Commit b829b6c1 authored by Xavier Guimard's avatar Xavier Guimard

Replace userNotice/Error... by userLogger (#857)

parent d446e154
......@@ -619,7 +619,7 @@ sub metadatas {
if ( $req->params('full') and $req->params('full') !~ NO ) {
my $c = $self->getConfKey( $req, 'cfgNum' );
return $self->sendError( $req, undef, 400 ) if ( $req->error );
$self->userNotice( 'User '
$self->userLogger->notice( 'User '
. $self->userId($req)
. ' ask for full configuration '
. $c );
......@@ -648,7 +648,7 @@ sub metadatas {
my ($ind) = map { $id++; $_ == $res->{cfgNum} ? ($id) : () } @a;
if ($ind) { $res->{prev} = $a[ $ind - 1 ]; }
if ( $ind and $ind < $#a ) { $res->{next} = $a[ $ind + 1 ]; }
$self->userNotice( 'User '
$self->userLogger->notice( 'User '
. $self->userId($req)
. ' ask for configuration metadatas ('
. $res->{cfgNum}
......@@ -672,7 +672,7 @@ sub getKey {
unless ($key) {
return $self->metadatas($req);
}
$self->userInfo( 'User ' . $self->userId($req) . " asks for key $key" );
$self->userLogger->info( 'User ' . $self->userId($req) . " asks for key $key" );
my $value = $self->getConfKey( $req, $key );
return $self->sendError( $req, undef, 400 ) if ( $req->error );
......
......@@ -11,8 +11,8 @@ has p => ( is => 'rw', weak_ref => 1 );
# Lemonldap::NG configuration hash ref
has conf => ( is => 'rw', weak_ref => 1 );
has logger => ( is => 'ro', default => sub { $_[0]->{p}->logger } );
has userLogger => ( is => 'ro', default => sub { $_[0]->{p}->userLogger } );
has logger => ( is => 'rw', default => sub { $_[0]->{p}->logger } );
has userLogger => ( is => 'rw', default => sub { $_[0]->{p}->userLogger } );
sub error {
my $self = shift;
......
......@@ -369,12 +369,13 @@ debug, info, notice, warn, error.
=head3 userLog ($msg, $level)
If $self->syslog is configured, store message with it, else called simply lmLog().
$self->syslog must be empty or contain syslog facility
Alias for $self->userLogger->$level($msg). Prefer to use this form (required
for Auth/Combination)
=head3 userError() userNotice() userInfo()
Alias for userLog(level).
Alias for userLog(level). Note that you must use $self->userLogger->$level
instead
=head2 Content sending
......
......@@ -239,7 +239,7 @@ sub newConf {
$args{force} = 1 if ( $req->params('force') );
my $s = $self->confAcc->saveConf( $parser->newConf, %args );
if ( $s > 0 ) {
$self->userNotice(
$self->userLogger->notice(
'User ' . $self->userId($req) . " has stored conf $s" );
$res->{result} = 1;
$res->{cfgNum} = $s;
......@@ -250,7 +250,7 @@ sub newConf {
}
}
else {
$self->userNotice(
$self->userLogger->notice(
'Saving attempt rejected, asking for confirmation to '
. $self->userId($req) );
$res->{result} = 0;
......@@ -292,13 +292,13 @@ sub newRawConf {
# chances to be equal to last config cfgNum
my $s = $self->confAcc->saveConf( $new, force => 1 );
if ( $s > 0 ) {
$self->userNotice(
$self->userLogger->notice(
'User ' . $self->userId($req) . " has stored (raw) conf $s" );
$res->{result} = 1;
$res->{cfgNum} = $s;
}
else {
$self->userNotice(
$self->userLogger->notice(
'Raw saving attempt rejected, asking for confirmation to '
. $self->userId($req) );
$res->{result} = 0;
......@@ -355,14 +355,14 @@ sub applyConf {
if ( $response->code != 200 ) {
$status->{$host} =
"Error " . $response->code . " (" . $response->message . ")";
$self->userError( "Apply configuration for $host: error "
$self->logger->error( "Apply configuration for $host: error "
. $response->code . " ("
. $response->message
. ")" );
}
else {
$status->{$host} = "OK";
$self->userNotice("Apply configuration for $host: ok");
$self->logger->notice("Apply configuration for $host: ok");
}
}
......
