From 654c35e3b06ddce4475d0dece0f76df2354f9233 Mon Sep 17 00:00:00 2001
From: Volker Theile <vtheile@suse.com>
Date: Thu, 25 Jan 2018 10:21:43 +0100
Subject: [PATCH] mgr/dashboard_v2: Log script_name on unauthorized access

This commit also replaces double quotes with single quotes.

Signed-off-by: Volker Theile <vtheile@suse.com>
---
 src/pybind/mgr/dashboard_v2/auth.py         | 11 ++++++-----
 src/pybind/mgr/dashboard_v2/restresource.py | 10 +++++-----
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/pybind/mgr/dashboard_v2/auth.py b/src/pybind/mgr/dashboard_v2/auth.py
index aa3b5b3d0ac..ab4da81f30d 100644
--- a/src/pybind/mgr/dashboard_v2/auth.py
+++ b/src/pybind/mgr/dashboard_v2/auth.py
@@ -53,24 +53,25 @@ class Auth(object):
             cherrypy.session.regenerate()
             cherrypy.session[Auth.SESSION_KEY] = username
             cherrypy.session[Auth.SESSION_KEY_TS] = now
-            self.log.debug("Login successful")
+            self.log.debug('Login successful')
             return {'username': username}
         else:
             cherrypy.response.status = 403
-            self.log.debug("Login fail")
+            self.log.debug('Login fail')
             return {'detail': 'Invalid credentials'}
 
     @cherrypy.expose
     @cherrypy.tools.allow(methods=['POST'])
     def logout(self):
-        self.log.debug("Logout successful")
+        self.log.debug('Logout successful')
         cherrypy.session[Auth.SESSION_KEY] = None
         cherrypy.session[Auth.SESSION_KEY_TS] = None
 
     def check_auth(self):
         username = cherrypy.session.get(Auth.SESSION_KEY)
         if not username:
-            self.log.debug("Unauthorized")
+            self.log.debug('Unauthorized access to {}'.format(cherrypy.url(
+                relative='server')))
             raise cherrypy.HTTPError(401, 'You are not authorized to access '
                                           'that resource')
         now = int(time.time())
@@ -82,7 +83,7 @@ class Auth(object):
             if username_ts and username_ts < now - expires:
                 cherrypy.session[Auth.SESSION_KEY] = None
                 cherrypy.session[Auth.SESSION_KEY_TS] = None
-                self.log.debug("Session expired.")
+                self.log.debug('Session expired.')
                 raise cherrypy.HTTPError(401,
                                          'Session expired. You are not '
                                          'authorized to access that resource')
diff --git a/src/pybind/mgr/dashboard_v2/restresource.py b/src/pybind/mgr/dashboard_v2/restresource.py
index db9c89b051d..068b031e023 100644
--- a/src/pybind/mgr/dashboard_v2/restresource.py
+++ b/src/pybind/mgr/dashboard_v2/restresource.py
@@ -17,7 +17,7 @@ def _takes_json(func):
 
 def _returns_json(func):
     def inner(*args, **kwargs):
-        cherrypy.serving.response.headers['Content-Type'] = "application/json"
+        cherrypy.serving.response.headers['Content-Type'] = 'application/json'
         ret = func(*args, **kwargs)
         return json.dumps(ret).encode('utf8')
     return inner
@@ -53,16 +53,16 @@ class RESTResource(object):
     """
 
     _cp_config = {
-                  'request.error_page': {'default': json_error_page},
-                  }
+        'request.error_page': {'default': json_error_page},
+    }
 
     def _not_implemented(self, is_element):
         methods = [method
                    for ((method, _is_element), (meth, _))
                    in self._method_mapping.items()
                    if _is_element == is_element and hasattr(self, meth)]
-        cherrypy.response.headers["Allow"] = ",".join(methods)
-        raise cherrypy.HTTPError(405, "Method not implemented.")
+        cherrypy.response.headers['Allow'] = ','.join(methods)
+        raise cherrypy.HTTPError(405, 'Method not implemented.')
 
     _method_mapping = {
         ('GET', False): ('list', 200),