name.encode("ascii"))
|
||||||
resp.body, cert = authority.generate_pkcs12_bundle(common_name,
|
resp.body, cert = authority.generate_pkcs12_bundle(common_name,
|
||||||
|
@ -32,7 +32,7 @@ class RequestListResource(object):
|
|||||||
csr = Request(body)
|
csr = Request(body)
|
||||||
|
|
||||||
if not csr.common_name:
|
if not csr.common_name:
|
||||||
logger.warning("Rejected signing request without common name from %s",
|
logger.warning(u"Rejected signing request without common name from %s",
|
||||||
req.context.get("remote_addr"))
|
req.context.get("remote_addr"))
|
||||||
raise falcon.HTTPBadRequest(
|
raise falcon.HTTPBadRequest(
|
||||||
"Bad request",
|
"Bad request",
|
||||||
@ -71,7 +71,7 @@ class RequestListResource(object):
|
|||||||
pass
|
pass
|
||||||
except errors.DuplicateCommonNameError:
|
except errors.DuplicateCommonNameError:
|
||||||
# TODO: Certificate renewal
|
# TODO: Certificate renewal
|
||||||
logger.warning("Rejected signing request with overlapping common name from %s",
|
logger.warning(u"Rejected signing request with overlapping common name from %s",
|
||||||
req.context.get("remote_addr"))
|
req.context.get("remote_addr"))
|
||||||
raise falcon.HTTPConflict(
|
raise falcon.HTTPConflict(
|
||||||
"CSR with such CN already exists",
|
"CSR with such CN already exists",
|
||||||
@ -86,11 +86,11 @@ class RequestListResource(object):
|
|||||||
click.echo("Redirecting to: %s" % url)
|
click.echo("Redirecting to: %s" % url)
|
||||||
resp.status = falcon.HTTP_SEE_OTHER
|
resp.status = falcon.HTTP_SEE_OTHER
|
||||||
resp.set_header("Location", url.encode("ascii"))
|
resp.set_header("Location", url.encode("ascii"))
|
||||||
logger.debug("Redirecting signing request from %s to %s", req.context.get("remote_addr"), url)
|
logger.debug(u"Redirecting signing request from %s to %s", req.context.get("remote_addr"), url)
|
||||||
else:
|
else:
|
||||||
# Request was accepted, but not processed
|
# Request was accepted, but not processed
|
||||||
resp.status = falcon.HTTP_202
|
resp.status = falcon.HTTP_202
|
||||||
logger.info("Signing request from %s stored", req.context.get("remote_addr"))
|
logger.info(u"Signing request from %s stored", req.context.get("remote_addr"))
|
||||||
|
|
||||||
|
|
||||||
class RequestDetailResource(object):
|
class RequestDetailResource(object):
|
||||||
@ -100,7 +100,7 @@ class RequestDetailResource(object):
|
|||||||
Fetch certificate signing request as PEM
|
Fetch certificate signing request as PEM
|
||||||
"""
|
"""
|
||||||
csr = authority.get_request(cn)
|
csr = authority.get_request(cn)
|
||||||
logger.debug("Signing request %s was downloaded by %s",
|
logger.debug(u"Signing request %s was downloaded by %s",
|
||||||
csr.common_name, req.context.get("remote_addr"))
|
csr.common_name, req.context.get("remote_addr"))
|
||||||
return csr
|
return csr
|
||||||
|
|
||||||
@ -118,7 +118,7 @@ class RequestDetailResource(object):
|
|||||||
resp.body = "Certificate successfully signed"
|
resp.body = "Certificate successfully signed"
|
||||||
resp.status = falcon.HTTP_201
|
resp.status = falcon.HTTP_201
|
||||||
resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn)
|
resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn)
|
||||||
logger.info("Signing request %s signed by %s from %s", csr.common_name,
|
logger.info(u"Signing request %s signed by %s from %s", csr.common_name,
|
||||||
req.context.get("user"), req.context.get("remote_addr"))
|
req.context.get("user"), req.context.get("remote_addr"))
|
||||||
|
|
||||||
|
|
||||||
@ -131,6 +131,6 @@ class RequestDetailResource(object):
|
|||||||
# Logging implemented in the function above
|
# Logging implemented in the function above
|
||||||
except EnvironmentError as e:
|
except EnvironmentError as e:
|
||||||
resp.body = "No certificate CN=%s found" % cn
|
resp.body = "No certificate CN=%s found" % cn
|
||||||
logger.warning("User %s failed to delete signing request %s from %s, reason: %s",
|
logger.warning(u"User %s failed to delete signing request %s from %s, reason: %s",
|
||||||
req.context["user"], cn, req.context.get("remote_addr"), e)
|
req.context["user"], cn, req.context.get("remote_addr"), e)
|
||||||
raise falcon.HTTPNotFound()
|
raise falcon.HTTPNotFound()
|
||||||
|
@ -6,7 +6,7 @@ logger = logging.getLogger("api")
