diff --git a/core/admin/mailu/api/common.py b/core/admin/mailu/api/common.py index 6dc75a88..429d806c 100644 --- a/core/admin/mailu/api/common.py +++ b/core/admin/mailu/api/common.py @@ -27,7 +27,7 @@ def api_token_authorization(func): abort(401, 'A valid Authorization header is mandatory') if len(v1.api_token) < 4 or not hmac.compare_digest(request.headers.get('Authorization').removeprefix('Bearer '), v1.api_token): utils.limiter.rate_limit_ip(client_ip) - flask.current_app.logger.warn(f'Invalid API token provided by {client_ip}.') + flask.current_app.logger.warning(f'Invalid API token provided by {client_ip}.') abort(403, 'Invalid API token') flask.current_app.logger.info(f'Valid API token provided by {client_ip}.') return func(*args, **kwds) diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py index b9cbe879..ccbccb4e 100644 --- a/core/admin/mailu/internal/nginx.py +++ b/core/admin/mailu/internal/nginx.py @@ -102,13 +102,13 @@ def handle_authentication(headers): password = urllib.parse.unquote(headers["Auth-Pass"]) ip = urllib.parse.unquote(headers["Client-Ip"]) except: - app.logger.warn(f'Received undecodable user/password from front: {headers.get("Auth-User", "")!r}') + app.logger.warning(f'Received undecodable user/password from front: {headers.get("Auth-User", "")!r}') else: try: user = models.User.query.get(user_email) if '@' in user_email else None except sqlalchemy.exc.StatementError as exc: exc = str(exc).split('\n', 1)[0] - app.logger.warn(f'Invalid user {user_email!r}: {exc}') + app.logger.warning(f'Invalid user {user_email!r}: {exc}') else: is_valid_user = user is not None ip = urllib.parse.unquote(headers["Client-Ip"]) diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py index c74bcc9e..c619366f 100644 --- a/core/admin/mailu/internal/views/auth.py +++ b/core/admin/mailu/internal/views/auth.py @@ -103,7 +103,7 @@ def basic_authentication(): user = models.User.query.get(user_email) if '@' in user_email else None except sqlalchemy.exc.StatementError as exc: exc = str(exc).split('\n', 1)[0] - app.logger.warn(f'Invalid user {user_email!r}: {exc}') + app.logger.warning(f'Invalid user {user_email!r}: {exc}') else: if user is not None and nginx.check_credentials(user, password.decode('utf-8'), client_ip, "web", flask.request.headers.get('X-Real-Port', None), user_email): response = flask.Response() diff --git a/core/admin/mailu/limiter.py b/core/admin/mailu/limiter.py index 6fc078c1..e22b39a2 100644 --- a/core/admin/mailu/limiter.py +++ b/core/admin/mailu/limiter.py @@ -49,7 +49,7 @@ class LimitWraperFactory(object): client_network = utils.extract_network_from_ip(ip) is_rate_limited = self.is_subject_to_rate_limits(ip) and not limiter.test(client_network) if is_rate_limited: - app.logger.warn(f'Authentication attempt from {ip} has been rate-limited.') + app.logger.warning(f'Authentication attempt from {ip} has been rate-limited.') return is_rate_limited def rate_limit_ip(self, ip, username=None): @@ -65,7 +65,7 @@ class LimitWraperFactory(object): limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user') is_rate_limited = self.is_subject_to_rate_limits(ip) and not limiter.test(device_cookie if device_cookie_name == username else username) if is_rate_limited: - app.logger.warn(f'Authentication attempt from {ip} for {username} has been rate-limited.') + app.logger.warning(f'Authentication attempt from {ip} for {username} has been rate-limited.') return is_rate_limited def rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None, password=''): @@ -78,10 +78,10 @@ class LimitWraperFactory(object): limiter.hit(device_cookie if device_cookie_name == username else username) self.rate_limit_ip(ip, username) - """ Device cookies as described on: - https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies - """ - def parse_device_cookie(self, cookie): + def parse_device_cookie(self, cookie: str): + """ Device cookies as described on: + https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies + """ try: login, nonce, _ = cookie.split('$') if hmac.compare_digest(cookie, self.device_cookie(login, nonce)): @@ -90,11 +90,11 @@ class LimitWraperFactory(object): pass return None, None - """ Device cookies don't require strong crypto: - 72bits of nonce, 96bits of signature is more than enough - and these values avoid padding in most cases - """ def device_cookie(self, username, nonce=None): + """ Device cookies don't require strong crypto: + 72bits of nonce, 96bits of signature is more than enough + and these values avoid padding in most cases + """ if not nonce: nonce = secrets.token_urlsafe(9) sig = str(base64.urlsafe_b64encode(hmac.new(app.device_cookie_key, bytearray(f'device_cookie|{username}|{nonce}', 'utf-8'), 'sha256').digest()[20:]), 'utf-8') diff --git a/core/base/libs/socrate/socrate/system.py b/core/base/libs/socrate/socrate/system.py index d92caf0c..38e4b7ba 100644 --- a/core/base/libs/socrate/socrate/system.py +++ b/core/base/libs/socrate/socrate/system.py @@ -19,7 +19,7 @@ def resolve_hostname(hostname): try: return sorted(socket.getaddrinfo(hostname, None, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE), key=lambda s:s[0])[0][4][0] except Exception as e: - log.warn("Unable to lookup '%s': %s",hostname,e) + log.warning("Unable to lookup '%s': %s",hostname,e) raise e def _coerce_value(value):