Log user's ip address when they login

2018-07-05 14:25:05 +07:00 · 2018-07-05 14:25:05 +07:00 · 96a9c12300
parent 178e25f8f7
commit 96a9c12300
2 changed files with 11 additions and 9 deletions
--- a/app/models.py
+++ b/app/models.py
@ -188,7 +188,7 @@ class User(db.Model):
            logging.error(e)
            raise

-    def is_validate(self, method):
+    def is_validate(self, method, src_ip=''):
        """
        Validate user credential
        """
@ -197,12 +197,12 @@ class User(db.Model):

            if user_info:
                if user_info.password and self.check_password(user_info.password):
-                    logging.info('User "{0}" logged in successfully'.format(self.username))
+                    logging.info('User "{0}" logged in successfully. Authentication request from {1}'.format(self.username, src_ip))
                    return True
-                logging.error('User "{0}" input a wrong password'.format(self.username))
+                logging.error('User "{0}" inputted a wrong password. Authentication request from {1}'.format(self.username, src_ip))
                return False

-            logging.warning('User "{0}" does not exist'.format(self.username))
+            logging.warning('User "{0}" does not exist. Authentication request from {1}'.format(self.username, src_ip))
            return False

        if method == 'LDAP':
@ -220,7 +220,7 @@ class User(db.Model):

            result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
            if not result:
-                logging.warning('LDAP User "{0}" does not exist'.format(self.username))
+                logging.warning('LDAP User "{0}" does not exist. Authentication request from {1}'.format(self.username, src_ip))
                return False

            try:
@ -242,11 +242,13 @@ class User(db.Model):
                            logging.error('User {0} is not part of the "{1}" or "{2}" groups that allow access to PowerDNS-Admin'.format(self.username,LDAP_ADMIN_GROUP,LDAP_USER_GROUP))
                            return False
                    except Exception as e:
-                        logging.error('LDAP group lookup for user "{0}" has failed'.format(e))
+                        logging.error('LDAP group lookup for user "{0}" has failed. Authentication request from {1}'.format(self.username, src_ip))
+                        logging.debug(e)
                        return False
                    logging.info('User "{0}" logged in successfully'.format(self.username))
            except Exception as e:
-                logging.error('User "{0}" input a wrong LDAP password'.format(e))
+                logging.error('User "{0}" input a wrong LDAP password. Authentication request from {1}'.format(self.username, src_ip))
+                logging.debug(e)
                return False

            # create user if not exist in the db
--- a/app/views.py
+++ b/app/views.py
@ -120,7 +120,7 @@ def login_via_authorization_header(request):
            return None
        user = User(username=username, password=password, plain_text_password=password)
        try:
-            auth = user.is_validate(method='LOCAL')
+            auth = user.is_validate(method='LOCAL', src_ip=request.remote_addr)
            if auth == False:
                return None
            else:
@ -340,7 +340,7 @@ def login():
        user = User(username=username, password=password, plain_text_password=password)

        try:
-            auth = user.is_validate(method=auth_method)
+            auth = user.is_validate(method=auth_method, src_ip=request.remote_addr)
            if auth == False:
                return render_template('login.html', error='Invalid credentials',
                                                     github_enabled=GITHUB_ENABLE,