[IMP] add the possibility to log also request environment variables

6 years ago · 48540a76a1
4 changed files with 25 additions and 0 deletions
--- a/auth_brute_force/README.rst
+++ b/auth_brute_force/README.rst
@ -37,6 +37,11 @@ Once installed, you can change the ir.config_parameter value for the key
 'auth_brute_force.max_attempt_qty' (10 by default) that define the max number
 of attempts allowed before the user was banned.

+You can also add a ir.config_parameter value for the key
+'auth_brute_force.environ_log' which allow to log also specific request
+environment variables. The format comma-delimited list of varible names
+example: REMOTE_ADDR,REMOTE_PORT
+
 Usage
 -----

@ -97,6 +102,7 @@ Contributors
 ------------

 * Sylvain LE GAL (https://twitter.com/legalsylvain)
+* Sylvain CALADOR (https://akretion.com)

 Maintainer
 ----------
--- a/auth_brute_force/controllers/controllers.py
+++ b/auth_brute_force/controllers/controllers.py
@ -49,6 +49,11 @@ class LoginController(Home):
                [('key', '=', 'auth_brute_force.max_attempt_qty')],
                ['value'])[0]['value'])

+            environ_log = config_obj.search_read(
+                cursor, SUPERUSER_ID,
+                [('key', '=', 'auth_brute_force.environ_log')],
+                ['value'])
+
            # Test if remote user is banned
            banned = banned_remote_obj.search(cursor, SUPERUSER_ID, [
                ('remote', '=', remote)])
@ -68,10 +73,20 @@ class LoginController(Home):

            # Log attempt
            cursor.commit()
+
+            environ = ''
+            if environ_log:
+                value = environ_log[0]['value']
+                log_keys = [k.strip() for k in value.split(',')]
+                for key, value in request.httprequest.environ.items():
+                    if key in log_keys:
+                        environ += '%s=%s\n' % (key, value)
+
            attempt_obj.create(cursor, SUPERUSER_ID, {
                'attempt_date': fields.Datetime.now(),
                'login': request.params['login'],
                'remote': remote,
+                'environ': environ,
                'result': banned and 'banned' or (
                    result and 'successfull' or 'failed'),
            })
--- a/auth_brute_force/models/res_authentication_attempt.py
+++ b/auth_brute_force/models/res_authentication_attempt.py
@ -41,6 +41,8 @@ class ResAuthenticationAttempt(models.Model):

    remote = fields.Char(string='Remote ID')

+    environ = fields.Text(string='Environment')
+
    result = fields.Selection(
        selection=_ATTEMPT_RESULT, string='Authentication Result')

--- a/auth_brute_force/views/view.xml
+++ b/auth_brute_force/views/view.xml
@ -29,6 +29,7 @@
                    <field name="remote" />
                    <field name="login" />
                    <field name="result" />
+                    <field name="environ" />
                </tree>
            </field>
        </record>
@ -48,6 +49,7 @@
            <field name="arch" type="xml">
                <search>
                   <field name="login"/>
+                   <field name="environ"/>
                   <filter name="filter_no_success" string="Without Success" domain="[('result','!=', 'successfull')]"/>
                   <filter name="filter_banned" string="Banned" domain="[('result','=', 'banned')]"/>
                   <filter name="filter_failed" string="Failed" domain="[('result','=', 'failed')]"/>