stages/*: use stage-bound logger when possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
f01f10c5e5
commit
3b86144ae5
|
@ -10,7 +10,6 @@ from django_otp.models import Device
|
|||
from jwt import PyJWTError, decode, encode
|
||||
from rest_framework.fields import CharField, IntegerField, JSONField, ListField, UUIDField
|
||||
from rest_framework.serializers import ValidationError
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.core.api.utils import PassiveSerializer
|
||||
from authentik.core.models import User
|
||||
|
@ -36,8 +35,6 @@ from authentik.stages.authenticator_validate.models import AuthenticatorValidate
|
|||
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
|
||||
from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
||||
COOKIE_NAME_MFA = "authentik_mfa"
|
||||
|
||||
SESSION_KEY_STAGES = "authentik/stages/authenticator_validate/stages"
|
||||
|
@ -128,7 +125,7 @@ class AuthenticatorValidationChallengeResponse(ChallengeResponse):
|
|||
stages = self.stage.request.session.get(SESSION_KEY_STAGES, [])
|
||||
if not any(str(stage.pk) == stage_pk for stage in stages):
|
||||
raise ValidationError("Selected stage is invalid")
|
||||
LOGGER.debug("Setting selected stage to ", stage=stage_pk)
|
||||
self.stage.logger.debug("Setting selected stage to ", stage=stage_pk)
|
||||
self.stage.request.session[SESSION_KEY_SELECTED_STAGE] = stage_pk
|
||||
return stage_pk
|
||||
|
||||
|
@ -167,7 +164,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
|
|||
self.logger.debug("device class not allowed", device_class=device_class)
|
||||
continue
|
||||
if isinstance(device, SMSDevice) and device.is_hashed:
|
||||
LOGGER.debug("Hashed SMS device, skipping")
|
||||
self.logger.debug("Hashed SMS device, skipping")
|
||||
continue
|
||||
allowed_devices.append(device)
|
||||
# Ensure only one challenge per device class
|
||||
|
|
|
@ -5,7 +5,6 @@ from django.http import HttpRequest, HttpResponse
|
|||
from django.http.request import QueryDict
|
||||
from rest_framework.fields import CharField, JSONField
|
||||
from rest_framework.serializers import ValidationError
|
||||
from structlog.stdlib import get_logger
|
||||
from webauthn import generate_registration_options, options_to_json, verify_registration_response
|
||||
from webauthn.helpers import bytes_to_base64url
|
||||
from webauthn.helpers.exceptions import InvalidRegistrationResponse
|
||||
|
@ -28,7 +27,6 @@ from authentik.flows.stage import ChallengeStageView
|
|||
from authentik.stages.authenticator_webauthn.models import AuthenticateWebAuthnStage, WebAuthnDevice
|
||||
from authentik.stages.authenticator_webauthn.utils import get_origin, get_rp_id
|
||||
|
||||
LOGGER = get_logger()
|
||||
SESSION_KEY_WEBAUTHN_CHALLENGE = "authentik/stages/authenticator_webauthn/challenge"
|
||||
|
||||
|
||||
|
@ -60,7 +58,7 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse):
|
|||
expected_origin=get_origin(self.request),
|
||||
)
|
||||
except InvalidRegistrationResponse as exc:
|
||||
LOGGER.warning("registration failed", exc=exc)
|
||||
self.stage.logger.warning("registration failed", exc=exc)
|
||||
raise ValidationError(f"Registration failed. Error: {exc}")
|
||||
|
||||
credential_id_exists = WebAuthnDevice.objects.filter(
|
||||
|
|
|
@ -12,7 +12,6 @@ from drf_spectacular.utils import PolymorphicProxySerializer, extend_schema_fiel
|
|||
from rest_framework.fields import BooleanField, CharField, DictField, ListField
|
||||
from rest_framework.serializers import ValidationError
|
||||
from sentry_sdk.hub import Hub
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.core.api.utils import PassiveSerializer
|
||||
from authentik.core.models import Application, Source, User
|
||||
|
@ -32,8 +31,6 @@ from authentik.stages.identification.models import IdentificationStage
|
|||
from authentik.stages.identification.signals import identification_failed
|
||||
from authentik.stages.password.stage import authenticate
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
||||
|
||||
@extend_schema_field(
|
||||
PolymorphicProxySerializer(
|
||||
|
@ -98,7 +95,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
|
|||
):
|
||||
# Sleep a random time (between 90 and 210ms) to "prevent" user enumeration attacks
|
||||
sleep(0.030 * SystemRandom().randint(3, 7))
|
||||
LOGGER.debug("invalid_login", identifier=uid_field)
|
||||
self.stage.logger.info("invalid_login", identifier=uid_field)
|
||||
identification_failed.send(sender=self, request=self.stage.request, uid_field=uid_field)
|
||||
# We set the pending_user even on failure so it's part of the context, even
|
||||
# when the input is invalid
|
||||
|
@ -118,7 +115,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
|
|||
|
||||
password = attrs.get("password", None)
|
||||
if not password:
|
||||
LOGGER.warning("Password not set for ident+auth attempt")
|
||||
self.stage.logger.warning("Password not set for ident+auth attempt")
|
||||
try:
|
||||
with Hub.current.start_span(
|
||||
op="authentik.stages.identification.authenticate",
|
||||
|
|
|
@ -56,7 +56,7 @@ def authenticate(
|
|||
continue
|
||||
# Annotate the user object with the path of the backend.
|
||||
user.backend = backend_path
|
||||
LOGGER.debug("Successful authentication", user=user.username, backend=backend_path)
|
||||
LOGGER.info("Successful authentication", user=user.username, backend=backend_path)
|
||||
return user
|
||||
|
||||
# The credentials supplied are invalid to all backends, fire signal
|
||||
|
|
Reference in New Issue