allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [allura] 01/02: Nicer formatting of user audit log details (make message bold)
Date Tue, 17 Mar 2020 19:16:07 GMT
This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/user_admin_details_improvements
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 9d9d6597ecdbf63e5e39b44c504d4e2400b606e9
Author: Dave Brondsema <dave@brondsema.net>
AuthorDate: Tue Mar 17 14:55:54 2020 -0400

    Nicer formatting of user audit log details (make message bold)
---
 Allura/allura/ext/admin/templates/widgets/audit.html |  4 ++--
 Allura/allura/model/auth.py                          | 17 +++++++++++++++++
 Allura/allura/tests/model/test_auth.py               | 20 +++++++++++++++++++-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/Allura/allura/ext/admin/templates/widgets/audit.html b/Allura/allura/ext/admin/templates/widgets/audit.html
index 1e52df7..8b2705d 100644
--- a/Allura/allura/ext/admin/templates/widgets/audit.html
+++ b/Allura/allura/ext/admin/templates/widgets/audit.html
@@ -34,10 +34,10 @@
         <tr>
           <td style="white-space: nowrap">{{ entry.timestamp_str }}</td>
           <td>{{ entry.user and entry.user.username or 'Unknown' }}</td>
-          <td>{{ entry.url_str }}</td>
+          <td class="auditlog_url">{{ entry.url_str }}</td>
         </tr>
         <tr>
-          <td></td><td colspan="2">{{ entry.message|nl2br }}</td>
+          <td></td><td colspan="2" class="auditlog_message">{{ entry.message_html
}}</td>
         </tr>
         {% endfor %}
       </tbody>
diff --git a/Allura/allura/model/auth.py b/Allura/allura/model/auth.py
index c951edf..e2f1679 100644
--- a/Allura/allura/model/auth.py
+++ b/Allura/allura/model/auth.py
@@ -19,6 +19,8 @@ from __future__ import unicode_literals
 from __future__ import absolute_import
 import logging
 import calendar
+
+from markupsafe import Markup
 from six.moves.urllib.parse import urlparse
 from email import header
 from hashlib import sha256
@@ -985,6 +987,21 @@ class AuditLog(object):
         return self.timestamp.strftime('%Y-%m-%d %H:%M:%S')
 
     @property
+    def message_html(self):
+        standard_metadata_prefixes = (
+            'Done by user:',
+            'IP Address:',
+            'User-Agent:',
+        )
+        with_br = h.nl2br_jinja_filter(self.message)
+        message_bold = '<br>\n'.join([
+            line if line.startswith(standard_metadata_prefixes) else '<b>{}</b>'.format(line)
+            for line in
+            with_br.split('<br>\n')
+        ])
+        return Markup(message_bold)
+
+    @property
     def url_str(self):
         scheme, netloc, path, params, query, fragment = urlparse(self.url)
         s = path
diff --git a/Allura/allura/tests/model/test_auth.py b/Allura/allura/tests/model/test_auth.py
index 039a969..6e2c43f 100644
--- a/Allura/allura/tests/model/test_auth.py
+++ b/Allura/allura/tests/model/test_auth.py
@@ -22,6 +22,10 @@ Model tests for auth
 """
 from __future__ import unicode_literals
 from __future__ import absolute_import
+
+import textwrap
+from datetime import datetime, timedelta
+
 from nose.tools import (
     with_setup,
     assert_equal,
@@ -33,7 +37,7 @@ from nose.tools import (
 from tg import tmpl_context as c, app_globals as g, request
 from webob import Request
 from mock import patch, Mock
-from datetime import datetime, timedelta
+from markupsafe import Markup
 
 from ming.orm.ormsession import ThreadLocalORMSession
 from ming.odm import session
@@ -444,3 +448,17 @@ def test_user_backfill_login_details():
     assert_equal(details[0].ua, 'TestBrowser/56')
     assert_equal(details[1].ip, '127.0.0.1')
     assert_equal(details[1].ua, 'TestBrowser/57')
+
+
+class TestAuditLog(object):
+
+    def test_message_html(self):
+        al = h.auditlog_user('our message <script>alert(1)</script>')
+        assert_equal(al.message, textwrap.dedent('''\
+            IP Address: 127.0.0.1
+            User-Agent: None
+            our message <script>alert(1)</script>'''))
+        assert_equal(al.message_html, textwrap.dedent('''\
+            IP Address: 127.0.0.1<br>
+            User-Agent: None<br>
+            <b>our message &lt;script&gt;alert(1)&lt;/script&gt;</b>'''))


Mime
View raw message