diff --git a/auth_brute_force/README.rst b/auth_brute_force/README.rst index 60b0a73aa..3fb779986 100644 --- a/auth_brute_force/README.rst +++ b/auth_brute_force/README.rst @@ -37,6 +37,11 @@ Once installed, you can change the ir.config_parameter value for the key 'auth_brute_force.max_attempt_qty' (10 by default) that define the max number of attempts allowed before the user was banned. +You can also add a ir.config_parameter value for the key +'auth_brute_force.environ_log' which allow to log also specific request +environment variables. The format comma-delimited list of varible names +example: REMOTE_ADDR,REMOTE_PORT + Usage ----- @@ -97,6 +102,7 @@ Contributors ------------ * Sylvain LE GAL (https://twitter.com/legalsylvain) +* Sylvain CALADOR (https://akretion.com) Maintainer ---------- diff --git a/auth_brute_force/controllers/controllers.py b/auth_brute_force/controllers/controllers.py index f752eee95..14fa09e0f 100644 --- a/auth_brute_force/controllers/controllers.py +++ b/auth_brute_force/controllers/controllers.py @@ -49,6 +49,11 @@ class LoginController(Home): [('key', '=', 'auth_brute_force.max_attempt_qty')], ['value'])[0]['value']) + environ_log = config_obj.search_read( + cursor, SUPERUSER_ID, + [('key', '=', 'auth_brute_force.environ_log')], + ['value']) + # Test if remote user is banned banned = banned_remote_obj.search(cursor, SUPERUSER_ID, [ ('remote', '=', remote)]) @@ -68,10 +73,20 @@ class LoginController(Home): # Log attempt cursor.commit() + + environ = '' + if environ_log: + value = environ_log[0]['value'] + log_keys = [k.strip() for k in value.split(',')] + for key, value in request.httprequest.environ.items(): + if key in log_keys: + environ += '%s=%s\n' % (key, value) + attempt_obj.create(cursor, SUPERUSER_ID, { 'attempt_date': fields.Datetime.now(), 'login': request.params['login'], 'remote': remote, + 'environ': environ, 'result': banned and 'banned' or ( result and 'successfull' or 'failed'), }) diff --git a/auth_brute_force/models/res_authentication_attempt.py b/auth_brute_force/models/res_authentication_attempt.py index 84e735bd3..ad5a90018 100644 --- a/auth_brute_force/models/res_authentication_attempt.py +++ b/auth_brute_force/models/res_authentication_attempt.py @@ -41,6 +41,8 @@ class ResAuthenticationAttempt(models.Model): remote = fields.Char(string='Remote ID') + environ = fields.Text(string='Environment') + result = fields.Selection( selection=_ATTEMPT_RESULT, string='Authentication Result') diff --git a/auth_brute_force/views/view.xml b/auth_brute_force/views/view.xml index 7b7de28c3..c6267b9cf 100644 --- a/auth_brute_force/views/view.xml +++ b/auth_brute_force/views/view.xml @@ -29,6 +29,7 @@ + @@ -48,6 +49,7 @@ +