Modify

Opened 3 years ago

Last modified 3 months ago

#11799 new enhancement

Log messages when permission checks fail rather than traceback

Reported by: Ryan J Ollos Owned by: Odd Simon Simonsen
Priority: normal Component: XmlRpcPlugin
Severity: normal Keywords:
Cc: Olemis Lang Trac Release:

Description (last modified by Ryan J Ollos)

Looking in the log files I see many entries like the following:

2014-05-28 12:13:22,695 Trac[web_ui] ERROR: RPC(XML-RPC) Error
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/tracrpc/web_ui.py", line 149, in _rpc_process
    req.perm.require('XML_RPC') # Need at least XML_RPC
  File "/usr/local/python26_trac10/lib/python2.6/site-packages/Trac-1.0.1-py2.6.egg/trac/perm.py", line 579, in require
    raise PermissionError(action, resource, self.env)
PermissionError

Web requests on the other hand are trapped and logged:

2014-05-28 17:01:26,569 Trac[main] WARNING: [12.234.78.2] HTTPForbidden: 403 Forbidden (WIKI_VIEW privileges are required to perform this operation on WikiStart. You don't have the required permissions.)

I'm wondering if we could trap and log XmlRpc requests as warnings. I haven't done more than look at the code yet, but I could probably propose a patch.

See also #12408.

Attachments (0)

Change History (5)

comment:1 Changed 23 months ago by Ryan J Ollos

Description: modified (diff)

comment:2 Changed 9 months ago by Jun Omae

Proposed changes in https://github.com/jun66j5/xmlrpcplugin/commit/t11799.

After the patch:

06:33:44 AM Trac[web_ui] WARNING: RPC(JSON-RPC) [192.168.11.27] PermissionError: XML_RPC privileges are required to perform this operation. You don't have the required permissions.
06:34:39 AM Trac[web_ui] ERROR: RPC(JSON-RPC) [192.168.11.27] Exception caught while calling ticket.get(*[u'a']) by admin
Traceback (most recent call last):
  File "/src/xmlrpcplugin.git/tracrpc/web_ui.py", line 158, in _rpc_process
    result = (XMLRPCSystem(self.env).get_method(method_name)(req, args))[0]
  File "/src/xmlrpcplugin.git/tracrpc/api.py", line 197, in __call__
    result = self.callable(req, *args)
  File "/src/xmlrpcplugin.git/tracrpc/ticket.py", line 154, in get
    t = model.Ticket(self.env, id)
  File "/venv/trac/py27/1.0.13/local/lib/python2.7/site-packages/trac/ticket/model.py", line 69, in __init__
    tkt_id = int(tkt_id)
ValueError: invalid literal for int() with base 10: 'a'
Last edited 9 months ago by Jun Omae (previous) (diff)

comment:3 Changed 8 months ago by Ryan J Ollos

The changes look nice. Okay to merge?

comment:4 Changed 8 months ago by Jun Omae

Fine by me. Could you please review patch in comment:14:ticket:12408?

comment:5 Changed 3 months ago by Ryan J Ollos

Running the latest (r16279), I noticed the following in the logs:

2017-03-20 17:17:23,690 Trac[web_ui] WARNING: RPC(XML-RPC) [82.236.185.165] PermissionError: XML_RPC privileges are required to perform this operation. You don't have the required permissions.

HTTPForbidden should probably be logged.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The owner will remain Odd Simon Simonsen.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.