Browse Source

[IMP] add the possibility to log also request environment variables

pull/1183/head
Sylvain Calador 7 years ago
parent
commit
48540a76a1
No known key found for this signature in database GPG Key ID: AB93CE7D33AADF8F
  1. 6
      auth_brute_force/README.rst
  2. 15
      auth_brute_force/controllers/controllers.py
  3. 2
      auth_brute_force/models/res_authentication_attempt.py
  4. 2
      auth_brute_force/views/view.xml

6
auth_brute_force/README.rst

@ -37,6 +37,11 @@ Once installed, you can change the ir.config_parameter value for the key
'auth_brute_force.max_attempt_qty' (10 by default) that define the max number
of attempts allowed before the user was banned.
You can also add a ir.config_parameter value for the key
'auth_brute_force.environ_log' which allow to log also specific request
environment variables. The format comma-delimited list of varible names
example: REMOTE_ADDR,REMOTE_PORT
Usage
-----
@ -97,6 +102,7 @@ Contributors
------------
* Sylvain LE GAL (https://twitter.com/legalsylvain)
* Sylvain CALADOR (https://akretion.com)
Maintainer
----------

15
auth_brute_force/controllers/controllers.py

@ -49,6 +49,11 @@ class LoginController(Home):
[('key', '=', 'auth_brute_force.max_attempt_qty')],
['value'])[0]['value'])
environ_log = config_obj.search_read(
cursor, SUPERUSER_ID,
[('key', '=', 'auth_brute_force.environ_log')],
['value'])
# Test if remote user is banned
banned = banned_remote_obj.search(cursor, SUPERUSER_ID, [
('remote', '=', remote)])
@ -68,10 +73,20 @@ class LoginController(Home):
# Log attempt
cursor.commit()
environ = ''
if environ_log:
value = environ_log[0]['value']
log_keys = [k.strip() for k in value.split(',')]
for key, value in request.httprequest.environ.items():
if key in log_keys:
environ += '%s=%s\n' % (key, value)
attempt_obj.create(cursor, SUPERUSER_ID, {
'attempt_date': fields.Datetime.now(),
'login': request.params['login'],
'remote': remote,
'environ': environ,
'result': banned and 'banned' or (
result and 'successfull' or 'failed'),
})

2
auth_brute_force/models/res_authentication_attempt.py

@ -41,6 +41,8 @@ class ResAuthenticationAttempt(models.Model):
remote = fields.Char(string='Remote ID')
environ = fields.Text(string='Environment')
result = fields.Selection(
selection=_ATTEMPT_RESULT, string='Authentication Result')

2
auth_brute_force/views/view.xml

@ -29,6 +29,7 @@
<field name="remote" />
<field name="login" />
<field name="result" />
<field name="environ" />
</tree>
</field>
</record>
@ -48,6 +49,7 @@
<field name="arch" type="xml">
<search>
<field name="login"/>
<field name="environ"/>
<filter name="filter_no_success" string="Without Success" domain="[('result','!=', 'successfull')]"/>
<filter name="filter_banned" string="Banned" domain="[('result','=', 'banned')]"/>
<filter name="filter_failed" string="Failed" domain="[('result','=', 'failed')]"/>

Loading…
Cancel
Save