From 48540a76a10c1302d8387ed7ee6922d92449be8d Mon Sep 17 00:00:00 2001 From: Sylvain Calador Date: Thu, 8 Mar 2018 17:19:35 +0100 Subject: [PATCH 1/4] [IMP] add the possibility to log also request environment variables --- auth_brute_force/README.rst | 6 ++++++ auth_brute_force/controllers/controllers.py | 15 +++++++++++++++ .../models/res_authentication_attempt.py | 2 ++ auth_brute_force/views/view.xml | 2 ++ 4 files changed, 25 insertions(+) diff --git a/auth_brute_force/README.rst b/auth_brute_force/README.rst index 60b0a73aa..3fb779986 100644 --- a/auth_brute_force/README.rst +++ b/auth_brute_force/README.rst @@ -37,6 +37,11 @@ Once installed, you can change the ir.config_parameter value for the key 'auth_brute_force.max_attempt_qty' (10 by default) that define the max number of attempts allowed before the user was banned. +You can also add a ir.config_parameter value for the key +'auth_brute_force.environ_log' which allow to log also specific request +environment variables. The format comma-delimited list of varible names +example: REMOTE_ADDR,REMOTE_PORT + Usage ----- @@ -97,6 +102,7 @@ Contributors ------------ * Sylvain LE GAL (https://twitter.com/legalsylvain) +* Sylvain CALADOR (https://akretion.com) Maintainer ---------- diff --git a/auth_brute_force/controllers/controllers.py b/auth_brute_force/controllers/controllers.py index f752eee95..14fa09e0f 100644 --- a/auth_brute_force/controllers/controllers.py +++ b/auth_brute_force/controllers/controllers.py @@ -49,6 +49,11 @@ class LoginController(Home): [('key', '=', 'auth_brute_force.max_attempt_qty')], ['value'])[0]['value']) + environ_log = config_obj.search_read( + cursor, SUPERUSER_ID, + [('key', '=', 'auth_brute_force.environ_log')], + ['value']) + # Test if remote user is banned banned = banned_remote_obj.search(cursor, SUPERUSER_ID, [ ('remote', '=', remote)]) @@ -68,10 +73,20 @@ class LoginController(Home): # Log attempt cursor.commit() + + environ = '' + if environ_log: + value = environ_log[0]['value'] + log_keys = [k.strip() for k in value.split(',')] + for key, value in request.httprequest.environ.items(): + if key in log_keys: + environ += '%s=%s\n' % (key, value) + attempt_obj.create(cursor, SUPERUSER_ID, { 'attempt_date': fields.Datetime.now(), 'login': request.params['login'], 'remote': remote, + 'environ': environ, 'result': banned and 'banned' or ( result and 'successfull' or 'failed'), }) diff --git a/auth_brute_force/models/res_authentication_attempt.py b/auth_brute_force/models/res_authentication_attempt.py index 84e735bd3..ad5a90018 100644 --- a/auth_brute_force/models/res_authentication_attempt.py +++ b/auth_brute_force/models/res_authentication_attempt.py @@ -41,6 +41,8 @@ class ResAuthenticationAttempt(models.Model): remote = fields.Char(string='Remote ID') + environ = fields.Text(string='Environment') + result = fields.Selection( selection=_ATTEMPT_RESULT, string='Authentication Result') diff --git a/auth_brute_force/views/view.xml b/auth_brute_force/views/view.xml index 7b7de28c3..c6267b9cf 100644 --- a/auth_brute_force/views/view.xml +++ b/auth_brute_force/views/view.xml @@ -29,6 +29,7 @@ + @@ -48,6 +49,7 @@ + From 4f8bd1a28e5a17f8f5d1fac888ab05dab1058968 Mon Sep 17 00:00:00 2001 From: Sylvain Calador Date: Thu, 8 Mar 2018 17:34:29 +0100 Subject: [PATCH 2/4] [FIX] Typo --- auth_brute_force/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth_brute_force/README.rst b/auth_brute_force/README.rst index 3fb779986..9b639574e 100644 --- a/auth_brute_force/README.rst +++ b/auth_brute_force/README.rst @@ -38,7 +38,7 @@ Once installed, you can change the ir.config_parameter value for the key of attempts allowed before the user was banned. You can also add a ir.config_parameter value for the key -'auth_brute_force.environ_log' which allow to log also specific request +'auth_brute_force.environ_log' which allows to log also specific request environment variables. The format comma-delimited list of varible names example: REMOTE_ADDR,REMOTE_PORT From 72fbd0e94aeef2120072ee7939d32b606b14fe4f Mon Sep 17 00:00:00 2001 From: Sylvain Calador Date: Thu, 8 Mar 2018 22:53:26 +0100 Subject: [PATCH 3/4] [IMP] add a jocker '*' for discover or log all request environment variables --- auth_brute_force/README.rst | 7 ++++++- auth_brute_force/controllers/controllers.py | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/auth_brute_force/README.rst b/auth_brute_force/README.rst index 9b639574e..79ed0057e 100644 --- a/auth_brute_force/README.rst +++ b/auth_brute_force/README.rst @@ -39,9 +39,14 @@ of attempts allowed before the user was banned. You can also add a ir.config_parameter value for the key 'auth_brute_force.environ_log' which allows to log also specific request -environment variables. The format comma-delimited list of varible names +environment variables. + +The format is a comma-delimited list of variable names example: REMOTE_ADDR,REMOTE_PORT +or you can just use the jocker '*' for log or discover all variables, +the variable names depends of the reverse-proxy configuration. + Usage ----- diff --git a/auth_brute_force/controllers/controllers.py b/auth_brute_force/controllers/controllers.py index 14fa09e0f..acee0f3c6 100644 --- a/auth_brute_force/controllers/controllers.py +++ b/auth_brute_force/controllers/controllers.py @@ -76,10 +76,10 @@ class LoginController(Home): environ = '' if environ_log: - value = environ_log[0]['value'] - log_keys = [k.strip() for k in value.split(',')] + filter_value = environ_log[0]['value'] + filter_keys = [k.strip() for k in filter_value.split(',')] for key, value in request.httprequest.environ.items(): - if key in log_keys: + if key in filter_keys or filter_value == '*': environ += '%s=%s\n' % (key, value) attempt_obj.create(cursor, SUPERUSER_ID, { From 845f036c4cd00d93f6f1524f1990dafe41c9e32f Mon Sep 17 00:00:00 2001 From: Sylvain Calador Date: Thu, 8 Mar 2018 23:05:06 +0100 Subject: [PATCH 4/4] [IMP] README.rst --- auth_brute_force/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth_brute_force/README.rst b/auth_brute_force/README.rst index 79ed0057e..dbe931307 100644 --- a/auth_brute_force/README.rst +++ b/auth_brute_force/README.rst @@ -45,7 +45,7 @@ The format is a comma-delimited list of variable names example: REMOTE_ADDR,REMOTE_PORT or you can just use the jocker '*' for log or discover all variables, -the variable names depends of the reverse-proxy configuration. +most variable names depends of WSGI specification and reverse-proxy configuration. Usage -----