[ZCM] [ZC] 806/ 3 Comment "Authenticated users aren't logged to the Z2.log"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin@zope.org
Thu, 13 Feb 2003 09:36:48 -0500 

Issue #806 Update (Comment) "Authenticated users aren't logged to the Z2.log"
 Status Rejected, ZServer/bug low
To followup, visit:
  http://collector.zope.org/Zope/806

==============================================================
= Comment - Entry #3 by jmeile on Feb 13, 2003 9:36 am

Anyway, Paul Tiemann solved it with a patch to the http_server.py and it seems to work.

I posted it here to the interested people:

1) Add two lines like these to the top of http_server.py
for the import you'll need below to make parsing
the cookies easier.

# PAUL DID THIS SHAMEFUL THING
from ZPublisher.HTTPRequest import parse_cookie

2) Down near line 290, you have the part that determines
the name that will go to the Z2.log file. Here, you
see 'name' being set to 'Anonymous', then there is
an 'if auth is not None:' block which determines
the name from the "Authorization" header. In my case,
I added an 'else:' block below the if which has this
dirty patch of code:

try:
auth_cookie_name = "my_auth" # probably '__ac'?
cookie = None
try:
cookies = {}
header_value = self.get_header("Cookie")
if header_value:
parse_cookie(header_value, cookies)
cookie = cookies.get(auth_cookie_name, None)
except:
name = "Anonymous"

if cookie is not None:
cookie = unquote( cookie )
try:
cookie = base64.decodestring( cookie )
name, password = tuple( cookie.split( ':', 1 ) )
except: name = "Unknown (bad auth cookie)"
except:
name = "Failure!"
________________________________________
= Reject - Entry #2 by tseaver on Feb 13, 2003 9:17 am

 Status: Pending => Rejected

The Z2 log knows only about "protocol-level" information;  in
particular, this includes the HTTP "Authorize:" header.

When using cookie-based authentication, that information is not
present in the request, and hence cannot be logged at the point
in which the access_log entry is created.  See:

  $ZOPE_HOME/ZServer/medusa/http_server.py#http_request.log


________________________________________
= Request - Entry #1 by jmeile on Feb 13, 2003 9:03 am

Whenever a user authenticates through the Cookie Crumbler, he will be logged as "Anonymous" in the Z2.log. 

But if you log in the manage interface, your username will appear there.
==============================================================