From a104db2f2d7225ae78882661984d1dafd35b04f6 Mon Sep 17 00:00:00 2001 From: Xavier Date: Thu, 4 Jul 2019 07:24:50 +0200 Subject: [PATCH] Clean logs --- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 2 +- .../lib/Lemonldap/NG/Manager/Notifications.pm | 2 +- .../lib/Lemonldap/NG/Manager/Viewer.pm | 4 +-- .../Lemonldap/NG/Portal/2F/Engines/Default.pm | 2 +- .../Lemonldap/NG/Portal/2F/Register/TOTP.pm | 2 +- .../Lemonldap/NG/Portal/2F/Register/U2F.pm | 2 +- .../NG/Portal/2F/Register/Yubikey.pm | 4 +-- .../lib/Lemonldap/NG/Portal/2F/U2F.pm | 2 +- .../lib/Lemonldap/NG/Portal/Lib/Choice.pm | 2 +- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 27 +++++++---------- .../NG/Portal/Plugins/ContextSwitching.pm | 30 +++++++------------ 11 files changed, 31 insertions(+), 48 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index fd750f845..65178e3cb 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -634,7 +634,7 @@ sub tests { checkMailResetSecurity => sub { return 1 unless ( $conf->{portalDisplayResetPassword} ); return ( -1, -'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!' +'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required' ) unless ( $conf->{requireToken} or $conf->{captcha_mail_enabled} ); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm index 2b030ce84..97c3834eb 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm @@ -283,7 +283,7 @@ sub newNotification { # Check if posted date > today unless ( $json->{date} ge $dDate ) { - $self->logger->debug("Posted Date < today !!! "); + $self->logger->debug("Posted Date < today"); $json->{date} = $dDate; } $self->logger->debug("Notification Date = $json->{date}"); diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm index 8d1af6ffe..9d68af2cf 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm @@ -80,7 +80,7 @@ sub viewDiff { # Check Diff activation rule unless ( $self->diffRule->( $req, $req->{userData} ) ) { my $user = $req->{userData}->{_whatToTrace} || 'anonymous'; - $self->userLogger->warn("$user tried to compare configurations!!!"); + $self->userLogger->warn("$user is not authorized to compare configurations"); return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } ); } @@ -144,7 +144,7 @@ sub viewKey { $self->logger->debug( " $req->{env}->{REQUEST_URI} -> URI FORBIDDEN"); my $user = $req->{userData}->{_whatToTrace} || 'anonymous'; - $self->userLogger->warn("$user tried to browse configurations!!!"); + $self->userLogger->warn("$user is not authorized to browse configurations"); $self->rejectKey( $req, @args ); } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm index c1cf8c13b..4520422f4 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm @@ -195,7 +195,7 @@ sub run { "Found $removed EXPIRED 2F device(s) => Update persistent session" ); $self->userLogger->notice( - " -> $removed EXPIRED 2F device(s) removed"); + " -> $removed expired 2F device(s) removed"); @$_2fDevices = map { $_->{type} =~ /\bEXPIRED\b/ ? () : $_ } @$_2fDevices; $self->p->updatePersistentSession( $req, diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm index 891648a5d..6a2c94383 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm @@ -156,7 +156,7 @@ sub run { my $maxSize = $self->conf->{max2FDevices}; $self->logger->debug("Nbr 2FDevices = $size / $maxSize"); if ( $size >= $maxSize ) { - $self->userLogger->error("Max number of 2F devices is reached !!!"); + $self->userLogger->warn("Max number of 2F devices is reached"); return $self->p->sendError( $req, 'maxNumberof2FDevicesReached', 400 ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm index 95ab56a6f..e8e6111ce 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm @@ -61,7 +61,7 @@ sub run { my $maxSize = $self->conf->{max2FDevices}; $self->logger->debug("Registered 2F Device(s) : $size / $maxSize"); if ( $size >= $maxSize ) { - $self->userLogger->error("Max number of 2F devices is reached !!!"); + $self->userLogger->warn("Max number of 2F devices is reached"); return $self->p->sendError( $req, 'maxNumberof2FDevicesReached', 400 ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm index 8f1a02bd3..ae70812d0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm @@ -103,8 +103,8 @@ sub run { my $maxSize = $self->conf->{max2FDevices}; $self->logger->debug("Nbr 2FDevices = $size / $maxSize"); if ( $size >= $maxSize ) { - $self->userLogger->error( - "Max number of 2F devices is reached !!!"); + $self->userLogger->warn( + "Max number of 2F devices is reached"); return $self->p->sendHtml( $req, 'error', params => { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm index 5c4f9d2d0..5f66f4a38 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm @@ -125,7 +125,7 @@ sub verify { unless ( $session->{__ch} and $session->{__ch} eq $challenge ) { $self->userLogger->error( -"U2F challenge changes by user !!! $session->{__ch} / $challenge" +"U2F challenge changed by user: $session->{__ch} / $challenge" ); $req->error(PE_BADCREDENTIALS); return $self->fail($req); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm index 04c37bfba..a0fd15288 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm @@ -188,7 +188,7 @@ sub _buildAuthLoop { split( /[;\|]/, $self->conf->{authChoiceModules}->{$_} ); unless ( $_choiceRules->{$_} ) { - $self->logger->error("$_ has no rule !!!"); + $self->logger->error("$_ has no rule"); $_choiceRules->{$_} = sub { 1 }; } unless ( $_choiceRules->{$_}->( $req->env ) ) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm index 1dad5b8d6..fc51d8152 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm @@ -127,19 +127,17 @@ sub check { ); } - if ( $user eq $req->{user} or !