diff options
-rw-r--r-- | muck/authz.py | 9 | ||||
-rwxr-xr-x | muck_poc | 6 |
2 files changed, 14 insertions, 1 deletions
diff --git a/muck/authz.py b/muck/authz.py index bafd880..4a9a8a4 100644 --- a/muck/authz.py +++ b/muck/authz.py @@ -13,6 +13,9 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. +import logging + + import muck @@ -23,15 +26,21 @@ class AuthorizationChecker: def request_is_allowed(self, r, required_method, required_scopes): if r.get_method() != required_method: + logging.debug( + 'Wanted method %s, got %s', required_method, r.get_method()) return False token = self._get_token(r) + logging.debug('token: %r', token) if token is None: + logging.debug('No token') return False scope = token.get('scope', '') scopes = set(scope.split()) required_scopes = set(required_scopes) + logging.debug('Want scopes %r', required_scopes) + logging.debug('Got scopes %r', scopes) return scopes.intersection(required_scopes) == required_scopes def get_claims_from_token(self, r): @@ -80,6 +80,10 @@ class MuckAPI: try: rr = bottle.request logging.info('Request: %s %s', rr.method, rr.path) + logging.debug('Request headers:') + for h in rr.headers: + logging.debug(' %s: %r', h, rr.headers[h]) + logging.debug('End of request headers') r = muck.Request(method=rr.method) r.add_headers(rr.headers) if self._ac.request_is_allowed(r, req_method, [req_scope]): @@ -229,7 +233,7 @@ class MuckAPI: logging.info( 'Pretending to be %s (claims: %r)', claims['sub'], claims) else: - logging.info('Reuqest by normal user') + logging.info('Request by normal user') return claims |