Clean logs
This commit is contained in:
Xavier
parent
d4fedbdfcf
commit
a104db2f2d
|
|
@ -634,7 +634,7 @@ sub tests {
|
||||||
checkMailResetSecurity => sub {
|
checkMailResetSecurity => sub {
|
||||||
return 1 unless ( $conf->{portalDisplayResetPassword} );
|
return 1 unless ( $conf->{portalDisplayResetPassword} );
|
||||||
return ( -1,
|
return ( -1,
|
||||||
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required !!!'
|
'"passwordMailReset" plugin is enabled without CSRF Token neither Captcha required'
|
||||||
)
|
)
|
||||||
unless ( $conf->{requireToken}
|
unless ( $conf->{requireToken}
|
||||||
or $conf->{captcha_mail_enabled} );
|
or $conf->{captcha_mail_enabled} );
|
||||||
|
|
|
||||||
|
|
@ -283,7 +283,7 @@ sub newNotification {
|
||||||
|
|
||||||
# Check if posted date > today
|
# Check if posted date > today
|
||||||
unless ( $json->{date} ge $dDate ) {
|
unless ( $json->{date} ge $dDate ) {
|
||||||
$self->logger->debug("Posted Date < today !!! ");
|
$self->logger->debug("Posted Date < today");
|
||||||
$json->{date} = $dDate;
|
$json->{date} = $dDate;
|
||||||
}
|
}
|
||||||
$self->logger->debug("Notification Date = $json->{date}");
|
$self->logger->debug("Notification Date = $json->{date}");
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ sub viewDiff {
|
||||||
# Check Diff activation rule
|
# Check Diff activation rule
|
||||||
unless ( $self->diffRule->( $req, $req->{userData} ) ) {
|
unless ( $self->diffRule->( $req, $req->{userData} ) ) {
|
||||||
my $user = $req->{userData}->{_whatToTrace} || 'anonymous';
|
my $user = $req->{userData}->{_whatToTrace} || 'anonymous';
|
||||||
$self->userLogger->warn("$user tried to compare configurations!!!");
|
$self->userLogger->warn("$user is not authorized to compare configurations");
|
||||||
return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } );
|
return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -144,7 +144,7 @@ sub viewKey {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
" $req->{env}->{REQUEST_URI} -> URI FORBIDDEN");
|
" $req->{env}->{REQUEST_URI} -> URI FORBIDDEN");
|
||||||
my $user = $req->{userData}->{_whatToTrace} || 'anonymous';
|
my $user = $req->{userData}->{_whatToTrace} || 'anonymous';
|
||||||
$self->userLogger->warn("$user tried to browse configurations!!!");
|
$self->userLogger->warn("$user is not authorized to browse configurations");
|
||||||
$self->rejectKey( $req, @args );
|
$self->rejectKey( $req, @args );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -195,7 +195,7 @@ sub run {
|
||||||
"Found $removed EXPIRED 2F device(s) => Update persistent session"
|
"Found $removed EXPIRED 2F device(s) => Update persistent session"
|
||||||
);
|
);
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
" -> $removed EXPIRED 2F device(s) removed");
|
" -> $removed expired 2F device(s) removed");
|
||||||
@$_2fDevices =
|
@$_2fDevices =
|
||||||
map { $_->{type} =~ /\bEXPIRED\b/ ? () : $_ } @$_2fDevices;
|
map { $_->{type} =~ /\bEXPIRED\b/ ? () : $_ } @$_2fDevices;
|
||||||
$self->p->updatePersistentSession( $req,
|
$self->p->updatePersistentSession( $req,
|
||||||
|
|
|
||||||
|
|
@ -156,7 +156,7 @@ sub run {
|
||||||
my $maxSize = $self->conf->{max2FDevices};
|
my $maxSize = $self->conf->{max2FDevices};
|
||||||
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
|
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
|
||||||
if ( $size >= $maxSize ) {
|
if ( $size >= $maxSize ) {
|
||||||
$self->userLogger->error("Max number of 2F devices is reached !!!");
|
$self->userLogger->warn("Max number of 2F devices is reached");
|
||||||
return $self->p->sendError( $req, 'maxNumberof2FDevicesReached',
|
