diff options
-rw-r--r-- | python/fatcat_web/auth.py | 10 | ||||
-rw-r--r-- | python/fatcat_web/web_config.py | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py index 1953151b..20c11855 100644 --- a/python/fatcat_web/auth.py +++ b/python/fatcat_web/auth.py @@ -20,6 +20,7 @@ def handle_token_login(token): m = pymacaroons.Macaroon.deserialize(token) except pymacaroons.exceptions.MacaroonDeserializationException: # TODO: what kind of Exceptions? + app.logger.warn("auth fail: MacaroonDeserializationException") return abort(400) # extract editor_id editor_id = None @@ -28,6 +29,7 @@ def handle_token_login(token): if caveat.startswith(b"editor_id = "): editor_id = caveat[12:].decode('utf-8') if not editor_id: + app.logger.warn("auth fail: editor_id missing in macaroon") abort(400) # fetch editor info editor = api.get_editor(editor_id) @@ -93,12 +95,11 @@ def handle_ia_xauth(email, password): try: flash("Internet Archive email/password didn't match: {}".format(resp.json()['values']['reason'])) except: - print("IA XAuth fail: {}".format(resp.content)) + app.logger.warn("IA XAuth fail: {}".format(resp.content)) return render_template('auth_ia_login.html', email=email), resp.status_code elif resp.status_code != 200: flash("Internet Archive login failed (internal error?)") - # TODO: log.warn - print("IA XAuth fail: {}".format(resp.content)) + app.logger.warn("IA XAuth fail: {}".format(resp.content)) return render_template('auth_ia_login.html', email=email), resp.status_code # Successful login; now fetch info... @@ -112,8 +113,7 @@ def handle_ia_xauth(email, password): }) if resp.status_code != 200: flash("Internet Archive login failed (internal error?)") - # TODO: log.warn - print("IA XAuth fail: {}".format(resp.content)) + app.logger.warn("IA XAuth fail: {}".format(resp.content)) return render_template('auth_ia_login.html', email=email), resp.status_code ia_info = resp.json()['values'] diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py index 9aad8998..1b9a7c9f 100644 --- a/python/fatcat_web/web_config.py +++ b/python/fatcat_web/web_config.py @@ -41,7 +41,7 @@ class Config(object): # CSRF on by default, but only for WTF forms (not, eg, search, lookups, GET # forms) - WTF_CSRF_CHECK_DEFAULT = True + WTF_CSRF_CHECK_DEFAULT = False WTF_CSRF_TIME_LIMIT = None if FATCAT_DOMAIN == "dev.fatcat.wiki": |