......@@ -99,7 +99,7 @@ sub extractFormInfo {
# If confirmation is needed
if ( my $setup_url = $csr->user_setup_url ) {
$self->userInfo('OpenID confirmation needed');
$self->userLogger->info('OpenID confirmation needed');
$req->urldc($setup_url);
return PE_REDIRECT;
}
......@@ -131,7 +131,7 @@ sub extractFormInfo {
my $tmp = $url;
$tmp =~ m#^https?://(.*?)/#;
if ( $tmp =~ $self->idpList xor $self->listIsWhite ) {
$self->p->userNotice("$url is forbidden for openID exchange");
$self->userLogger->warn("$url is forbidden for openID exchange");
return PE_BADPARTNER;
}
my $claimed_identity = $req->datas->{csr}->claimed_identity($url);
......
......@@ -52,7 +52,7 @@ sub authenticate {
my $res = $self->radius->check_pwd( $req->user, $req->datas->{password} );
unless ( $res == 1 ) {
$self->p->userNotice("Unable to authenticate $req->{user} !");
$self->userLogger->warn("Unable to authenticate $req->{user} !");
return PE_BADCREDENTIALS;
}
return PE_OK;
......
......@@ -1452,7 +1452,7 @@ sub getIDP {
# Alert when selected IDP is unknown
if ( $idp and !exists $self->idpList->{$idp} ) {
$self->p->userError("Required IDP $idp does not exists");
$self->userLogger->error("Required IDP $idp does not exists");
$idp = undef;
}
......
......@@ -28,12 +28,12 @@ sub extractFormInfo {
return PE_OK
if ( $req->user( $req->env->{ $self->SSLField } ) );
if ( $req->{SSL_CLIENT_S_DN} ) {
$self->p->userError(
$self->userLogger->warn(
"$self->SSLField was not found in user certificate");
return PE_BADCERTIFICATE;
}
else {
$self->p->userError('No certificate found');
$self->userlogger->warn('No certificate found');
return PE_CERTIFICATEREQUIRED;
}
}
......
......@@ -57,7 +57,7 @@ sub extractFormInfo {
# 1. Verify SSL exchange
unless ( $req->{SSL_CLIENT_S_DN} ) {
$self->p->userError( 'No certificate found for ' . $req->address );
$self->userlogger->warn( 'No certificate found for ' . $req->address );
return PE_CERTIFICATEREQUIRED;
}
......
......@@ -99,7 +99,7 @@ sub extractFormInfo {
if ( $self->captcha or $self->ott ) {
my $token;
unless ( $token = $req->param('token') ) {
$self->p->userError('Authentication tried without token');
$self->userLogger->error('Authentication tried without token');
return PE_NOTOKEN;
}
if ( $self->captcha ) {
......@@ -110,7 +110,7 @@ sub extractFormInfo {
}
unless ( $self->captcha->validateCaptcha( $token, $code ) ) {
$self->captcha->setCaptcha($req);
$self->p->userNotice("Captcha failed: wrong or expired code");
$self->userLogger->warn("Captcha failed: wrong or expired code");
return PE_CAPTCHAERROR;
}
$self->logger->debug("Captcha code verified");
......@@ -118,7 +118,7 @@ sub extractFormInfo {
elsif ( $self->ott ) {
unless ( $self->ott->getToken($token) ) {
$self->ott->setToken($req);
$self->p->userNotice('Token expired');
$self->userLogger->warn('Token expired');
return PE_TOKENEXPIRED;
}
}
......
......@@ -212,7 +212,7 @@ sub _openIDResponse {
return PE_CONFIRM;
}
elsif ( $req->datas->{_badOpenIdentity} ) {
$self->p->userNotice(
$self->userLogger->warn(
"The user $req->{sessionInfo}->{_user} tries to use the id \"$data->{identity}\" on $data->{trust_root}"
);
return PE_OPENID_BADID;
......@@ -223,7 +223,7 @@ sub _openIDResponse {
# User has refused sharing its datas
else {
$self->userNotice(
$self->userLogger->notice(
$req->{sessionInfo}->{ $self->conf->{whatToTrace} }
. ' refused to share its OpenIdentity' );
return PE_OK;
......
......@@ -734,7 +734,7 @@ sub run {
last;
}
}
$self->p->userNotice(
$self->userLogger->notice(
"SAML authentication response sent to SAML SP $spConfKey for $user$nameIDLog"
);
......
......@@ -46,7 +46,7 @@ sub getCasSession {
if ( $casSession->error ) {
if ($id) {
$self->p->userInfo("CAS session $id isn't yet available");
$self->userLogger->notice("CAS session $id isn't yet available");
}
else {
$self->logger->error("Unable to create new CAS session");
......
