Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create access logs from requests #5050

Closed
wants to merge 3 commits into from
Closed

Create access logs from requests #5050

wants to merge 3 commits into from

Conversation

rgraber
Copy link
Contributor

@rgraber rgraber commented Aug 6, 2024
edited
Loading

Checklist

  1. If you've added code that should be tested, add tests
  2. If you've changed APIs, update (or create!) the documentation
  3. Ensure the tests pass
  4. Make sure that your code lints and that you've followed our coding style
  5. Write a title and, if necessary, a description of your work suitable for publishing in our release notes
  6. Mention any related issues in this repository (as #ISSUE) and in other repositories (as kobotoolbox/other#ISSUE)
  7. Open an issue in the docs if there are UI/UX changes

Description

Enable the creation of access logs when users are authenticated.

Notes

Adds a method to the AuditLog class to create from a request, with logic to handle regular logins, non-persisted authenticated requests, and logins via django-loginas. This is meant to be called from a user_logged_in signal handler, which passes the request along, or an authentication class. Technically it can be called with any request but it will only log the authentication of the user, not any action they performed.

For any request, it will store the ip, OS, and browser of the request (taken from the headers) as well as information about the user in request.user. The user id is also stored as the object_id, with the object_type being the name of the user model.

If the url_name of the resolver is 'loginas-user-login,' we also store information about the _cached_user, which represents the user making the original request. This should work even in the case of cURL requests since they require a CSRF token and session id, so the original user gets fully authenticated.

The authorization type can be set by the caller, otherwise it will default to 'django-loginas' if it's a loginas request and the name of the authenticating backend if it's a normal login request.

Related issues

Blocked by #5035 and #5044

@notion-workspace Notion Workspace
Copy link

Capture all authentication events

@rgraber rgraber changed the base branch from main to beta August 6, 2024 13:52
@rgraber rgraber changed the base branch from beta to TASK-867-parse-user-agent August 6, 2024 17:07
Base automatically changed from TASK-867-parse-user-agent to beta August 6, 2024 19:11
@rgraber rgraber force-pushed the TASK-867-create-log-from-request branch from b65dcc1 to ac2b873 Compare August 6, 2024 19:30
@rgraber rgraber marked this pull request as ready for review August 6, 2024 20:02
@rgraber rgraber requested a review from noliveleger August 6, 2024 20:02
@rgraber rgraber mentioned this pull request Aug 8, 2024
Merged
7 tasks
@rgraber rgraber marked this pull request as draft August 8, 2024 14:51
@rgraber
Copy link
Contributor Author

rgraber commented Aug 9, 2024

Closed in favor of #5055

@rgraber rgraber closed this Aug 9, 2024
@rgraber rgraber deleted the TASK-867-create-log-from-request branch December 3, 2024 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@noliveleger noliveleger Awaiting requested review from noliveleger

Assignees
No one assigned
Labels
Back end
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rgraber