Add logging to AltchaField for validation failures and misconfigurations#40
Open
hleroy wants to merge 1 commit intoaboutcode-org:mainfrom
Open
Add logging to AltchaField for validation failures and misconfigurations#40hleroy wants to merge 1 commit intoaboutcode-org:mainfrom
hleroy wants to merge 1 commit intoaboutcode-org:mainfrom
Conversation
… attacks - Add a module-level logger using logging.getLogger(__name__) - Log a warning when ALTCHA_VERIFICATION_ENABLED is False, making it clear that the CAPTCHA provides no protection in that state - Log a warning with the exception message when verification raises an unexpected error, aiding debugging without leaking details to the user - Log a warning when verification returns a failed result, including the error detail from the altcha library - Log a warning with the challenge hash when a replay attack is detected - Log a warning with the exception message when payload decoding fails Signed-off-by: Hervé Le Roy <hleroy@hleroy.com>
Author
|
I have replaced the percent-style string formatting (%s) with f-strings. Checks should be passing now. Could you please re-run the workflow? Thanks |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a module-level logger and a log_warning() method on AltchaField (overridable by subclasses) that emits warnings in the following cases:
Without logging, all these failure paths were silent, making it difficult to distinguish misconfiguration from attacks or bugs in production.