projects / mediagoblin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 61d0af2)
Added logging to meddleware.csrf
authorJoar Wandborg <git@wandborg.com>
Sat, 12 May 2012 22:44:09 +0000 (00:44 +0200)
committerJoar Wandborg <git@wandborg.com>
Sat, 12 May 2012 22:45:58 +0000 (00:45 +0200)
mediagoblin/meddleware/csrf.py patch | blob | blame | history

diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index ea8372bf5d396049ff19dd876f1d3ef9dbf576bd..8e8ec7c457f54bad38770b12fc40020c07cd7aa3 100644 (file)
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -16,6 +16,7 @@
 
 import hashlib
 import random
+import logging
 
 from webob.exc import HTTPForbidden
 from wtforms import Form, HiddenField, validators
@@ -23,6 +24,8 @@ from wtforms import Form, HiddenField, validators
 from mediagoblin import mg_globals
 from mediagoblin.meddleware import BaseMeddleware
 
+_log = logging.getLogger(__name__)
+
 # Use the system (hardware-based) random number generator if it exists.
 # -- this optimization is lifted from Django
 if hasattr(random, 'SystemRandom'):
@@ -126,6 +129,7 @@ class CsrfMeddleware(BaseMeddleware):
 
         if cookie_token is None:
             # the CSRF cookie must be present in the request
+            _log.error('CSRF cookie not present')
             return HTTPForbidden()
 
         # get the form token and confirm it matches
@@ -139,4 +143,5 @@ class CsrfMeddleware(BaseMeddleware):
 
         # either the tokens didn't match or the form token wasn't
         # present; either way, the request is denied
+        _log.error('CSRF validation failed')
         return HTTPForbidden()
Unnamed repository; edit this file 'description' to name the repository.