From 785456fcf7967ecce8882378b7f346b96f3c6603 Mon Sep 17 00:00:00 2001 From: Sangho Na Date: Sun, 21 Jul 2024 08:17:58 +1200 Subject: [PATCH 1/2] chore: Add additional log messages to directauth() --- ietf/api/views.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ietf/api/views.py b/ietf/api/views.py index 6aaed4b6a9..b0a381fc54 100644 --- a/ietf/api/views.py +++ b/ietf/api/views.py @@ -429,6 +429,7 @@ def directauth(request): data = None if raw_data is None or data is None: + log.log("Request body is either missing or invalid") return HttpResponse(json.dumps(dict(result="failure",reason="invalid post")), content_type='application/json') authtoken = data.get('authtoken', None) @@ -436,9 +437,11 @@ def directauth(request): password = data.get('password', None) if any([item is None for item in (authtoken, username, password)]): + log.log("One or more mandatory fields are missing: authtoken, username, password") return HttpResponse(json.dumps(dict(result="failure",reason="invalid post")), content_type='application/json') if not is_valid_token("ietf.api.views.directauth", authtoken): + log.log("Auth token provided is invalid") return HttpResponse(json.dumps(dict(result="failure",reason="invalid authtoken")), content_type='application/json') user_query = User.objects.filter(username__iexact=username) @@ -449,18 +452,21 @@ def directauth(request): # Note well that we are using user.username, not what was passed to the API. - if user_query.count() == 1 and authenticate(username = user_query.first().username, password = password): + user_count = user_query.count() + if user_count == 1 and authenticate(username = user_query.first().username, password = password): user = user_query.get() if user_query.filter(person__isnull=True).count() == 1: # Can't inspect user.person direclty here log.log(f"Direct auth of personless user {user.pk}:{user.username}") else: log.log(f"Direct auth: {user.pk}:{user.person.plain_name()}") + log.log(f"Direct auth success: {username}") return HttpResponse(json.dumps(dict(result="success")), content_type='application/json') - log.log(f"Direct auth failure: {username}") + log.log(f"Direct auth failure: {username} ({user_count} user(s) found)") return HttpResponse(json.dumps(dict(result="failure", reason="authentication failed")), content_type='application/json') else: + log.log(f"Request must be POST: {request.method} received") return HttpResponse(status=405) From a4bb31c6f2b05f08462b65f5558c0f1c7864901d Mon Sep 17 00:00:00 2001 From: Sangho Na Date: Sun, 21 Jul 2024 13:35:07 +1200 Subject: [PATCH 2/2] chore: Keep single log message for each successful response --- ietf/api/views.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ietf/api/views.py b/ietf/api/views.py index b0a381fc54..62857bff54 100644 --- a/ietf/api/views.py +++ b/ietf/api/views.py @@ -456,10 +456,9 @@ def directauth(request): if user_count == 1 and authenticate(username = user_query.first().username, password = password): user = user_query.get() if user_query.filter(person__isnull=True).count() == 1: # Can't inspect user.person direclty here - log.log(f"Direct auth of personless user {user.pk}:{user.username}") + log.log(f"Direct auth success (personless user): {user.pk}:{user.username}") else: - log.log(f"Direct auth: {user.pk}:{user.person.plain_name()}") - log.log(f"Direct auth success: {username}") + log.log(f"Direct auth success: {user.pk}:{user.person.plain_name()}") return HttpResponse(json.dumps(dict(result="success")), content_type='application/json') log.log(f"Direct auth failure: {username} ({user_count} user(s) found)")