mirror of
https://github.com/laurivosandi/certidude
synced 2025-10-31 09:29:13 +00:00
Use unicode literals for logging
This commit is contained in:
@@ -31,7 +31,7 @@ class CertificateStatusResource(object):
|
||||
|
||||
class CertificateAuthorityResource(object):
|
||||
def on_get(self, req, resp):
|
||||
logger.info("Served CA certificate to %s", req.context.get("remote_addr"))
|
||||
logger.info(u"Served CA certificate to %s", req.context.get("remote_addr"))
|
||||
resp.stream = open(config.AUTHORITY_CERTIFICATE_PATH, "rb")
|
||||
resp.append_header("Content-Type", "application/x-x509-ca-cert")
|
||||
resp.append_header("Content-Disposition", "attachment; filename=%s.crt" %
|
||||
@@ -104,7 +104,7 @@ class BundleResource(object):
|
||||
@login_required
|
||||
def on_get(self, req, resp):
|
||||
common_name = req.context["user"].mail
|
||||
logger.info("Signing bundle %s for %s", common_name, req.context.get("user"))
|
||||
logger.info(u"Signing bundle %s for %s", common_name, req.context.get("user"))
|
||||
resp.set_header("Content-Type", "application/x-pkcs12")
|
||||
resp.set_header("Content-Disposition", "attachment; filename=%s.p12" % common_name.encode("ascii"))
|
||||
resp.body, cert = authority.generate_pkcs12_bundle(common_name,
|
||||
|
||||
@@ -32,7 +32,7 @@ class RequestListResource(object):
|
||||
csr = Request(body)
|
||||
|
||||
if not csr.common_name:
|
||||
logger.warning("Rejected signing request without common name from %s",
|
||||
logger.warning(u"Rejected signing request without common name from %s",
|
||||
req.context.get("remote_addr"))
|
||||
raise falcon.HTTPBadRequest(
|
||||
"Bad request",
|
||||
@@ -71,7 +71,7 @@ class RequestListResource(object):
|
||||
pass
|
||||
except errors.DuplicateCommonNameError:
|
||||
# TODO: Certificate renewal
|
||||
logger.warning("Rejected signing request with overlapping common name from %s",
|
||||
logger.warning(u"Rejected signing request with overlapping common name from %s",
|
||||
req.context.get("remote_addr"))
|
||||
raise falcon.HTTPConflict(
|
||||
"CSR with such CN already exists",
|
||||
@@ -86,11 +86,11 @@ class RequestListResource(object):
|
||||
click.echo("Redirecting to: %s" % url)
|
||||
resp.status = falcon.HTTP_SEE_OTHER
|
||||
resp.set_header("Location", url.encode("ascii"))
|
||||
logger.debug("Redirecting signing request from %s to %s", req.context.get("remote_addr"), url)
|
||||
logger.debug(u"Redirecting signing request from %s to %s", req.context.get("remote_addr"), url)
|
||||
else:
|
||||
# Request was accepted, but not processed
|
||||
resp.status = falcon.HTTP_202
|
||||
logger.info("Signing request from %s stored", req.context.get("remote_addr"))
|
||||
logger.info(u"Signing request from %s stored", req.context.get("remote_addr"))
|
||||
|
||||
|
||||
class RequestDetailResource(object):
|
||||
@@ -100,7 +100,7 @@ class RequestDetailResource(object):
|
||||
Fetch certificate signing request as PEM
|
||||
"""
|
||||
csr = authority.get_request(cn)
|
||||
logger.debug("Signing request %s was downloaded by %s",
|
||||
logger.debug(u"Signing request %s was downloaded by %s",
|
||||
csr.common_name, req.context.get("remote_addr"))
|
||||
return csr
|
||||
|
||||
@@ -118,7 +118,7 @@ class RequestDetailResource(object):
|
||||
resp.body = "Certificate successfully signed"
