[CalendarServer-changes] [14800] CalendarServer/trunk/txweb2/dav
source_changes at macosforge.org
source_changes at macosforge.org
Tue May 19 06:31:00 PDT 2015
Revision: 14800
http://trac.calendarserver.org//changeset/14800
Author: cdaboo at apple.com
Date: 2015-05-19 06:31:00 -0700 (Tue, 19 May 2015)
Log Message:
-----------
Show x-forwarded-for info in error log when authentication fails.
Modified Paths:
--------------
CalendarServer/trunk/txweb2/dav/resource.py
CalendarServer/trunk/txweb2/dav/test/test_resource.py
Modified: CalendarServer/trunk/txweb2/dav/resource.py
===================================================================
--- CalendarServer/trunk/txweb2/dav/resource.py 2015-05-19 09:18:40 UTC (rev 14799)
+++ CalendarServer/trunk/txweb2/dav/resource.py 2015-05-19 13:31:00 UTC (rev 14800)
@@ -1088,7 +1088,12 @@
def translateUnauthenticated(f):
f.trap(UnauthorizedLogin, LoginFailed)
- log.info("Authentication failed: %s" % (f.value,))
+ ips = [request.remoteAddr.host, ]
+ fwdHeaders = request.headers.getRawHeaders("x-forwarded-for", "")
+ for hdr in fwdHeaders:
+ ips.append("fwd={}".format(hdr))
+ ips = ", ".join(ips)
+ log.info("Authentication failed: %s, client: %s" % (f.value, ips,))
d = UnauthorizedResponse.makeResponse(
request.credentialFactories, request.remoteAddr
)
Modified: CalendarServer/trunk/txweb2/dav/test/test_resource.py
===================================================================
--- CalendarServer/trunk/txweb2/dav/test/test_resource.py 2015-05-19 09:18:40 UTC (rev 14799)
+++ CalendarServer/trunk/txweb2/dav/test/test_resource.py 2015-05-19 13:31:00 UTC (rev 14800)
@@ -24,6 +24,7 @@
from twisted.internet.defer import DeferredList, waitForDeferred, deferredGenerator, succeed
from twisted.cred.portal import Portal
+from twisted.python.log import addObserver, removeObserver
from txweb2 import responsecode
from txweb2.http import HTTPError
from txweb2.auth import basic
@@ -341,6 +342,32 @@
return d
+ def test_badUsernameOrPassword_XForwarded(self):
+ class FakeLogObserver(object):
+ messages = []
+ def emit(self, eventDict):
+ if "log_legacy" in eventDict:
+ self.messages.append(eventDict["log_legacy"])
+
+ blo = FakeLogObserver()
+ addObserver(blo.emit)
+ self.addCleanup(lambda: removeObserver(blo.emit))
+
+ request = SimpleRequest(self.site, "GET", "/protected")
+ request.headers.setHeader(
+ "authorization",
+ ("basic", "gooduser:badpass".encode("base64"))
+ )
+ request.headers.setRawHeaders("x-forwarded-for", ("10.0.1.1",))
+ d = self.assertFailure(self.checkSecurity(request), HTTPError)
+ def expectWwwAuth(err):
+ self.failUnless(err.response.headers.hasHeader("WWW-Authenticate"),
+ "No WWW-Authenticate header present.")
+ self.assertTrue("fwd=10.0.1.1" in str(blo.messages[0]))
+ d.addCallback(self.assertErrorResponse, responsecode.UNAUTHORIZED, expectWwwAuth)
+ return d
+
+
def test_lacksPrivileges(self):
request = SimpleRequest(self.site, "GET", "/protected")
request.headers.setHeader(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20150519/a30b35b5/attachment-0001.html>
More information about the calendarserver-changes
mailing list