auth: use logger.debug instead of print

demo/config.py

@@ -1,11 +1,19 @@
 # py-scopes/demo/config.py
 
 from dotenv import load_dotenv
+import logging
 from os import getenv
 from scopes.server.app import zope_app_factory
 
 load_dotenv()
 
+log_file = 'log/scopes.log'
+log_level = logging.DEBUG
+log_format = '%(asctime)s %(levelname)s %(name)s %(message)s'
+log_dateformat = '%Y-%m-%dT%H:%M:%S'
+logging.basicConfig(filename=log_file, level=log_level, 
+                    format=log_format, datefmt=log_dateformat)
+
 server_port = getenv('SERVER_PORT', '8099')
 base_url = getenv('BASE_URL', 'https://demo.cy7.de')
 

demo/demo_server.py

@@ -3,22 +3,16 @@
 from scopes.server import auth
 from scopes.storage import topic
 
+import logging
 import waitress
 from wsgiref.simple_server import make_server
 
+
 def run(app, config):
     port = int(config.server_port)
     print(f'Serving on port {port}.')
     waitress.serve(app, port=port)
 
-def run_wsgiref(app, config):   # obsolete
-    with make_server('', port, app) as httpd:
-        print(f'Serving on port {port}.')
-        try:
-            httpd.serve_forever()
-        except KeyboardInterrupt:
-            print('Shutting down.')
-
 
 if __name__ == '__main__':
     import config

scopes/server/app.py

@@ -13,9 +13,6 @@ from scopes.server.browser import getView
 import scopes.storage.concept # register container classes
 from scopes.storage.folder import Root
 
-logging.basicConfig(filename='log/scopes.log')
-logger = logging.getLogger()
-
 
 @implementer(IUserPreferredCharsets)
 class Request(BrowserRequest):
@@ -28,7 +25,6 @@ def zope_app_factory(config):
     def zope_app(environ, start_response):
         storage = storageFactory(config.dbschema)
         appRoot = Root(storage)
-        #request = BrowserRequest(environ['wsgi.input'], environ)
         request = Request(environ['wsgi.input'], environ)
         request.setPublication(Publication(appRoot))
         request = publish(request, True)

scopes/server/auth.py

@@ -3,6 +3,7 @@
 from cryptography.fernet import Fernet
 from email.utils import formatdate
 import json
+import logging
 import requests
 from time import time
 from urllib.parse import urlencode
@@ -17,6 +18,8 @@ from scopes import util
 
 import config
 
+logger = logging.getLogger('server.auth')
+
 
 @implementer(IAuthentication)
 class OidcAuthentication:
@@ -97,7 +100,7 @@ class Authenticator(DummyFolder):
     def authenticate(self):
         ''' return  principal or None'''
         data = self.loadSession()
-        print('*** authenticate', data)
+        logger.debug('authenticate: %s', data)
         if data and 'userid' in data:
             id = self.params.get('principal_prefix', '') + data.pop('userid')
             return Principal(id, data)
@@ -105,7 +108,7 @@ class Authenticator(DummyFolder):
 
     def login(self):
         req = self.request
-        print('*** login', self, req.getTraversalStack(), req['PATH_INFO'])
+        logger.debug('login: %s %s %s', self, req.getTraversalStack(), req['PATH_INFO'])
         #print('***', dir(req))
         state = util.rndstr()
         nonce = util.rndstr()
@@ -127,10 +130,9 @@ class Authenticator(DummyFolder):
 
     def callback(self):
         req = self.request
-        print('*** callback', self, req.form)
+        logger.debug('callback: %s %s', self, req.form)
         sdata = self.loadSession()
         code = req.form['code']
-        print('*** session data', sdata, code)
         # !check state: req.form['state'] == sdata['state']
         args = dict(
                 grant_type='authorization_code',
@@ -142,13 +144,13 @@ class Authenticator(DummyFolder):
         # !set header: 'Content-Type: application/x-www-form-urlencoded'
         tokenResponse = requests.post(self.params['token_url'], data=args)
         tdata =  tokenResponse.json()
-        print('*** token response', tdata)
+        #print('*** token response', tdata)
         headers = dict(Authorization='Bearer ' + tdata['access_token'])
         userInfo = requests.get(self.params['userinfo_url'], headers=headers)
         userData = userInfo.json()
-        print('*** user data', userData)
+        #print('*** user data', userData)
         groupInfo = userData.get('urn:zitadel:iam:org:project:roles', {})
-        print('*** group info', groupInfo)
+        #print('*** group info', groupInfo)
         groupInfo = userData.get('urn:zitadel:iam:org:project:roles')
         ndata = dict(
                 userid=userData['preferred_username'],
@@ -164,17 +166,19 @@ class Authenticator(DummyFolder):
         pass
 
     def storeSession(self, data):
-        options = dict(path='/')
         lifetime = int(self.params['cookie_lifetime'])
-        options['expires'] = formatdate(time() + lifetime, localtime=False, usegmt=True)
+        options = dict(
+                path='/',
+                expires=formatdate(time() + lifetime, localtime=False, usegmt=True),
+                httponly=True,
+        )
         options['max-age'] = lifetime
         domain = self.params['cookie_domain']
         if domain:
             options['domain'] = domain
-        #options['httponly'] = True
         name = self.params['cookie_name']
         value = json.dumps(data)
-        print('*** storeSession', name, value, options)
+        #print('*** storeSession', name, value, options)
         if self.cookieCrypt:
             value = self.cookieCrypt.encrypt(value.encode('UTF-8')).decode('ASCII')
         self.request.response.setCookie(name, value, **options)
@@ -186,7 +190,7 @@ class Authenticator(DummyFolder):
             #raise ValueError('Missing authentication cookie')
         if self.cookieCrypt:
             cookie = self.cookieCrypt.decrypt(cookie)
-        print('*** loadSession', self.params['cookie_name'], cookie)
+        #print('*** loadSession', self.params['cookie_name'], cookie)
         # !error check: return None - or raise error?
         data = json.loads(cookie)
         return data