heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added logging to meddleware.csrf

Browse Source
This commit is contained in:
Joar Wandborg 2012-05-13 00:44:09 +02:00
parent 61d0af2130
commit f10c3bb8e5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mediagoblin/meddleware/csrf.py
View File

@ -16,6 +16,7 @@
import hashlib import hashlib
import random import random
import logging
from webob.exc import HTTPForbidden from webob.exc import HTTPForbidden
from wtforms import Form, HiddenField, validators from wtforms import Form, HiddenField, validators
@ -23,6 +24,8 @@ from wtforms import Form, HiddenField, validators
from mediagoblin import mg_globals from mediagoblin import mg_globals
from mediagoblin.meddleware import BaseMeddleware from mediagoblin.meddleware import BaseMeddleware
_log = logging.getLogger(__name__)
# Use the system (hardware-based) random number generator if it exists. # Use the system (hardware-based) random number generator if it exists.
# -- this optimization is lifted from Django # -- this optimization is lifted from Django
if hasattr(random, 'SystemRandom'): if hasattr(random, 'SystemRandom'):
@ -126,6 +129,7 @@ class CsrfMeddleware(BaseMeddleware):
if cookie_token is None: if cookie_token is None:
# the CSRF cookie must be present in the request # the CSRF cookie must be present in the request
_log.error('CSRF cookie not present')
return HTTPForbidden() return HTTPForbidden()
# get the form token and confirm it matches # get the form token and confirm it matches
@ -139,4 +143,5 @@ class CsrfMeddleware(BaseMeddleware):
# either the tokens didn't match or the form token wasn't # either the tokens didn't match or the form token wasn't
# present; either way, the request is denied # present; either way, the request is denied
_log.error('CSRF validation failed')
return HTTPForbidden() return HTTPForbidden()