return $self->p->sendError( $req, 'maxNumberof2FDevicesReached',
|
||||||
400 );
|
400 );
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,7 @@ sub run {
|
||||||
my $maxSize = $self->conf->{max2FDevices};
|
my $maxSize = $self->conf->{max2FDevices};
|
||||||
$self->logger->debug("Registered 2F Device(s) : $size / $maxSize");
|
$self->logger->debug("Registered 2F Device(s) : $size / $maxSize");
|
||||||
if ( $size >= $maxSize ) {
|
if ( $size >= $maxSize ) {
|
||||||
$self->userLogger->error("Max number of 2F devices is reached !!!");
|
$self->userLogger->warn("Max number of 2F devices is reached");
|
||||||
return $self->p->sendError( $req, 'maxNumberof2FDevicesReached',
|
return $self->p->sendError( $req, 'maxNumberof2FDevicesReached',
|
||||||
400 );
|
400 );
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -103,8 +103,8 @@ sub run {
|
||||||
my $maxSize = $self->conf->{max2FDevices};
|
my $maxSize = $self->conf->{max2FDevices};
|
||||||
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
|
$self->logger->debug("Nbr 2FDevices = $size / $maxSize");
|
||||||
if ( $size >= $maxSize ) {
|
if ( $size >= $maxSize ) {
|
||||||
$self->userLogger->error(
|
$self->userLogger->warn(
|
||||||
"Max number of 2F devices is reached !!!");
|
"Max number of 2F devices is reached");
|
||||||
return $self->p->sendHtml(
|
return $self->p->sendHtml(
|
||||||
$req, 'error',
|
$req, 'error',
|
||||||
params => {
|
params => {
|
||||||
|
|
|
||||||
|
|
@ -125,7 +125,7 @@ sub verify {
|
||||||
|
|
||||||
unless ( $session->{__ch} and $session->{__ch} eq $challenge ) {
|
unless ( $session->{__ch} and $session->{__ch} eq $challenge ) {
|
||||||
$self->userLogger->error(
|
$self->userLogger->error(
|
||||||
"U2F challenge changes by user !!! $session->{__ch} / $challenge"
|
"U2F challenge changed by user: $session->{__ch} / $challenge"
|
||||||
);
|
);
|
||||||
$req->error(PE_BADCREDENTIALS);
|
$req->error(PE_BADCREDENTIALS);
|
||||||
return $self->fail($req);
|
return $self->fail($req);
|
||||||
|
|
|
||||||
|
|
@ -188,7 +188,7 @@ sub _buildAuthLoop {
|
||||||
split( /[;\|]/, $self->conf->{authChoiceModules}->{$_} );
|
split( /[;\|]/, $self->conf->{authChoiceModules}->{$_} );
|
||||||
|
|
||||||
unless ( $_choiceRules->{$_} ) {
|
unless ( $_choiceRules->{$_} ) {
|
||||||
$self->logger->error("$_ has no rule !!!");
|
$self->logger->error("$_ has no rule");
|
||||||
$_choiceRules->{$_} = sub { 1 };
|
$_choiceRules->{$_} = sub { 1 };
|
||||||
}
|
}
|
||||||
unless ( $_choiceRules->{$_}->( $req->env ) ) {
|
unless ( $_choiceRules->{$_}->( $req->env ) ) {
|
||||||
|
|
|
||||||
|
|
@ -127,19 +127,17 @@ sub check {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $user eq $req->{user} or !$user ) {
|
if ( !$user or $user eq $req->{user} ) {
|
||||||
$self->logger->debug("checkUser requested for myself");
|
$self->userLogger->info("checkUser requested for himself");
|
||||||
$self->userLogger->notice("Return userData...");
|
$self->userLogger->info("Using spoofed SSO groups if exist")
|
||||||
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
|
||||||
if ( $self->conf->{impersonationRule} );
|
if ( $self->conf->{impersonationRule} );
|
||||||
$attrs = $req->userData;
|
$attrs = $req->userData;
|
||||||
$user = $req->{user};
|
$user = $req->{user};
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug("checkUser requested for $user");
|
$self->userLogger->info("checkUser requested for $user");
|
||||||
|
|
||||||
# Try to retrieve session from sessions DB
|
# Try to retrieve session from sessions DB
|
||||||
$self->userLogger->notice('Try to retrieve session from DB...');
|
|
||||||
$self->logger->debug('Try to retrieve session from DB...');
|
