Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Username not in access log for error requests #1155

Closed
perrinjerome opened this issue Sep 15, 2023 · 0 comments · Fixed by #1156
Closed

Username not in access log for error requests #1155

perrinjerome opened this issue Sep 15, 2023 · 0 comments · Fixed by #1156

Comments

@perrinjerome
Copy link
Contributor

BUG/PROBLEM REPORT / FEATURE REQUEST

What I did:

Create a zope instance:

mkwsgiinstance -d username_log_repro  -u  admin:admin
runwsgi  ./username_log_repro/etc/zope.ini
# add a `standard_error_message` at root ( this is necessary for error requests to be logged at all in access log - this looks like another independent issue )
curl -d id=standard_error_message 'http://admin:admin@127.0.0.1:8080/manage_addProduct/OFSP/addDTMLMethod'

Make a successful HTTP request and see in the log that username (admin) appears

$ curl --silent -o /dev/null  http://admin:admin@127.0.0.1:8080 ; tail -n 1 username_log_repro/var/log/Z4.log
127.0.0.1 - admin [15/Sep/2023:16:13:03 +0200] "GET / HTTP/1.1" 200 2 "-" "curl/7.87.0"

Make an error HTTP request, the username field is empty:

$ curl --silent -o /dev/null  http://admin:admin@127.0.0.1:8080/error ; tail -n 1 username_log_repro/var/log/Z4.log
127.0.0.1 - - [15/Sep/2023:16:14:30 +0200] "GET /error HTTP/1.1" 404 229 "-" "curl/7.87.0"

What I expect to happen:

The username field should be present even for error requests.

What actually happened:

The username field is empty, for error requests. This is not only for "404 not found" requests, but also for server side errors.

What version of Python and Zope/Addons I am using:

This is on current master

I investigated and found that username is set in environ by

Zope/src/ZPublisher/WSGIPublisher.py

Lines 388 to 395 in 59f6870

with load_app(module_info) as new_mod_info:
with transaction_pubevents(request, response):
response = _publish(request, new_mod_info)
user = getSecurityManager().getUser()
if user is not None and \
user.getUserName() != 'Anonymous User':
environ['REMOTE_USER'] = user.getUserName()

but this code is not executed if _publish gets an exception. I'm making a pull request.
perrinjerome added a commit to perrinjerome/Zope that referenced this issue Sep 15, 2023
@perrinjerome
WSGIPublisher: set REMOTE_USER even in case of error
d1a807e 
This fixes a problem that user name was empty in access log for error
pages.

Fixes zopefoundation#1155
@perrinjerome perrinjerome mentioned this issue Sep 15, 2023
Merged
perrinjerome added a commit to perrinjerome/Zope that referenced this issue Sep 19, 2023
@perrinjerome
WSGIPublisher: set REMOTE_USER even in case of error
4833c07 
This fixes a problem that user name was empty in access log for error
pages.

Fixes zopefoundation#1155
icemac added a commit that referenced this issue Sep 19, 2023
@perrinjerome @icemac
WSGIPublisher: set REMOTE_USER even in case of error (#1156)
89134b3 
This fixes a problem that user name was empty in access log for error pages.

Fixes #1155

---------

Co-authored-by: Michael Howitz <icemac@gmx.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WSGIPublisher: set REMOTE_USER even in case of error perrinjerome/Zope
1 participant
@perrinjerome