Missing logging for auditing about bottle-cork HOT 5 CLOSED

I have a pull request almost ready, but have some difficulties with the tests.

from bottle-cork.

The library exposes successful actions and errors to the developer (using exceptions). Developers can then implementing their logging as preferred.
The reason for not logging directly from the library is flexibility. (e.g. choosing what to log and how, how much detail to provide, i18n...)

from bottle-cork.

Thanks for the response.

It looks like login and logout do expose success or failure only via http redirection, which is a bit cumbersome to use (one as to define a special redirection target only for logging purpose).
The reason of failure (as expressed by exception) are lost. And the name of the user who did the logout is also lost when it succeed (so the application has to track it outside of the session to log it).

I understand the concerns of logging flexibility, however a basic logging of success/failure for login/logout/passwd change with no i18n would looks sufficient for basic auditing needs (which is a needed feature for all authentication applications).
Also, using a logger with a configuration file would allow developer to disable such logging if needed.

Please tell me if I've missed something about logging login/logout and so one on the application side, and if you want me to finalize a PR or not.

from bottle-cork.

On login, success_redirect and fail_redirect are optional. When set to None, login will throw exceptions. Generally speaking, all functions are meant to throw meaningful exceptions to let developers handle them before returning errors to the user.

from bottle-cork.

Of course you're right (and i feel dumb) !
Sorry for not having seen it before… and thanks a lot for your help.

from bottle-cork.