stages/*: use stage-bound logger when possible

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:39 +02:00 · 2022-08-07 13:41:39 +02:00 · 3b86144ae5
parent f01f10c5e5
commit 3b86144ae5
4 changed files with 6 additions and 14 deletions
--- a/authentik/stages/authenticator_validate/stage.py
+++ b/authentik/stages/authenticator_validate/stage.py
@ -10,7 +10,6 @@ from django_otp.models import Device
 from jwt import PyJWTError, decode, encode
 from rest_framework.fields import CharField, IntegerField, JSONField, ListField, UUIDField
 from rest_framework.serializers import ValidationError
-from structlog.stdlib import get_logger

 from authentik.core.api.utils import PassiveSerializer
 from authentik.core.models import User
@ -36,8 +35,6 @@ from authentik.stages.authenticator_validate.models import AuthenticatorValidate
 from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
 from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS

-LOGGER = get_logger()
-
 COOKIE_NAME_MFA = "authentik_mfa"

 SESSION_KEY_STAGES = "authentik/stages/authenticator_validate/stages"
@ -128,7 +125,7 @@ class AuthenticatorValidationChallengeResponse(ChallengeResponse):
        stages = self.stage.request.session.get(SESSION_KEY_STAGES, [])
        if not any(str(stage.pk) == stage_pk for stage in stages):
            raise ValidationError("Selected stage is invalid")
-        LOGGER.debug("Setting selected stage to ", stage=stage_pk)
+        self.stage.logger.debug("Setting selected stage to ", stage=stage_pk)
        self.stage.request.session[SESSION_KEY_SELECTED_STAGE] = stage_pk
        return stage_pk

@ -167,7 +164,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
                self.logger.debug("device class not allowed", device_class=device_class)
                continue
            if isinstance(device, SMSDevice) and device.is_hashed:
-                LOGGER.debug("Hashed SMS device, skipping")
+                self.logger.debug("Hashed SMS device, skipping")
                continue
            allowed_devices.append(device)
            # Ensure only one challenge per device class
--- a/authentik/stages/authenticator_webauthn/stage.py
+++ b/authentik/stages/authenticator_webauthn/stage.py
@ -5,7 +5,6 @@ from django.http import HttpRequest, HttpResponse
 from django.http.request import QueryDict
 from rest_framework.fields import CharField, JSONField
 from rest_framework.serializers import ValidationError
-from structlog.stdlib import get_logger
 from webauthn import generate_registration_options, options_to_json, verify_registration_response
 from webauthn.helpers import bytes_to_base64url
 from webauthn.helpers.exceptions import InvalidRegistrationResponse
@ -28,7 +27,6 @@ from authentik.flows.stage import ChallengeStageView
 from authentik.stages.authenticator_webauthn.models import AuthenticateWebAuthnStage, WebAuthnDevice
 from authentik.stages.authenticator_webauthn.utils import get_origin, get_rp_id

-LOGGER = get_logger()
 SESSION_KEY_WEBAUTHN_CHALLENGE = "authentik/stages/authenticator_webauthn/challenge"


@ -60,7 +58,7 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse):
                expected_origin=get_origin(self.request),
            )
        except InvalidRegistrationResponse as exc:
-            LOGGER.warning("registration failed", exc=exc)
+            self.stage.logger.warning("registration failed", exc=exc)
            raise ValidationError(f"Registration failed. Error: {exc}")

        credential_id_exists = WebAuthnDevice.objects.filter(
--- a/authentik/stages/identification/stage.py
+++ b/authentik/stages/identification/stage.py
@ -12,7 +12,6 @@ from drf_spectacular.utils import PolymorphicProxySerializer, extend_schema_fiel
 from rest_framework.fields import BooleanField, CharField, DictField, ListField
 from rest_framework.serializers import ValidationError
 from sentry_sdk.hub import Hub
-from structlog.stdlib import get_logger

 from authentik.core.api.utils import PassiveSerializer
 from authentik.core.models import Application, Source, User
@ -32,8 +31,6 @@ from authentik.stages.identification.models import IdentificationStage
 from authentik.stages.identification.signals import identification_failed
 from authentik.stages.password.stage import authenticate

-LOGGER = get_logger()
-

@extend_schema_field(
    PolymorphicProxySerializer(
@ -98,7 +95,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
            ):
                # Sleep a random time (between 90 and 210ms) to "prevent" user enumeration attacks
                sleep(0.030 * SystemRandom().randint(3, 7))
-            LOGGER.debug("invalid_login", identifier=uid_field)
+            self.stage.logger.info("invalid_login", identifier=uid_field)
            identification_failed.send(sender=self, request=self.stage.request, uid_field=uid_field)
            # We set the pending_user even on failure so it's part of the context, even
            # when the input is invalid
@ -118,7 +115,7 @@ class IdentificationChallengeResponse(ChallengeResponse):

        password = attrs.get("password", None)
        if not password:
-            LOGGER.warning("Password not set for ident+auth attempt")
+            self.stage.logger.warning("Password not set for ident+auth attempt")
        try:
            with Hub.current.start_span(
                op="authentik.stages.identification.authenticate",
--- a/authentik/stages/password/stage.py
+++ b/authentik/stages/password/stage.py
@ -56,7 +56,7 @@ def authenticate(
            continue
        # Annotate the user object with the path of the backend.
        user.backend = backend_path
-        LOGGER.debug("Successful authentication", user=user.username, backend=backend_path)
+        LOGGER.info("Successful authentication", user=user.username, backend=backend_path)
        return user

    # The credentials supplied are invalid to all backends, fire signal