From d128c5f138b9ed556fd7c28c1335d5fed7a0da05 Mon Sep 17 00:00:00 2001 From: Helmut Merz Date: Wed, 16 Apr 2025 16:51:32 +0200 Subject: [PATCH] auth: use logger.debug instead of print --- demo/config.py | 8 ++++++++ demo/demo_server.py | 10 ++-------- scopes/server/app.py | 4 ---- scopes/server/auth.py | 28 ++++++++++++++++------------ 4 files changed, 26 insertions(+), 24 deletions(-) diff --git a/demo/config.py b/demo/config.py index 9c459e6..cad98b0 100644 --- a/demo/config.py +++ b/demo/config.py @@ -1,11 +1,19 @@ # py-scopes/demo/config.py from dotenv import load_dotenv +import logging from os import getenv from scopes.server.app import zope_app_factory load_dotenv() +log_file = 'log/scopes.log' +log_level = logging.DEBUG +log_format = '%(asctime)s %(levelname)s %(name)s %(message)s' +log_dateformat = '%Y-%m-%dT%H:%M:%S' +logging.basicConfig(filename=log_file, level=log_level, + format=log_format, datefmt=log_dateformat) + server_port = getenv('SERVER_PORT', '8099') base_url = getenv('BASE_URL', 'https://demo.cy7.de') diff --git a/demo/demo_server.py b/demo/demo_server.py index 08b6532..88f48ef 100644 --- a/demo/demo_server.py +++ b/demo/demo_server.py @@ -3,22 +3,16 @@ from scopes.server import auth from scopes.storage import topic +import logging import waitress from wsgiref.simple_server import make_server + def run(app, config): port = int(config.server_port) print(f'Serving on port {port}.') waitress.serve(app, port=port) -def run_wsgiref(app, config): # obsolete - with make_server('', port, app) as httpd: - print(f'Serving on port {port}.') - try: - httpd.serve_forever() - except KeyboardInterrupt: - print('Shutting down.') - if __name__ == '__main__': import config diff --git a/scopes/server/app.py b/scopes/server/app.py index 59bcc36..44f27f2 100644 --- a/scopes/server/app.py +++ b/scopes/server/app.py @@ -13,9 +13,6 @@ from scopes.server.browser import getView import scopes.storage.concept # register container classes from scopes.storage.folder import Root -logging.basicConfig(filename='log/scopes.log') -logger = logging.getLogger() - @implementer(IUserPreferredCharsets) class Request(BrowserRequest): @@ -28,7 +25,6 @@ def zope_app_factory(config): def zope_app(environ, start_response): storage = storageFactory(config.dbschema) appRoot = Root(storage) - #request = BrowserRequest(environ['wsgi.input'], environ) request = Request(environ['wsgi.input'], environ) request.setPublication(Publication(appRoot)) request = publish(request, True) diff --git a/scopes/server/auth.py b/scopes/server/auth.py index 3f55957..3bb7223 100644 --- a/scopes/server/auth.py +++ b/scopes/server/auth.py @@ -3,6 +3,7 @@ from cryptography.fernet import Fernet from email.utils import formatdate import json +import logging import requests from time import time from urllib.parse import urlencode @@ -17,6 +18,8 @@ from scopes import util import config +logger = logging.getLogger('server.auth') + @implementer(IAuthentication) class OidcAuthentication: @@ -97,7 +100,7 @@ class Authenticator(DummyFolder): def authenticate(self): ''' return principal or None''' data = self.loadSession() - print('*** authenticate', data) + logger.debug('authenticate: %s', data) if data and 'userid' in data: id = self.params.get('principal_prefix', '') + data.pop('userid') return Principal(id, data) @@ -105,7 +108,7 @@ class Authenticator(DummyFolder): def login(self): req = self.request - print('*** login', self, req.getTraversalStack(), req['PATH_INFO']) + logger.debug('login: %s %s %s', self, req.getTraversalStack(), req['PATH_INFO']) #print('***', dir(req)) state = util.rndstr() nonce = util.rndstr() @@ -127,10 +130,9 @@ class Authenticator(DummyFolder): def callback(self): req = self.request - print('*** callback', self, req.form) + logger.debug('callback: %s %s', self, req.form) sdata = self.loadSession() code = req.form['code'] - print('*** session data', sdata, code) # !check state: req.form['state'] == sdata['state'] args = dict( grant_type='authorization_code', @@ -142,13 +144,13 @@ class Authenticator(DummyFolder): # !set header: 'Content-Type: application/x-www-form-urlencoded' tokenResponse = requests.post(self.params['token_url'], data=args) tdata = tokenResponse.json() - print('*** token response', tdata) + #print('*** token response', tdata) headers = dict(Authorization='Bearer ' + tdata['access_token']) userInfo = requests.get(self.params['userinfo_url'], headers=headers) userData = userInfo.json() - print('*** user data', userData) + #print('*** user data', userData) groupInfo = userData.get('urn:zitadel:iam:org:project:roles', {}) - print('*** group info', groupInfo) + #print('*** group info', groupInfo) groupInfo = userData.get('urn:zitadel:iam:org:project:roles') ndata = dict( userid=userData['preferred_username'], @@ -164,17 +166,19 @@ class Authenticator(DummyFolder): pass def storeSession(self, data): - options = dict(path='/') lifetime = int(self.params['cookie_lifetime']) - options['expires'] = formatdate(time() + lifetime, localtime=False, usegmt=True) + options = dict( + path='/', + expires=formatdate(time() + lifetime, localtime=False, usegmt=True), + httponly=True, + ) options['max-age'] = lifetime domain = self.params['cookie_domain'] if domain: options['domain'] = domain - #options['httponly'] = True name = self.params['cookie_name'] value = json.dumps(data) - print('*** storeSession', name, value, options) + #print('*** storeSession', name, value, options) if self.cookieCrypt: value = self.cookieCrypt.encrypt(value.encode('UTF-8')).decode('ASCII') self.request.response.setCookie(name, value, **options) @@ -186,7 +190,7 @@ class Authenticator(DummyFolder): #raise ValueError('Missing authentication cookie') if self.cookieCrypt: cookie = self.cookieCrypt.decrypt(cookie) - print('*** loadSession', self.params['cookie_name'], cookie) + #print('*** loadSession', self.params['cookie_name'], cookie) # !error check: return None - or raise error? data = json.loads(cookie) return data