$self->logger->debug('Try to retrieve session from DB...');
|
||||||
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
|
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
|
||||||
$moduleOptions->{backend} = $self->conf->{globalStorage};
|
$moduleOptions->{backend} = $self->conf->{globalStorage};
|
||||||
|
|
@ -157,9 +155,7 @@ sub check {
|
||||||
}
|
}
|
||||||
unless ( defined $attrs->{_session_id} ) {
|
unless ( defined $attrs->{_session_id} ) {
|
||||||
$req->{user} = $user;
|
$req->{user} = $user;
|
||||||
$self->userLogger->notice(
|
$self->userLogger->info("No session found in DB. Compute userData...");
|
||||||
"NO session found in DB. Compute userData...");
|
|
||||||
$self->logger->debug("NO session found in DB. Compute userData...");
|
|
||||||
$attrs = $self->_userData($req);
|
$attrs = $self->_userData($req);
|
||||||
$compute = 1;
|
$compute = 1;
|
||||||
}
|
}
|
||||||
|
|
@ -213,18 +209,16 @@ sub check {
|
||||||
$auth = $self->_authorization( $req, $url, $attrs );
|
$auth = $self->_authorization( $req, $url, $attrs );
|
||||||
if ( $auth >= 0 ) {
|
if ( $auth >= 0 ) {
|
||||||
$auth = $auth ? "allowed" : "forbidden";
|
$auth = $auth ? "allowed" : "forbidden";
|
||||||
$self->userLogger->notice(
|
$self->logger->debug(
|
||||||
"checkUser -> $attrs->{ $self->{conf}->{whatToTrace} } is "
|
"checkUser: $attrs->{ $self->{conf}->{whatToTrace} } is "
|
||||||
. uc($auth)
|
. "$auth to access to $url" );
|
||||||
. " to access: $url" );
|
|
||||||
|
|
||||||
# Return VirtualHost headers
|
# Return VirtualHost headers
|
||||||
$array_hdrs = $self->_headers( $req, $url, $attrs );
|
$array_hdrs = $self->_headers( $req, $url, $attrs );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$auth = 'VHnotFound';
|
$auth = 'VHnotFound';
|
||||||
$self->userLogger->notice(
|
$self->userLogger->info("checkUser: $url has no configuration");
|
||||||
"checkUser -> URL: $url has no configuration");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -267,8 +261,7 @@ sub display {
|
||||||
my ( $attrs, $array_attrs ) = ( {}, [] );
|
my ( $attrs, $array_attrs ) = ( {}, [] );
|
||||||
|
|
||||||
$self->logger->debug("Display current session data...");
|
$self->logger->debug("Display current session data...");
|
||||||
$self->userLogger->notice("Retrieve session from Sessions database");
|
$self->userLogger->info("Using spoofed SSO groups if exist")
|
||||||
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
|
||||||
if ( $self->conf->{impersonationRule} );
|
if ( $self->conf->{impersonationRule} );
|
||||||
$attrs = $req->userData;
|
$attrs = $req->userData;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ sub display {
|
||||||
$req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
$req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
||||||
my $realSession;
|
my $realSession;
|
||||||
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
|
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->info(
|
||||||
"ContextSwitching -> session $realSession expired");
|
"ContextSwitching -> session $realSession expired");
|
||||||
return $self->p->do( $req, [ sub { PE_SESSIONEXPIRED } ] );
|
return $self->p->do( $req, [ sub { PE_SESSIONEXPIRED } ] );
|
||||||
}
|
}
|
||||||
|
|
@ -90,13 +90,8 @@ sub display {
|
||||||
if ( $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} ) {
|
if ( $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} ) {
|
||||||
$self->logger->debug('Request to stop ContextSwitching');
|
$self->logger->debug('Request to stop ContextSwitching');
|
||||||
if ( $self->conf->{contextSwitchingStopWithLogout} ) {
|
if ( $self->conf->{contextSwitchingStopWithLogout} ) {
|
||||||
$self->logger->debug(
|
