forked from shaba/openuds
* Adding logs to users & authenticators
This commit is contained in:
parent
0a6f18f1cc
commit
1f218a4f96
@ -39,7 +39,7 @@ useLogger = logging.getLogger('useLog')
|
|||||||
OTHER,DEBUG,INFO,WARN,ERROR,FATAL = (10000*(x+1) for x in xrange(6))
|
OTHER,DEBUG,INFO,WARN,ERROR,FATAL = (10000*(x+1) for x in xrange(6))
|
||||||
|
|
||||||
# Logging sources
|
# Logging sources
|
||||||
INTERNAL, ACTOR, TRANSPORT, OSMANAGER, UNKNOWN, WEB = ('internal', 'actor', 'transport', 'osmanager', 'unknown', 'web')
|
INTERNAL, ACTOR, TRANSPORT, OSMANAGER, UNKNOWN, WEB, ADMIN = ('internal', 'actor', 'transport', 'osmanager', 'unknown', 'web', 'admin')
|
||||||
|
|
||||||
OTHERSTR, DEBUGSTR, INFOSTR, WARNSTR, ERRORSTR, FATALSTR = ('OTHER', 'DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL')
|
OTHERSTR, DEBUGSTR, INFOSTR, WARNSTR, ERRORSTR, FATALSTR = ('OTHER', 'DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL')
|
||||||
|
|
||||||
|
@ -34,9 +34,10 @@
|
|||||||
from django.utils.translation import ugettext as _, activate
|
from django.utils.translation import ugettext as _, activate
|
||||||
from django.contrib.sessions.backends.db import SessionStore
|
from django.contrib.sessions.backends.db import SessionStore
|
||||||
from uds.models import Authenticator
|
from uds.models import Authenticator
|
||||||
from ..util.Exceptions import AuthException
|
from uds.xmlrpc.util.Exceptions import AuthException
|
||||||
from uds.core.util.Config import GlobalConfig
|
from uds.core.util.Config import GlobalConfig
|
||||||
from uds.core.auths.auth import authenticate
|
from uds.core.util import log
|
||||||
|
from uds.core.auths.auth import authenticate, getIp
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
import logging
|
import logging
|
||||||
@ -75,6 +76,7 @@ class Credentials(object):
|
|||||||
return ''
|
return ''
|
||||||
try:
|
try:
|
||||||
a = Authenticator.objects.get(pk=self.idAuth).getInstance()
|
a = Authenticator.objects.get(pk=self.idAuth).getInstance()
|
||||||
|
log.doLog(self.user, log.INFO, 'Logged out from administration', log.WEB)
|
||||||
return a.logout(self.user)
|
return a.logout(self.user)
|
||||||
except Exception:
|
except Exception:
|
||||||
logger.exception('Exception at logout (managed)')
|
logger.exception('Exception at logout (managed)')
|
||||||
@ -155,6 +157,8 @@ def login(username, password, idAuth, locale, request):
|
|||||||
Validates the user/password credentials, assign to it the specified locale for this session and returns a credentials response
|
Validates the user/password credentials, assign to it the specified locale for this session and returns a credentials response
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
getIp(request)
|
||||||
|
|
||||||
logger.info("Validating user {0} with authenticator {1} with locale {2}".format(username, idAuth, locale))
|
logger.info("Validating user {0} with authenticator {1} with locale {2}".format(username, idAuth, locale))
|
||||||
activate(locale)
|
activate(locale)
|
||||||
if idAuth == ADMIN_AUTH:
|
if idAuth == ADMIN_AUTH:
|
||||||
@ -167,8 +171,25 @@ def login(username, password, idAuth, locale, request):
|
|||||||
user = authenticate(username, password, auth)
|
user = authenticate(username, password, auth)
|
||||||
except Exception:
|
except Exception:
|
||||||
raise AuthException(_('Invalid authenticator'))
|
raise AuthException(_('Invalid authenticator'))
|
||||||
if user is None or user.staff_member is False:
|
|
||||||
|
if user is None:
|
||||||
|
log.doLog(auth, log.ERROR, 'Invalid credentials for {0} from {1}'.format(username, request.ip), log.ADMIN)
|
||||||
|
try:
|
||||||
|
user = auth.users.get(name=username)
|
||||||
|
log.doLog(user, log.ERROR, 'Invalid credentials from {0}'.format(request.ip), log.ADMIN)
|
||||||
|
except:
|
||||||
|
pass
|
||||||
raise AuthException(_('Access denied'))
|
raise AuthException(_('Access denied'))
|
||||||
|
|
||||||
|
if user.staff_member is False:
|
||||||
|
log.doLog(auth, log.ERROR, 'Access denied from {1}. User {0} is not membef of staff'.format(username, request.ip), log.ADMIN)
|
||||||
|
log.doLog(user, log.ERROR, 'Access denied from {0}. This user is not membef of staff'.format(request.ip), log.ADMIN)
|
||||||
|
|
||||||
|
raise AuthException(_('Access denied'))
|
||||||
|
|
||||||
|
log.doLog(auth, log.INFO, 'Access granted to user {0} from {1} to administration'.format(username, request.ip), log.ADMIN)
|
||||||
|
log.doLog(user, log.INFO, 'Access granted from {0} to administration'.format(request.ip), log.ADMIN)
|
||||||
|
|
||||||
return makeCredentials(idAuth, username, locale, user.is_admin)
|
return makeCredentials(idAuth, username, locale, user.is_admin)
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user