stages/*: use stage-bound logger when possible

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-08-07 13:41:39 +02:00
parent f01f10c5e5
commit 3b86144ae5
4 changed files with 6 additions and 14 deletions

View File

@ -10,7 +10,6 @@ from django_otp.models import Device
from jwt import PyJWTError, decode, encode
from rest_framework.fields import CharField, IntegerField, JSONField, ListField, UUIDField
from rest_framework.serializers import ValidationError
from structlog.stdlib import get_logger
from authentik.core.api.utils import PassiveSerializer
from authentik.core.models import User
@ -36,8 +35,6 @@ from authentik.stages.authenticator_validate.models import AuthenticatorValidate
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS
LOGGER = get_logger()
COOKIE_NAME_MFA = "authentik_mfa"
SESSION_KEY_STAGES = "authentik/stages/authenticator_validate/stages"
@ -128,7 +125,7 @@ class AuthenticatorValidationChallengeResponse(ChallengeResponse):
stages = self.stage.request.session.get(SESSION_KEY_STAGES, [])
if not any(str(stage.pk) == stage_pk for stage in stages):
raise ValidationError("Selected stage is invalid")
LOGGER.debug("Setting selected stage to ", stage=stage_pk)
self.stage.logger.debug("Setting selected stage to ", stage=stage_pk)
self.stage.request.session[SESSION_KEY_SELECTED_STAGE] = stage_pk
return stage_pk
@ -167,7 +164,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
self.logger.debug("device class not allowed", device_class=device_class)
continue
if isinstance(device, SMSDevice) and device.is_hashed:
LOGGER.debug("Hashed SMS device, skipping")
self.logger.debug("Hashed SMS device, skipping")
continue
allowed_devices.append(device)
# Ensure only one challenge per device class

View File

@ -5,7 +5,6 @@ from django.http import HttpRequest, HttpResponse
from django.http.request import QueryDict
from rest_framework.fields import CharField, JSONField
from rest_framework.serializers import ValidationError
from structlog.stdlib import get_logger
from webauthn import generate_registration_options, options_to_json, verify_registration_response
from webauthn.helpers import bytes_to_base64url
from webauthn.helpers.exceptions import InvalidRegistrationResponse
@ -28,7 +27,6 @@ from authentik.flows.stage import ChallengeStageView
from authentik.stages.authenticator_webauthn.models import AuthenticateWebAuthnStage, WebAuthnDevice
from authentik.stages.authenticator_webauthn.utils import get_origin, get_rp_id
LOGGER = get_logger()
SESSION_KEY_WEBAUTHN_CHALLENGE = "authentik/stages/authenticator_webauthn/challenge"
@ -60,7 +58,7 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse):
expected_origin=get_origin(self.request),
)
except InvalidRegistrationResponse as exc:
LOGGER.warning("registration failed", exc=exc)
self.stage.logger.warning("registration failed", exc=exc)
raise ValidationError(f"Registration failed. Error: {exc}")
credential_id_exists = WebAuthnDevice.objects.filter(

View File

@ -12,7 +12,6 @@ from drf_spectacular.utils import PolymorphicProxySerializer, extend_schema_fiel
from rest_framework.fields import BooleanField, CharField, DictField, ListField
from rest_framework.serializers import ValidationError
from sentry_sdk.hub import Hub
from structlog.stdlib import get_logger
from authentik.core.api.utils import PassiveSerializer
from authentik.core.models import Application, Source, User
@ -32,8 +31,6 @@ from authentik.stages.identification.models import IdentificationStage
from authentik.stages.identification.signals import identification_failed
from authentik.stages.password.stage import authenticate
LOGGER = get_logger()
@extend_schema_field(
PolymorphicProxySerializer(
@ -98,7 +95,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
):
# Sleep a random time (between 90 and 210ms) to "prevent" user enumeration attacks
sleep(0.030 * SystemRandom().randint(3, 7))
LOGGER.debug("invalid_login", identifier=uid_field)
self.stage.logger.info("invalid_login", identifier=uid_field)
identification_failed.send(sender=self, request=self.stage.request, uid_field=uid_field)
# We set the pending_user even on failure so it's part of the context, even
# when the input is invalid
@ -118,7 +115,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
password = attrs.get("password", None)
if not password:
LOGGER.warning("Password not set for ident+auth attempt")
self.stage.logger.warning("Password not set for ident+auth attempt")
try:
with Hub.current.start_span(
op="authentik.stages.identification.authenticate",

View File

@ -56,7 +56,7 @@ def authenticate(
continue
# Annotate the user object with the path of the backend.
user.backend = backend_path
LOGGER.debug("Successful authentication", user=user.username, backend=backend_path)
LOGGER.info("Successful authentication", user=user.username, backend=backend_path)
return user
# The credentials supplied are invalid to all backends, fire signal