......@@ -124,7 +124,7 @@ sub check_password {
return 1;
}
else {
$self->p->userError("Bad password for $user");
$self->userLogger->warn("Bad password for $user");
return 0;
}
......
......@@ -177,7 +177,7 @@ sub userBind {
# Return direct unless control resonse
unless ( defined $resp ) {
if ( $mesg->code == 49 ) {
$self->{portal}->userError("Bad password");
$self->{portal}->userLogger->warn("Bad password");
return PE_BADCREDENTIALS;
}
return ( $mesg->code == 0 ? PE_OK : PE_LDAPERROR );
......@@ -186,7 +186,7 @@ sub userBind {
# Check for ppolicy error
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->userError(
$self->{portal}->userLogger->error(
"Password policy error $pp_error for $self->{portal}->{user}");
return [
PE_PP_PASSWORD_EXPIRED,
......@@ -227,7 +227,7 @@ sub userBind {
return PE_OK;
}
}
$self->{portal}->userError("Bad password for $self->{portal}->{user}");
$self->{portal}->userLogger->warn("Bad password for $self->{portal}->{user}");
return PE_BADCREDENTIALS;
}
......@@ -368,7 +368,8 @@ sub userModifyPassword {
return PE_PP_PASSWORD_MOD_NOT_ALLOWED
if ( $mesg->code == 19 && $ad );
return PE_LDAPERROR unless ( $mesg->code == 0 );
$self->{portal}->userNotice("Password changed $self->{portal}->{user}");
$self->{portal}
->userLogger->notice("Password changed $self->{portal}->{user}");
# Rebind as manager for next LDAP operations if we were bound as user
$self->bind() if $asUser;
......@@ -502,7 +503,7 @@ sub userModifyPassword {
if ( $mesg->code == 50 || $mesg->code == 8 );
if ( $mesg->code == 0 ) {
$self->{portal}
->userNotice("Password changed $self->{portal}->{user}");
->userLogger->notice("Password changed $self->{portal}->{user}");
# Rebind as manager for next LDAP operations if we were bound as user
$self->bind() if $asUser;
......@@ -513,7 +514,7 @@ sub userModifyPassword {
if ( defined $resp ) {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->userError("Password policy error $pp_error");
$self->{portal}->logger->error("Password policy error $pp_error");
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
......
......@@ -133,7 +133,7 @@ sub getNotifBack {
unless ($checks->{$refId}
and $toCheckCount == @{ $checks->{$refId} } )
{
$self->p->userNotice(
$self->userLogger->notice(
"$uid has not accepted notification $reference"
);
$result = $fileResult = 0;
......@@ -152,7 +152,7 @@ sub getNotifBack {
}
# Register acceptation
$self->p->userNotice(
$self->userLogger->notice(
"$uid has accepted notification $reference");
$self->p->updatePersistentSession( $req,
{ "notification_$reference" => time() } );
......
......@@ -184,7 +184,7 @@ sub getNotifBack {
unless ($checks->{$refId}
and $toCheckCount == @{ $checks->{$refId} } )
{
$self->p->userNotice(
$self->userLogger->notice(
"$uid has not accepted notification $reference"
);
$result = $fileResult = 0;
......@@ -203,7 +203,7 @@ sub getNotifBack {
}
# Register acceptation
$self->p->userNotice(
$self->userLogger->notice(
"$uid has accepted notification $reference");
$self->p->updatePersistentSession( $req,
{ "notification_$reference" => time() } );
......
......@@ -159,7 +159,7 @@ sub sregHook {
# Check if user has agreed request
if ($accepted) {
$self->p->userInfo(
$self->userLogger->info(
$req->{sessionInfo}->{ $self->conf->{whatToTrace} }
. " has accepted OpenID SREG exchange with $trust_root" );
return ( 1, \%r );
......
......@@ -647,7 +647,7 @@ sub getOpenIDConnectSession {
if ( $oidcSession->error ) {
if ($id) {
$self->p->userInfo("OpenIDConnect session $id isn't yet available");
$self->userLogger->warn("OpenIDConnect session $id isn't yet available");
}
else {
$self->logger->error("Unable to create new OpenIDConnect session");
......
......@@ -52,7 +52,7 @@ sub getUser {
}
$req->sessionInfo->{_proxyQueryDone}++;
unless ( $res->{result} ) {
$self->p->userNotice("Authentication refused for $req->{user}");
$self->userLogger->notice("Authentication refused for $req->{user}");
return PE_BADCREDENTIALS;
}
$req->sessionInfo->{_proxyCookies} = join '; ',
......
