diff --git a/authentik/stages/authenticator_validate/stage.py b/authentik/stages/authenticator_validate/stage.py index b9e4f98e8..0afd3b79b 100644 --- a/authentik/stages/authenticator_validate/stage.py +++ b/authentik/stages/authenticator_validate/stage.py @@ -10,7 +10,6 @@ from django_otp.models import Device from jwt import PyJWTError, decode, encode from rest_framework.fields import CharField, IntegerField, JSONField, ListField, UUIDField from rest_framework.serializers import ValidationError -from structlog.stdlib import get_logger from authentik.core.api.utils import PassiveSerializer from authentik.core.models import User @@ -36,8 +35,6 @@ from authentik.stages.authenticator_validate.models import AuthenticatorValidate from authentik.stages.authenticator_webauthn.models import WebAuthnDevice from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS -LOGGER = get_logger() - COOKIE_NAME_MFA = "authentik_mfa" SESSION_KEY_STAGES = "authentik/stages/authenticator_validate/stages" @@ -128,7 +125,7 @@ class AuthenticatorValidationChallengeResponse(ChallengeResponse): stages = self.stage.request.session.get(SESSION_KEY_STAGES, []) if not any(str(stage.pk) == stage_pk for stage in stages): raise ValidationError("Selected stage is invalid") - LOGGER.debug("Setting selected stage to ", stage=stage_pk) + self.stage.logger.debug("Setting selected stage to ", stage=stage_pk) self.stage.request.session[SESSION_KEY_SELECTED_STAGE] = stage_pk return stage_pk @@ -167,7 +164,7 @@ class AuthenticatorValidateStageView(ChallengeStageView): self.logger.debug("device class not allowed", device_class=device_class) continue if isinstance(device, SMSDevice) and device.is_hashed: - LOGGER.debug("Hashed SMS device, skipping") + self.logger.debug("Hashed SMS device, skipping") continue allowed_devices.append(device) # Ensure only one challenge per device class diff --git a/authentik/stages/authenticator_webauthn/stage.py b/authentik/stages/authenticator_webauthn/stage.py index dfac992df..9b47e081d 100644 --- a/authentik/stages/authenticator_webauthn/stage.py +++ b/authentik/stages/authenticator_webauthn/stage.py @@ -5,7 +5,6 @@ from django.http import HttpRequest, HttpResponse from django.http.request import QueryDict from rest_framework.fields import CharField, JSONField from rest_framework.serializers import ValidationError -from structlog.stdlib import get_logger from webauthn import generate_registration_options, options_to_json, verify_registration_response from webauthn.helpers import bytes_to_base64url from webauthn.helpers.exceptions import InvalidRegistrationResponse @@ -28,7 +27,6 @@ from authentik.flows.stage import ChallengeStageView from authentik.stages.authenticator_webauthn.models import AuthenticateWebAuthnStage, WebAuthnDevice from authentik.stages.authenticator_webauthn.utils import get_origin, get_rp_id -LOGGER = get_logger() SESSION_KEY_WEBAUTHN_CHALLENGE = "authentik/stages/authenticator_webauthn/challenge" @@ -60,7 +58,7 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse): expected_origin=get_origin(self.request), ) except InvalidRegistrationResponse as exc: - LOGGER.warning("registration failed", exc=exc) + self.stage.logger.warning("registration failed", exc=exc) raise ValidationError(f"Registration failed. Error: {exc}") credential_id_exists = WebAuthnDevice.objects.filter( diff --git a/authentik/stages/identification/stage.py b/authentik/stages/identification/stage.py index dfbe8de03..f4d8f82cc 100644 --- a/authentik/stages/identification/stage.py +++ b/authentik/stages/identification/stage.py @@ -12,7 +12,6 @@ from drf_spectacular.utils import PolymorphicProxySerializer, extend_schema_fiel from rest_framework.fields import BooleanField, CharField, DictField, ListField from rest_framework.serializers import ValidationError from sentry_sdk.hub import Hub -from structlog.stdlib import get_logger from authentik.core.api.utils import PassiveSerializer from authentik.core.models import Application, Source, User @@ -32,8 +31,6 @@ from authentik.stages.identification.models import IdentificationStage from authentik.stages.identification.signals import identification_failed from authentik.stages.password.stage import authenticate -LOGGER = get_logger() - @extend_schema_field( PolymorphicProxySerializer( @@ -98,7 +95,7 @@ class IdentificationChallengeResponse(ChallengeResponse): ): # Sleep a random time (between 90 and 210ms) to "prevent" user enumeration attacks sleep(0.030 * SystemRandom().randint(3, 7)) - LOGGER.debug("invalid_login", identifier=uid_field) + self.stage.logger.info("invalid_login", identifier=uid_field) identification_failed.send(sender=self, request=self.stage.request, uid_field=uid_field) # We set the pending_user even on failure so it's part of the context, even # when the input is invalid @@ -118,7 +115,7 @@ class IdentificationChallengeResponse(ChallengeResponse): password = attrs.get("password", None) if not password: - LOGGER.warning("Password not set for ident+auth attempt") + self.stage.logger.warning("Password not set for ident+auth attempt") try: with Hub.current.start_span( op="authentik.stages.identification.authenticate", diff --git a/authentik/stages/password/stage.py b/authentik/stages/password/stage.py index fc6845de6..d78ec2ba2 100644 --- a/authentik/stages/password/stage.py +++ b/authentik/stages/password/stage.py @@ -56,7 +56,7 @@ def authenticate( continue # Annotate the user object with the path of the backend. user.backend = backend_path - LOGGER.debug("Successful authentication", user=user.username, backend=backend_path) + LOGGER.info("Successful authentication", user=user.username, backend=backend_path) return user # The credentials supplied are invalid to all backends, fire signal