Log successful and failed login attempts

[fabaff]

Description:
This is basically the same feature which was introduced with #1558. Instead of only showing:

16-06-21 21:31:35 INFO (WSGI-server) [homeassistant.components.http] 127.0.0.1 - - [21/Jun/2016 21:31:35] "GET /api/bootstrap HTTP/1.1" 200 14754 0.001991

and

16-06-21 21:51:35 INFO (WSGI-server) [homeassistant.components.http] 127.0.0.1 - - [21/Jun/2016 21:51:35] "GET /api/bootstrap HTTP/1.1" 401 186 0.001866

There will be a human-readable log entry with the source additionally to the 200/401 HTTP message.

16-06-21 21:31:35 INFO (WSGI-server) [homeassistant.components.http] Successful login from 127.0.0.1

or

16-06-21 21:51:35 WARNING (WSGI-server) [homeassistant.components.http] Login attempt with an invalid password from 127.0.0.1

Example entry for configuration.yaml (if applicable):

http:

Checklist:

If the code does not interact with devices:

• Local tests with tox run successfully. Your PR cannot be merged unless tests pass
• Tests have been added to verify that the new code works.

[balloob]

Instead of repeating the same log message three times with the risk of them getting out of sync, let's add it before the if self.requires_auth line:

if authenticated:
    _LOGGER.info(…)
elif self.requires_auth:
    _LOGGER.warning(…)
    raise Unauthorized()

[fabaff]

Thanks

[balloob]

Looks good. Can be merged when linting error addressed 🐬

[balloob]

I only realize now that this adds a lot of logging. I wonder if we should reduce the visibility of the logging? Although, that might also not be useful. I don't know.

[philhawthorne]

I wonder if it would be better to add a config option so this could be turned off?

[fabaff]

Perhaps we should get rid for the additional log entries for 200 responses. One would still be able to spot easily failed login attempts and the entry for 200 responses only need a little more parsing if those details matters.

[kellerza]

Another option would be to default the http component logging to a higher level, like warning. To be honest I keep mine at critical

@philhawthorne to turn off/down you can try this

logger:
  logs:
    homeassistant.components.http: critical

[balloob]

The logging trick works but we shouldn't be broken (or spamming) by
default.

On Wed, Jun 29, 2016, 07:41 Johann Kellerman [email protected]
wrote:

Another option would be to default the http component logging to a higher
level, like warning. To be honest I keep mine at critical

@philhawthorne https://github.com/philhawthorne to turn off/down you
can try this

logger:
logs:
homeassistant.components.http: critical

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#2347 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/ABYJ2vGwhW8xy_DW4RJuNt4CGHh3hhccks5qQoQigaJpZM4I7HkD
.

[balloob]

New CherryPy wsgi server doesn't print any url so we could print the url
retrieved and include if we authenticated successfully

On Wed, Jun 29, 2016, 09:07 Paulus Schoutsen [email protected]
wrote:

The logging trick works but we shouldn't be broken (or spamming) by
default.

On Wed, Jun 29, 2016, 07:41 Johann Kellerman [email protected]
wrote:

Another option would be to default the http component logging to a higher
level, like warning. To be honest I keep mine at critical

@philhawthorne https://github.com/philhawthorne to turn off/down you
can try this

logger:
logs:
homeassistant.components.http: critical

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#2347 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/ABYJ2vGwhW8xy_DW4RJuNt4CGHh3hhccks5qQoQigaJpZM4I7HkD
.