|
||||
resp.status = falcon.HTTP_201
|
||||
resp.location = os.path.join(req.relative_uri, "..", "..", "signed", cn)
|
||||
logger.info("Signing request %s signed by %s from %s", csr.common_name,
|
||||
logger.info(u"Signing request %s signed by %s from %s", csr.common_name,
|
||||
req.context.get("user"), req.context.get("remote_addr"))
|
||||
|
||||
|
||||
@@ -131,6 +131,6 @@ class RequestDetailResource(object):
|
||||
# Logging implemented in the function above
|
||||
except EnvironmentError as e:
|
||||
resp.body = "No certificate CN=%s found" % cn
|
||||
logger.warning("User %s failed to delete signing request %s from %s, reason: %s",
|
||||
logger.warning(u"User %s failed to delete signing request %s from %s, reason: %s",
|
||||
req.context["user"], cn, req.context.get("remote_addr"), e)
|
||||
raise falcon.HTTPNotFound()
|
||||
|
||||
@@ -6,7 +6,7 @@ logger = logging.getLogger("api")
|
||||
|
||||
class RevocationListResource(object):
|
||||
def on_get(self, req, resp):
|
||||
logger.debug("Revocation list requested by %s", req.context.get("remote_addr"))
|
||||
logger.debug(u"Revocation list requested by %s", req.context.get("remote_addr"))
|
||||
resp.set_header("Content-Type", "application/x-pkcs7-crl")
|
||||
resp.append_header("Content-Disposition", "attachment; filename=ca.crl")
|
||||
resp.body = export_crl()
|
||||
|
||||
@@ -26,7 +26,7 @@ class TagResource(RelationalMixin):
|
||||
args = req.get_param("cn"), req.get_param("key"), req.get_param("value")
|
||||
rowid = self.sql_execute("tag_insert.sql", *args)
|
||||
push.publish("tag-added", str(rowid))
|
||||
logger.debug("Tag cn=%s, key=%s, value=%s added" % args)
|
||||
logger.debug(u"Tag cn=%s, key=%s, value=%s added" % args)
|
||||
|
||||
|
||||
class TagDetailResource(RelationalMixin):
|
||||
@@ -60,7 +60,7 @@ class TagDetailResource(RelationalMixin):
|
||||
from certidude import push
|
||||
args = req.get_param("value"), identifier
|
||||
self.sql_execute("tag_update.sql", *args)
|
||||
logger.debug("Tag %s updated, value set to %s",
|
||||
logger.debug(u"Tag %s updated, value set to %s",
|
||||
identifier, req.get_param("value"))
|
||||
push.publish("tag-updated", identifier)
|
||||
|
||||
@@ -73,4 +73,4 @@ class TagDetailResource(RelationalMixin):
|
||||
from certidude import push
|
||||
self.sql_execute("tag_delete.sql", identifier)
|
||||
push.publish("tag-removed", identifier)
|
||||
logger.debug("Tag %s removed" % identifier)
|
||||
logger.debug(u"Tag %s removed" % identifier)
|
||||
|
||||
@@ -131,7 +131,7 @@ def authenticate(optional=False):
|
||||
conn.simple_bind_s(user if "@" in user else "%s@%s" % (user, constants.DOMAIN), passwd)
|
||||
except ldap.LDAPError, e:
|
||||
resp.append_header("WWW-Authenticate", "Basic")
|
||||
logger.critical("LDAP bind authentication failed for user %s from %s",
|
||||
logger.critical(u"LDAP bind authentication failed for user %s from %s",
|
||||
repr(user), req.context.get("remote_addr"))
|
||||
raise falcon.HTTPUnauthorized("Forbidden",
|
||||
"Please authenticate with %s domain account or supply UPN" % constants.DOMAIN)
|
||||
@@ -166,7 +166,7 @@ def authenticate(optional=False):
|
||||
|
||||
import simplepam
|
||||
if not simplepam.authenticate(user, passwd, "sshd"):
|
||||
logger.critical("Basic authentication failed for user %s from %s",