|
|||||||
|
|
||||||
class RevocationListResource(object):
|
class RevocationListResource(object):
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
logger.debug("Revocation list requested by %s", req.context.get("remote_addr"))
|
logger.debug(u"Revocation list requested by %s", req.context.get("remote_addr"))
|
||||||
resp.set_header("Content-Type", "application/x-pkcs7-crl")
|
resp.set_header("Content-Type", "application/x-pkcs7-crl")
|
||||||
resp.append_header("Content-Disposition", "attachment; filename=ca.crl")
|
resp.append_header("Content-Disposition", "attachment; filename=ca.crl")
|
||||||
resp.body = export_crl()
|
resp.body = export_crl()
|
||||||
|
@ -26,7 +26,7 @@ class TagResource(RelationalMixin):
|
|||||||
args = req.get_param("cn"), req.get_param("key"), req.get_param("value")
|
args = req.get_param("cn"), req.get_param("key"), req.get_param("value")
|
||||||
rowid = self.sql_execute("tag_insert.sql", *args)
|
rowid = self.sql_execute("tag_insert.sql", *args)
|
||||||
push.publish("tag-added", str(rowid))
|
push.publish("tag-added", str(rowid))
|
||||||
logger.debug("Tag cn=%s, key=%s, value=%s added" % args)
|
logger.debug(u"Tag cn=%s, key=%s, value=%s added" % args)
|
||||||
|
|
||||||
|
|
||||||
class TagDetailResource(RelationalMixin):
|
class TagDetailResource(RelationalMixin):
|
||||||
@ -60,7 +60,7 @@ class TagDetailResource(RelationalMixin):
|
|||||||
from certidude import push
|
from certidude import push
|
||||||
args = req.get_param("value"), identifier
|
args = req.get_param("value"), identifier
|
||||||
self.sql_execute("tag_update.sql", *args)
|
self.sql_execute("tag_update.sql", *args)
|
||||||
logger.debug("Tag %s updated, value set to %s",
|
logger.debug(u"Tag %s updated, value set to %s",
|
||||||
identifier, req.get_param("value"))
|
identifier, req.get_param("value"))
|
||||||
push.publish("tag-updated", identifier)
|
push.publish("tag-updated", identifier)
|
||||||
|
|
||||||
@ -73,4 +73,4 @@ class TagDetailResource(RelationalMixin):
|
|||||||
from certidude import push
|
from certidude import push
|
||||||
self.sql_execute("tag_delete.sql", identifier)
|
self.sql_execute("tag_delete.sql", identifier)
|
||||||
push.publish("tag-removed", identifier)
|
push.publish("tag-removed", identifier)
|
||||||
logger.debug("Tag %s removed" % identifier)
|
logger.debug(u"Tag %s removed" % identifier)
|
||||||
|
@ -131,7 +131,7 @@ def authenticate(optional=False):
|
|||||||
conn.simple_bind_s(user if "@" in user else "%s@%s" % (user, constants.DOMAIN), passwd)
|
conn.simple_bind_s(user if "@" in user else "%s@%s" % (user, constants.DOMAIN), passwd)
|
||||||
except ldap.LDAPError, e:
|
except ldap.LDAPError, e:
|
||||||
resp.append_header("WWW-Authenticate", "Basic")
|
resp.append_header("WWW-Authenticate", "Basic")
|
||||||
logger.critical("LDAP bind authentication failed for user %s from %s",
|
logger.critical(u"LDAP bind authentication failed for user %s from %s",
|
||||||
repr(user), req.context.get("remote_addr"))
|
repr(user), req.context.get("remote_addr"))
|
||||||
raise falcon.HTTPUnauthorized("Forbidden",
|
raise falcon.HTTPUnauthorized("Forbidden",
|
||||||
"Please authenticate with %s domain account or supply UPN" % constants.DOMAIN)
|
"Please authenticate with %s domain account or supply UPN" % constants.DOMAIN)
|
||||||
@ -166,7 +166,7 @@ def authenticate(optional=False):
|
|||||||
|
|
||||||
import simplepam
|
import simplepam
|
||||||
if not simplepam.authenticate(user, passwd, "sshd"):
|
if not simplepam.authenticate(user, passwd, "sshd"):
|
||||||
logger.critical("Basic authentication failed for user %s from %s",
|
logger.critical(u"Basic authentication failed for user %s from %s",
|
||||||
repr(user), req.context.get("remote_addr"))
|
repr(user), req.context.get("remote_addr"))
|
||||||
raise falcon.HTTPUnauthorized("Forbidden", "Invalid password")
|
raise falcon.HTTPUnauthorized("Forbidden", "Invalid password")
|
||||||
|
|
||||||
@ -194,7 +194,7 @@ def authorize_admin(func):
|
|||||||
def whitelist_authorize_admin(resource, req, resp, *args, **kwargs):
|
def whitelist_authorize_admin(resource, req, resp, *args, **kwargs):
|
||||||
# Check for username whitelist
|
# Check for username whitelist
|
||||||
if not req.context.get("user") or req.context.get("user") not in config.ADMIN_WHITELIST:
|
if not req.context.get("user") or req.context.get("user") not in config.ADMIN_WHITELIST:
|
||||||
logger.info("Rejected access to administrative call %s by %s from %s, user not whitelisted",
|
logger.info(u"Rejected access to administrative call %s by %s from %s, user not whitelisted",
|
||||||
req.env["PATH_INFO"], req.context.get("user"), req.context.get("remote_addr"))
|
req.env["PATH_INFO"], req.context.get("user"), req.context.get("remote_addr"))
|
||||||
raise falcon.HTTPForbidden("Forbidden", "User %s not whitelisted" % req.context.get("user"))
|
raise falcon.HTTPForbidden("Forbidden", "User %s not whitelisted" % req.context.get("user"))
|
||||||
return func(resource, req, resp, *args, **kwargs)
|
return func(resource, req, resp, *args, **kwargs)
|
||||||
@ -203,7 +203,7 @@ def authorize_admin(func):
|
|||||||
if req.context.get("user").is_admin():
|
if req.context.get("user").is_admin():
|
||||||
req.context["admin_authorized"] = True
|
req.context["admin_authorized"] = True
|
||||||
return func(resource, req, resp, *args, **kwargs)
|
return func(resource, req, resp, *args, **kwargs)
|
||||||
logger.info("User '%s' not authorized to access administrative API", req.context.get("user").name)
|
logger.info(u"User '%s' not authorized to access administrative API", req.context.get("user").name)
|
||||||
raise falcon.HTTPForbidden("Forbidden", "User not authorized to perform administrative operations")
|
raise falcon.HTTPForbidden("Forbidden", "User not authorized to perform administrative operations")
|
||||||
|
|
||||||
if config.AUTHORIZATION_BACKEND == "whitelist":
|
if config.AUTHORIZATION_BACKEND == "whitelist":
|
||||||
|
@ -29,7 +29,7 @@ def csrf_protection(func):
|
|||||||
return func(self, req, resp, *args, **kwargs)
|
return func(self, req, resp, *args, **kwargs)
|
||||||
|
|
||||||
# Kaboom!
|
# Kaboom!
|
||||||
logger.warning("Prevented clickbait from '%s' with user agent '%s'",
|
logger.warning(u"Prevented clickbait from '%s' with user agent '%s'",
|
||||||
referrer or "-", req.user_agent)
|
referrer or "-", req.user_agent)
|
||||||
raise falcon.HTTPUnauthorized("Forbidden",
|
raise falcon.HTTPUnauthorized("Forbidden",
|
||||||
"No suitable UA or referrer provided, cross-site scripting disabled")
|
"No suitable UA or referrer provided, cross-site scripting disabled")
|
||||||
@ -105,12 +105,12 @@ def serialize(func):
|
|||||||
("attachment; filename=%s" % r.suggested_filename).encode("ascii"))
|
("attachment; filename=%s" % r.suggested_filename).encode("ascii"))
|
||||||
resp.body = r.dump()
|
resp.body = r.dump()
|
||||||
elif hasattr(r, "content_type"):
|
elif hasattr(r, "content_type"):
|
||||||
logger.debug("Client did not accept application/json or %s, "
|
logger.debug(u"Client did not accept application/json or %s, "
|
||||||
"client expected %s", r.content_type, req.accept)
|
"client expected %s", r.content_type, req.accept)
|
||||||
raise falcon.HTTPUnsupportedMediaType(
|
raise falcon.HTTPUnsupportedMediaType(
|
||||||
"Client did not accept application/json or %s" % r.content_type)
|
"Client did not accept application/json or %s" % r.content_type)
|
||||||
else:
|
else:
|
||||||
logger.debug("Client did not accept application/json, client expected %s", req.accept)
|
logger.debug(u"Client did not accept application/json, client expected %s", req.accept)
|
||||||
raise falcon.HTTPUnsupportedMediaType(
|
raise falcon.HTTPUnsupportedMediaType(
|
||||||
"Client did not accept application/json")
|
"Client did not accept application/json")
|
||||||
return r
|
return r
|
||||||
|
@ -15,7 +15,7 @@ def whitelist_subnets(subnets):
|
|||||||
if req.context.get("remote_addr") in subnet:
|
if req.context.get("remote_addr") in subnet:
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
logger.info("Rejected access to administrative call %s by %s from %s, source address not whitelisted",
|
logger.info(u"Rejected access to administrative call %s by %s from %s, source address not whitelisted",
|
||||||
req.env["PATH_INFO"],
|
req.env["PATH_INFO"],
|
||||||
req.context.get("user", "unauthenticated user"),
|
req.context.get("user", "unauthenticated user"),
|
||||||
req.context.get("remote_addr"))
|
req.context.get("remote_addr"))
|
||||||
|
Loading…
Reference in New Issue
Block a user