$self->userLogger->notice("Stop ContextSwitching for $req->{user}");
|
||||||
"** STOP ContextSwitching ** for $req->{user}");
|
$self->userLogger->info("Remove real session $realSession");
|
||||||
$self->logger->debug('Send logout request');
|
|
||||||
$self->userLogger->notice(
|
|
||||||
"** STOP ContextSwitching ** for $req->{user}");
|
|
||||||
$self->logger->debug("Remove real session $realSession");
|
|
||||||
$self->userLogger->notice("Remove real session $realSession");
|
|
||||||
$realSession->remove;
|
$realSession->remove;
|
||||||
return $self->p->do( $req,
|
return $self->p->do( $req,
|
||||||
[ @{ $self->p->beforeLogout }, 'authLogout', 'deleteSession' ]
|
[ @{ $self->p->beforeLogout }, 'authLogout', 'deleteSession' ]
|
||||||
|
|
@ -175,11 +170,9 @@ sub run {
|
||||||
# Main session
|
# Main session
|
||||||
$self->p->updateSession( $req, $req->sessionInfo );
|
$self->p->updateSession( $req, $req->sessionInfo );
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"ContextSwitching -> Update $realId session with $spoofId session data"
|
"ContextSwitching: Update $realId session with $spoofId session data");
|
||||||
);
|
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"ContextSwitching -> Update $realId session with $spoofId session data"
|
"ContextSwitching: Update $realId session with $spoofId session data");
|
||||||
);
|
|
||||||
|
|
||||||
return $self->p->do( $req, [ sub { $statut } ] );
|
return $self->p->do( $req, [ sub { $statut } ] );
|
||||||
}
|
}
|
||||||
|
|
@ -226,7 +219,7 @@ sub _switchContext {
|
||||||
$req->sessionInfo->{"$self->{conf}->{impersonationPrefix}_session_id"} =
|
$req->sessionInfo->{"$self->{conf}->{impersonationPrefix}_session_id"} =
|
||||||
$realSessionId;
|
$realSessionId;
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"** START ContextSwitching ** for $realId with uid: $spoofId ")
|
"Start ContextSwitching: $realId becomes $spoofId ")
|
||||||
unless $raz;
|
unless $raz;
|
||||||
|
|
||||||
return $raz
|
return $raz
|
||||||
|
|
@ -241,27 +234,24 @@ sub _abortImpersonation {
|
||||||
$req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
$req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
||||||
my $session;
|
my $session;
|
||||||
unless ( $session = $self->p->getApacheSession($realSessionId) ) {
|
unless ( $session = $self->p->getApacheSession($realSessionId) ) {
|
||||||
$self->userLogger->warn("Session $session expired");
|
$self->userLogger->info("Session $session expired");
|
||||||
return $req->error(PE_SESSIONEXPIRED);
|
return $req->error(PE_SESSIONEXPIRED);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($abort) {
|
if ($abort) {
|
||||||
$self->logger->debug("ABORT ContextSwitching $spoofId for $realId");
|
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"ABORT ContextSwitching $spoofId for $realId");
|
"Abort ContextSwitching: $spoofId by $realId");
|
||||||
if ( my $abortSession = $self->p->getApacheSession( $req->id ) ) {
|
if ( my $abortSession = $self->p->getApacheSession( $req->id ) ) {
|
||||||
$abortSession->remove;
|
$abortSession->remove;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->info(
|
||||||
"ContextSwitching: session " . $req->id . " expired" );
|
"ContextSwitching: session " . $req->id . " expired" );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug(
|
|
||||||
"** STOP ContextSwitching ** for $realId with uid: $spoofId");
|
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"** STOP ContextSwitching ** for $realId with uid: $spoofId");
|
"Stop ContextSwitching for $realId with uid $spoofId");
|
||||||
$self->p->deleteSession($req);
|
$self->p->deleteSession($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user