......@@ -2774,7 +2774,7 @@ sub getSamlSession {
if ( $samlSession->error ) {
if ($id) {
$self->userInfo("SAML session $id isn't yet available");
$self->userLogger->warn("SAML session $id isn't yet available");
}
else {
$self->logger->error("Unable to create new SAML session");
......
......@@ -42,7 +42,7 @@ sub getUser {
# If authentication failed, display error
if ( $res->{errorCode} ) {
$self->p->userError(
$self->userLogger->warn(
"Authentication failed for $req->{user}: error $res->{errorCode}");
return PE_BADCREDENTIALS;
}
......@@ -68,7 +68,7 @@ sub setSessionInfo {
}
my $res = $r->result();
if ( $res->{error} ) {
$self->userError("Unable to get attributes for $self->{user} ");
$self->userLogger->warn("Unable to get attributes for $self->{user} ");
return PE_ERROR;
}
foreach ( keys %{ $res->{attributes} } ) {
......
......@@ -23,7 +23,7 @@ sub checkIP {
if (!$self->conf->{slaveMasterIP}
|| $self->conf->{slaveMasterIP} =~ /\b$remoteIP\b/ );
$self->userError('Client IP not accredited for Slave module');
$self->userLogger->warn('Client IP not accredited for Slave module');
return 0;
}
......@@ -37,7 +37,7 @@ sub checkHeader {
my $headerContent = $req->{ $self->conf->{slaveHeaderName} };
return 1 if ( $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
$self->userError('Matching header not found for Slave module ');
$self->userLogger->warn('Matching header not found for Slave module ');
return 0;
}
......
......@@ -460,7 +460,7 @@ sub _deleteSession {
# Log
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
$self->userNotice("User $user has been disconnected") if $user;
$self->userLogger->notice("User $user has been disconnected") if $user;
return $session->error ? 0 : 1;
}
......
......@@ -111,7 +111,7 @@ sub _reset {
# Check if token is valid
my $mailSession = $self->mailott->getToken($mailToken);
unless ($mailSession) {
$self->p->userNotice('Bad reset token');
$self->userLogger->warn('Bad reset token');
return PE_BADMAILTOKEN;
}
......@@ -133,7 +133,7 @@ sub _reset {
$token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
$self->p->userNotice('Reset try without token');
$self->userLogger->warn('Reset try without token');
return PE_NOTOKEN;
}
}
......@@ -143,7 +143,7 @@ sub _reset {
my $captcha = $req->param('captcha');
unless ($captcha) {
$self->p->userNotice('Reset try with captcha not filled');
$self->userLogger->notice('Reset try with captcha not filled');
# Set captcha or token
$self->setSecurity($req);
......@@ -152,7 +152,7 @@ sub _reset {
# Check captcha
unless ( $self->captcha->validateCaptcha( $token, $captcha ) ) {
$self->p->userInfo('Captcha failed: wrong code');
$self->userLogger->info('Captcha failed: wrong code');
# Set captcha or token
$self->setSecurity($req);
......@@ -163,7 +163,7 @@ sub _reset {
elsif ( $self->conf->{requireToken} ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->p->userNotice('Reset try with expired/bas token');
$self->userLogger->warn('Reset try with expired/bas token');
return PE_TOKENEXPIRED;
}
}
......@@ -184,7 +184,7 @@ sub _reset {
);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_USERNOTFOUND or $error = PE_BADCREDENTIALS ) {
$self->p->userNotice(
$self->userLogger->warn(
"Reset asked for a unvalid user ($req->{mail})");
# To avoid mail enumeration, return OK
......@@ -263,7 +263,7 @@ sub _reset {
if ( $req->datas->{mailAlreadySent}
and !$req->param('resendconfirmation') )
{
$self->p->userNotice(
$self->userLogger->notice(
'Reset mail already sent to ' . $req->{mail} );
# To avoid enumeration, return OK
......@@ -346,7 +346,7 @@ sub changePwd {
if ( my $token = $req->param('token') ) {
$req->sessionInfo( $self->ott->getToken($token) );
unless ( $req->sessionInfo ) {
$self->p->userNotice(
$self->userLogger->warn(
'User tries to change password with an invalid or expired token'
);
return PE_NOTOKEN;
......@@ -356,11 +356,11 @@ sub changePwd {
# These 2 cases means that a user tries to change password without
# following valid links!!!
else {
$self->p->userError('User tries to change password without token');
$self->userLogger->error('User tries to change password without token');
return PE_NOTOKEN;
}
unless ( delete $req->sessionInfo->{pwdAllowed} ) {
$self->p->userError(
$self->userLogger->error(
'User tries to use another token to change a password');
return PE_NOTOKEN;
}
......