$user ) { - $self->logger->debug("checkUser requested for myself"); - $self->userLogger->notice("Return userData..."); - $self->userLogger->warn("Using spoofed SSO groups if exist!!!") + if ( !$user or $user eq $req->{user} ) { + $self->userLogger->info("checkUser requested for himself"); + $self->userLogger->info("Using spoofed SSO groups if exist") if ( $self->conf->{impersonationRule} ); $attrs = $req->userData; $user = $req->{user}; } else { - $self->logger->debug("checkUser requested for $user"); + $self->userLogger->info("checkUser requested for $user"); # Try to retrieve session from sessions DB - $self->userLogger->notice('Try to retrieve session from DB...'); $self->logger->debug('Try to retrieve session from DB...'); my $moduleOptions = $self->conf->{globalStorageOptions} || {}; $moduleOptions->{backend} = $self->conf->{globalStorage}; @@ -157,9 +155,7 @@ sub check { } unless ( defined $attrs->{_session_id} ) { $req->{user} = $user; - $self->userLogger->notice( - "NO session found in DB. Compute userData..."); - $self->logger->debug("NO session found in DB. Compute userData..."); + $self->userLogger->info("No session found in DB. Compute userData..."); $attrs = $self->_userData($req); $compute = 1; } @@ -213,18 +209,16 @@ sub check { $auth = $self->_authorization( $req, $url, $attrs ); if ( $auth >= 0 ) { $auth = $auth ? "allowed" : "forbidden"; - $self->userLogger->notice( - "checkUser -> $attrs->{ $self->{conf}->{whatToTrace} } is " - . uc($auth) - . " to access: $url" ); + $self->logger->debug( + "checkUser: $attrs->{ $self->{conf}->{whatToTrace} } is " + . "$auth to access to $url" ); # Return VirtualHost headers $array_hdrs = $self->_headers( $req, $url, $attrs ); } else { $auth = 'VHnotFound'; - $self->userLogger->notice( - "checkUser -> URL: $url has no configuration"); + $self->userLogger->info("checkUser: $url has no configuration"); } } @@ -267,8 +261,7 @@ sub display { my ( $attrs, $array_attrs ) = ( {}, [] ); $self->logger->debug("Display current session data..."); - $self->userLogger->notice("Retrieve session from Sessions database"); - $self->userLogger->warn("Using spoofed SSO groups if exist!!!") + $self->userLogger->info("Using spoofed SSO groups if exist") if ( $self->conf->{impersonationRule} ); $attrs = $req->userData; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm index 30a51b01b..b83a260ce 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm @@ -73,7 +73,7 @@ sub display { $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"}; my $realSession; unless ( $realSession = $self->p->getApacheSession($realSessionId) ) { - $self->userLogger->warn( + $self->userLogger->info( "ContextSwitching -> session $realSession expired"); return $self->p->do( $req, [ sub { PE_SESSIONEXPIRED } ] ); } @@ -90,13 +90,8 @@ sub display { if ( $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} ) { $self->logger->debug('Request to stop ContextSwitching'); if ( $self->conf->{contextSwitchingStopWithLogout} ) { - $self->logger->debug( - "** STOP ContextSwitching ** for $req->{user}"); - $self->logger->debug('Send logout request'); - $self->userLogger->notice( - "** STOP ContextSwitching ** for $req->{user}"); - $self->logger->debug("Remove real session $realSession"); - $self->userLogger->notice("Remove real session $realSession"); + $self->userLogger->notice("Stop ContextSwitching for $req->{user}"); + $self->userLogger->info("Remove real session $realSession"); $realSession->remove; return $self->p->do( $req, [ @{ $self->p->beforeLogout }, 'authLogout', 'deleteSession' ] @@ -175,11 +170,9 @@ sub run { # Main session $self->p->updateSession( $req, $req->sessionInfo ); $self->logger->debug( - "ContextSwitching -> Update $realId session with $spoofId session data" - ); + "ContextSwitching: Update $realId session with $spoofId session data"); $self->userLogger->notice( - "ContextSwitching -> Update $realId session with $spoofId session data" - ); + "ContextSwitching: Update $realId session with $spoofId session data"); return $self->p->do( $req, [ sub { $statut } ] ); } @@ -226,7 +219,7 @@ sub _switchContext { $req->sessionInfo->{"$self->{conf}->{impersonationPrefix}_session_id"} = $realSessionId; $self->userLogger->notice( - "** START ContextSwitching ** for $realId with uid: $spoofId ") + "Start ContextSwitching: $realId becomes $spoofId ") unless $raz; return $raz @@ -241,27 +234,24 @@ sub _abortImpersonation { $req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"}; my $session; unless ( $session = $self->p->getApacheSession($realSessionId) ) { - $self->userLogger->warn("Session $session expired"); + $self->userLogger->info("Session $session expired"); return $req->error(PE_SESSIONEXPIRED); } if ($abort) { - $self->logger->debug("ABORT ContextSwitching $spoofId for $realId"); $self->userLogger->notice( - "ABORT ContextSwitching $spoofId for $realId"); + "Abort ContextSwitching: $spoofId by $realId"); if ( my $abortSession = $self->p->getApacheSession( $req->id ) ) { $abortSession->remove; } else { - $self->userLogger->warn( + $self->userLogger->info( "ContextSwitching: session " . $req->id . " expired" ); } } else { - $self->logger->debug( - "** STOP ContextSwitching ** for $realId with uid: $spoofId"); $self->userLogger->notice( - "** STOP ContextSwitching ** for $realId with uid: $spoofId"); + "Stop ContextSwitching for $realId with uid $spoofId"); $self->p->deleteSession($req); }