From f10c3bb8e5fc44b6d580261a05f1e4b4639e0949 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sun, 13 May 2012 00:44:09 +0200 Subject: [PATCH] Added logging to meddleware.csrf --- mediagoblin/meddleware/csrf.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py index ea8372bf..8e8ec7c4 100644 --- a/mediagoblin/meddleware/csrf.py +++ b/mediagoblin/meddleware/csrf.py @@ -16,6 +16,7 @@ import hashlib import random +import logging from webob.exc import HTTPForbidden from wtforms import Form, HiddenField, validators @@ -23,6 +24,8 @@ from wtforms import Form, HiddenField, validators from mediagoblin import mg_globals from mediagoblin.meddleware import BaseMeddleware +_log = logging.getLogger(__name__) + # Use the system (hardware-based) random number generator if it exists. # -- this optimization is lifted from Django if hasattr(random, 'SystemRandom'): @@ -126,6 +129,7 @@ class CsrfMeddleware(BaseMeddleware): if cookie_token is None: # the CSRF cookie must be present in the request + _log.error('CSRF cookie not present') return HTTPForbidden() # get the form token and confirm it matches @@ -139,4 +143,5 @@ class CsrfMeddleware(BaseMeddleware): # either the tokens didn't match or the form token wasn't # present; either way, the request is denied + _log.error('CSRF validation failed') return HTTPForbidden() -- 2.25.1