......@@ -160,7 +160,7 @@ sub _register {
$token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
$self->p->userNotice('Register try without token');
$self->userLogger->warn('Register try without token');
return PE_NOTOKEN;
}
}
......@@ -170,7 +170,7 @@ sub _register {
my $captcha = $req->param('captcha');
unless ($captcha) {
$self->p->userNotice(
$self->userLogger->warn(
'Register try with captcha not filled');
# Set captcha or token
......@@ -180,7 +180,7 @@ sub _register {
# Check captcha
unless ( $self->captcha->validateCaptcha( $token, $captcha ) ) {
$self->p->userInfo('Captcha failed: wrong code');
$self->userLogger->info('Captcha failed: wrong code');
# Set captcha or token
$self->setSecurity($req);
......@@ -191,7 +191,7 @@ sub _register {
elsif ( $self->ott ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->p->userNotice('Register try with expired/bas token');
$self->userLogger->notice('Register try with expired/bad token');
return PE_TOKENEXPIRED;
}
}
......
......@@ -209,12 +209,12 @@ sub getAttributes {
my @tmp = ();
unless ($session) {
$self->p->userNotice("SOAP attributes request: session $id not found");
$self->userLogger->notice("SOAP attributes request: session $id not found");
push @tmp, SOAP::Data->name( error => 1 )->type('int');
}
else {
my $wtt = $session->data->{ $self->conf->{whatToTrace} };
$self->p->userInfo(
$self->userLogger->info(
"SOAP attributes request for " . ( $wtt ? $wtt : $id ) );
push @tmp, SOAP::Data->name( error => 0 )->type('int');
push @tmp,
......
......@@ -84,12 +84,12 @@ sub verify {
# TODO: set sessionInfo with token
my $token;
unless ( $token = $req->param('token') ) {
$self->p->userError('U2F access without token');
$self->userLogger->error('U2F access without token');
$req->error(PE_NOTOKEN);
return $self->fail($req);
}
unless ( $req->sessionInfo( $self->ott->getToken($token) ) ) {
$self->p->userInfo('Token expired');
$self->userLogger->info('Token expired');
$req->error(PE_TOKENEXPIRED);
return $self->fail($req);
}
......@@ -103,12 +103,12 @@ sub verify {
delete $req->sessionInfo->{_u2fRealSession};
$self->p->rebuildCookies($req);
$req->mustRedirect(1);
$self->p->userInfo( 'U2F signature verified for '
$self->userLogger->info( 'U2F signature verified for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
return $self->p->do( $req, [ sub { PE_OK } ] );
}
else {
$self->p->userNotice( 'Invalid U2F signature for '
$self->userLogger->notice( 'Invalid U2F signature for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } . ' ('
. Crypt::U2F::Server::u2fclib_getError()
. ')' );
......@@ -117,7 +117,7 @@ sub verify {
}
}
else {
$self->p->userNotice( 'No U2F response for user'
$self->userLogger->notice( 'No U2F response for user'
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
return $self->fail($req);
}
......
......@@ -51,7 +51,7 @@ sub run {
];
}
my $err = Crypt::U2F::Server::Simple::lastError();
$self->p->userError("U2F Registration failed: $err");
$self->userLogger->warn("U2F Registration failed: $err");
return $self->p->sendError( $req, $err, 200 );
}
if ( $action eq 'verify' ) {
......
......@@ -53,7 +53,7 @@ sub getUser {
return PE_ERROR;
}
unless ( $req->datas->{entry} = $sth->fetchrow_hashref() ) {
$self->p->userNotice("User $user not found");
$self->userLogger->warn("User $user not found");
return PE_BADCREDENTIALS;
}
PE_OK;
......
......@@ -60,7 +60,7 @@ sub getUser {
}
unless ( $req->datas->{entry} = $mesg->entry(0) ) {
my $user = $req->{mail} || $req->{user};
$self->p->userError("$user was not found in LDAP directory");
$self->userLogger->warn("$user was not found in LDAP directory");
return PE_BADCREDENTIALS;
}
$req->datas->{dn} = $req->datas->{entry}->dn();
......
......@@ -43,7 +43,7 @@ sub setSessionInfo {
$self->logger->error("Unable to get $v from FOAF document: $@")
if ($@);
if ( $req and not $req->{sessionInfo}->{$attr} ) {
$self->p->userNotice(
$self->userLogger->warn(
"Required attribute $v is missing (user: $req->{user})");
return PE_MISSINGREQATTR;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment