[Calypso] [PATCH] log additional user-agent information

Sat Apr 9 10:32:00 PDT 2016

From: chrysn <chrysn at fsfe.org>

when a request comes from a web browser, the User-Agent in the request
header is the user's web browser, but what's more important in this
situation is which javascript program (ie web site) the browser had
open. the relevant information is always encoded in the Origin header
(for all modern browser's requests), and some clients set their own
version etc in the X-Client header.
---
 calypso/__init__.py |  7 ++++++-
 calypso/webdav.py   | 16 +++++++++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/calypso/__init__.py b/calypso/__init__.py
index 38a08d7..18cb880 100644
--- a/calypso/__init__.py
+++ b/calypso/__init__.py
@@ -83,7 +83,12 @@ def _check(request, function):
     # Also send UNAUTHORIZED if there's no collection. Otherwise one
     # could probe the server for (non-)existing collections.
     if request.server.acl.has_right(owner, user, password):
-        function(request, context={"user": user, "user-agent": request.headers.get("User-Agent", None)})
+        function(request, context={
+            "user": user,
+            "user-agent": request.headers.get("User-Agent", None),
+            "x-client": request.headers.get("X-client", None),
+            "origin": request.headers.get("Origin", None),
+            })
     else:
         request.send_calypso_response(client.UNAUTHORIZED, 0)
         request.send_header(
diff --git a/calypso/webdav.py b/calypso/webdav.py
index 1bcfecc..d181948 100644
--- a/calypso/webdav.py
+++ b/calypso/webdav.py
@@ -329,7 +329,7 @@ class Collection(object):
         args = ["git", "commit", "--allow-empty"]
         env = {}
 
-        message = context.get('action', 'other action')
+        message = context.get('action', 'other action') + "\n\n"
 
         if "user" in context:
             # use environment variables instead of --author to avoid git
@@ -340,10 +340,16 @@ class Collection(object):
             # information explicitly in the config file. (slicing it in after
             # the git command as position is important with git arguments)
             args[1:1] = ["-c", "advice.implicitIdentity=false"]
-        if "user-agent" in context:
-            message += u"\n\nUser-Agent: %r"%context['user-agent']
-
-        args.extend(["-m", message.encode('utf8')])
+        if context['user-agent']:
+            message += u"User-Agent: %r\n" % context['user-agent']
+        if context['x-client']:
+            # set by web clients like carddavmate / caldavzap
+            message += u"X-Client: %r\n" % context['x-client']
+        if context['origin']:
+            # set by everything that does CORS XHR
+            message += u"Origin: %r\n" % context['origin']
+
+        args.extend(["-m", message.encode('utf8').rstrip("\n") + "\n"])
 
         subprocess.check_call(args, cwd=self.path, env=env)
 
-- 
2.8.0.rc3

