Display the invalid referrer message only when required

geoportal/c2cgeoportal_geoportal/__init__.py

@@ -292,9 +292,11 @@ def _match_url_start(reference, value):
     return reference_parts == value_parts
 
 
-def is_valid_referer(request, settings):
+def is_valid_referer(request, settings=None):
     if request.referer is not None:
         referer = urlsplit(request.referer)._replace(query="", fragment="").geturl().rstrip("/").split("/")
+        if settings is None:
+            settings = request.registry.settings
         list_ = settings.get("authorized_referers", [])
         return any(_match_url_start(e, referer) for e in list_)
     else:
@@ -343,9 +345,7 @@ def get_user_from_request(request, username=None):
         if not hasattr(request, "is_valid_referer"):
             request.is_valid_referer = is_valid_referer(request, settings)
         if not request.is_valid_referer:
-            log.warning(
-                "Invalid referer for %s: %s", request.path_qs, repr(request.referer)
-            )
+            log.debug("Invalid referer for %s: %s", request.path_qs, repr(request.referer))
             return None
 
         if not hasattr(request, "user_"):

geoportal/c2cgeoportal_geoportal/views/entry.py

@@ -53,6 +53,7 @@
 
 from c2cgeoportal_commons import models
 from c2cgeoportal_commons.models import main, static
+from c2cgeoportal_geoportal import is_valid_referer
 from c2cgeoportal_geoportal.lib import get_setting, get_protected_layers_query, \
     get_url2, get_url, get_typed, get_types_map, add_url_params, get_http
 from c2cgeoportal_geoportal.lib.cacheversion import get_cache_version
@@ -1470,8 +1471,18 @@ def _get_group(self, group, role_id, interface, version):
                 group, ", ".join([i[0] for i in models.DBSession.query(main.LayerGroup.name).all()])
             )])
 
+    def _referer_log(self):
+        if not hasattr(self.request, "is_valid_referer"):
+            self.request.is_valid_referer = is_valid_referer(self.request)
+        if not self.request.is_valid_referer:
+            log.error(
+                "Invalid referer for %s: %s", self.request.path_qs, repr(self.request.referer)
+            )
+
     @view_config(context=HTTPForbidden, renderer="login.html")
     def loginform403(self):
+        self._referer_log()
+
         if self.request.authenticated_userid:
             return HTTPForbidden()  # pragma: no cover
 
@@ -1484,6 +1495,8 @@ def loginform403(self):
 
     @view_config(route_name="loginform", renderer="login.html")
     def loginform(self):
+        self._referer_log()
+
         set_common_headers(self.request, "login", PUBLIC_CACHE, vary=True)
 
         return {
@@ -1493,6 +1506,8 @@ def loginform(self):
 
     @view_config(route_name="login")
     def login(self):
+        self._referer_log()
+
         login = self.request.POST.get("login")
         password = self.request.POST.get("password")
         if login is None or password is None:  # pragma nocover
@@ -1558,6 +1573,8 @@ def _user(self, user=None):
 
     @view_config(route_name="loginuser", renderer="json")
     def loginuser(self):
+        self._referer_log()
+
         set_common_headers(self.request, "login", NO_CACHE)
 
         return self._user()

geoportal/tests/__init__.py

@@ -45,6 +45,7 @@ def create_dummy_request(additional_settings=None, *args, **kargs):
         "default_max_age": 1000,
     }
     request.registry.settings.update(additional_settings)
+    request.is_valid_referer = True
     return request
 
 

geoportal/tests/test_entry.py

@@ -137,6 +137,7 @@ def test_login(self):
         from c2cgeoportal_geoportal.views.entry import Entry
 
         request = DummyRequest()
+        request.is_valid_referer = True
         request.user = None
         entry = Entry(request)