Added log calls in authentication machinery per patches sent by Jeff Rush.

4d82bbe0 · 0c999435 · 4d82bbe0
Commit 4d82bbe0 authored Jun 02, 2000 by
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 4 deletions

lib/python/AccessControl/User.py lib/python/AccessControl/User.py +25 -4

No files found.
--- a/lib/python/AccessControl/User.py
+++ b/lib/python/AccessControl/User.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control package"""

-__version__='$Revision: 1.107 $'[11:-2]
+__version__='$Revision: 1.108 $'[11:-2]

 import Globals, socket, regex, SpecialUsers
 from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping
@@ -98,6 +98,7 @@ from Role import RoleManager
 from string import split, join, upper
 from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
 from AuthEncoding import pw_validate
+from zLOG import LOG, INFO, WARNING

 ListType=type([])
 NotImplemented='NotImplemented'
@@ -177,10 +178,17 @@ class BasicUser(Implicit):
        passwrd=self._getPassword()

        result = pw_validate(passwrd, password)
-        
+        if not result:
+            LOG('Zope', WARNING,
+                'invalid password for user %s' % self.getUserName())
+
        domains=self.getDomains()
-        if domains:
-            return result and domainSpecMatch(domains, request)
+        if domains and result:
+            result = domainSpecMatch(domains, request)
+            if not result:
+                LOG('Zope', WARNING,
+                    'invalid domain for user %s' % self.getUserName())
+            return result
        return result
    
    def _shared_roles(self, parent):
@@ -438,6 +446,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,

        # Only do basic authentication
        if lower(auth[:6])!='basic ':
+            LOG('Zope', WARNING, 'non-basic authentication attempted')
            return None
        name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))

@@ -450,6 +459,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
        # Try to get user
        user=self.getUser(name)
        if user is None:
+            LOG('Zope', WARNING, 'no such user as %s in %s' \
+                % (name, self.absolute_url()))
            return None

        # Try to authenticate user
@@ -462,6 +473,11 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
        # Try to authorize user
        if user.allowed(parent, roles):
            return user
+
+        LOG('Zope', WARNING,
+            'user %s is not authorized to access %s' \
+            % (name, parent.absolute_url()))
+
        return None


@@ -494,6 +510,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
            # Try to get user
            user=self.getUser(name)
            if user is None:
+                LOG('Zope', WARNING, 'no such user as %s in %s' \
+                    % (name, self.absolute_url()))
                return None

            # We need the user to be able to acquire!
@@ -502,6 +520,9 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
            # Try to authorize user
            if user.allowed(parent, roles):
                return user
+            LOG('Zope', WARNING,
+                'user %s is not authorized to access %s' \
+                % (name, parent.absolute_url()))
            return None