|
||||
logger.critical(u"Basic authentication failed for user %s from %s",
|
||||
repr(user), req.context.get("remote_addr"))
|
||||
raise falcon.HTTPUnauthorized("Forbidden", "Invalid password")
|
||||
|
||||
@@ -194,7 +194,7 @@ def authorize_admin(func):
|
||||
def whitelist_authorize_admin(resource, req, resp, *args, **kwargs):
|
||||
# Check for username whitelist
|
||||
if not req.context.get("user") or req.context.get("user") not in config.ADMIN_WHITELIST:
|
||||
logger.info("Rejected access to administrative call %s by %s from %s, user not whitelisted",
|
||||
logger.info(u"Rejected access to administrative call %s by %s from %s, user not whitelisted",
|
||||
req.env["PATH_INFO"], req.context.get("user"), req.context.get("remote_addr"))
|
||||
raise falcon.HTTPForbidden("Forbidden", "User %s not whitelisted" % req.context.get("user"))
|
||||
return func(resource, req, resp, *args, **kwargs)
|
||||
@@ -203,7 +203,7 @@ def authorize_admin(func):
|
||||
if req.context.get("user").is_admin():
|
||||
req.context["admin_authorized"] = True
|
||||
return func(resource, req, resp, *args, **kwargs)
|
||||
logger.info("User '%s' not authorized to access administrative API", req.context.get("user").name)
|
||||
logger.info(u"User '%s' not authorized to access administrative API", req.context.get("user").name)
|
||||
raise falcon.HTTPForbidden("Forbidden", "User not authorized to perform administrative operations")
|
||||
|
||||
if config.AUTHORIZATION_BACKEND == "whitelist":
|
||||
|
||||
@@ -29,7 +29,7 @@ def csrf_protection(func):
|
||||
return func(self, req, resp, *args, **kwargs)
|
||||
|
||||
# Kaboom!
|
||||
logger.warning("Prevented clickbait from '%s' with user agent '%s'",
|
||||
logger.warning(u"Prevented clickbait from '%s' with user agent '%s'",
|
||||
referrer or "-", req.user_agent)
|
||||
raise falcon.HTTPUnauthorized("Forbidden",
|
||||
"No suitable UA or referrer provided, cross-site scripting disabled")
|
||||
@@ -105,12 +105,12 @@ def serialize(func):
|
||||
("attachment; filename=%s" % r.suggested_filename).encode("ascii"))
|
||||
resp.body = r.dump()
|
||||
elif hasattr(r, "content_type"):
|
||||
logger.debug("Client did not accept application/json or %s, "
|
||||
logger.debug(u"Client did not accept application/json or %s, "
|
||||
"client expected %s", r.content_type, req.accept)
|
||||
raise falcon.HTTPUnsupportedMediaType(
|
||||
"Client did not accept application/json or %s" % r.content_type)
|
||||
else:
|
||||
logger.debug("Client did not accept application/json, client expected %s", req.accept)
|
||||
logger.debug(u"Client did not accept application/json, client expected %s", req.accept)
|
||||
raise falcon.HTTPUnsupportedMediaType(
|
||||
"Client did not accept application/json")
|
||||
return r
|
||||
|
||||
@@ -15,7 +15,7 @@ def whitelist_subnets(subnets):
|
||||
if req.context.get("remote_addr") in subnet:
|
||||
break
|
||||
else:
|
||||
logger.info("Rejected access to administrative call %s by %s from %s, source address not whitelisted",
|
||||
logger.info(u"Rejected access to administrative call %s by %s from %s, source address not whitelisted",
|
||||
req.env["PATH_INFO"],
|
||||
req.context.get("user", "unauthenticated user"),
|
||||
req.context.get("remote_addr"))
|
||||
|
||||
Reference in New Issue
Block a user