Ticket #20495: logerr.diff

File logerr.diff, 2.9 KB (added by boylea, 11 years ago)

Changes user login failure from signalling event to logging the failure

  • django/contrib/auth/__init__.py 

    diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
index 029193d..53aa4b3 100644
    a b  
    11import re
     2import logging
    23
    34from django.conf import settings
    45from django.core.exceptions import ImproperlyConfigured, PermissionDenied
    SESSION_KEY = '_auth_user_id'  
    1112BACKEND_SESSION_KEY = '_auth_user_backend'
    1213REDIRECT_FIELD_NAME = 'next'
    1314
     15logger = logging.getLogger('django.security')
    1416
    1517def load_backend(path):
    1618    return import_by_path(path)()
    def authenticate(**credentials):  
    5961        user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    6062        return user
    6163
    62     # The credentials supplied are invalid to all backends, fire signal
    63     user_login_failed.send(sender=__name__,
    64             credentials=_clean_credentials(credentials))
     64    # The credentials supplied are invalid to all backends, log error
     65    logger.error(("user login failed: %s" % credentials['username']))
    6566
    6667
    6768def login(request, user):

  • django/contrib/auth/tests/test_signals.py 

    diff --git a/django/contrib/auth/tests/test_signals.py b/django/contrib/auth/tests/test_signals.py
index 024f44f..b3d8b20 100644
    a b class SignalTestCase(TestCase):  
    4040        # Only a successful login will trigger the success signal.
    4141        self.client.login(username='testclient', password='bad')
    4242        self.assertEqual(len(self.logged_in), 0)
    43         self.assertEqual(len(self.login_failed), 1)
    44         self.assertEqual(self.login_failed[0]['username'], 'testclient')
    45         # verify the password is cleansed
    46         self.assertTrue('***' in self.login_failed[0]['password'])
    4743
    4844        # Like this:
    4945        self.client.login(username='testclient', password='password')
    5046        self.assertEqual(len(self.logged_in), 1)
    5147        self.assertEqual(self.logged_in[0].username, 'testclient')
    5248
    53         # Ensure there were no more failures.
    54         self.assertEqual(len(self.login_failed), 1)
    55 
    5649    def test_logout_anonymous(self):
    5750        # The log_out function will still trigger the signal for anonymous
    5851        # users.

  • tests/logging_tests/tests.py 

    diff --git a/tests/logging_tests/tests.py b/tests/logging_tests/tests.py
index 0c2d269..1a2bf75 100644
    a b class SecurityLoggerTest(TestCase):  
    374374                response = self.client.get('/suspicious_spec/')
    375375                self.assertEqual(len(calls), 1)
    376376                self.assertEqual(calls[0], 'dubious')
     377
     378    def test_user_login_failed_creates_log_message(self):
     379        with self.settings(DEBUG=True):
     380            with patch_logger('django.security', 'error') as calls:
     381                self.client.login(username='testclient', password='bad')
     382                self.assertEqual(len(calls), 1)
     383                self.assertEqual(calls[0], "user login failed: testclient")
Back to Top