diff options
author | Helber Maciel Guerra <helbermg@gmail.com> | 2016-09-04 23:43:49 -0300 |
---|---|---|
committer | Helber Maciel Guerra <helbermg@gmail.com> | 2016-12-30 01:54:32 +0000 |
commit | 96ca1097a502efca95546641947aba60c85bd0bb (patch) | |
tree | a437cb9f6f7fb589a68d384f5b7cd0104abfa264 /openstack_auth | |
parent | cec7a021707972b1434bc1be656c5ff1d1315b55 (diff) | |
download | django_openstack_auth-96ca1097a502efca95546641947aba60c85bd0bb.tar.gz |
Get remote address from client, behind proxy servers, to log on console.
Discovering REMOTE_IP using headers variables and displaing on console
log.
The messages will be:
"Login successful for user "%(username)s", remote address %(remote_ip)s."
and
"Login failed for user "%(username)s", remote address %(remote_ip)s."
This patch was tested behind haproxy and nginx reverse proxy.
To set variable that want to use, must inform using settings
SECURE_PROXY_ADDR_HEADER variable. Whitout this setting the remote ip
will use REMOTE_ADDR header variable.
Change-Id: I977be6cb1d029048b9862cac4b6596fc2e2b3431
Closes-Bug: #1461266
Diffstat (limited to 'openstack_auth')
-rw-r--r-- | openstack_auth/forms.py | 14 | ||||
-rw-r--r-- | openstack_auth/tests/tests.py | 38 | ||||
-rw-r--r-- | openstack_auth/utils.py | 22 |
3 files changed, 70 insertions, 4 deletions
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py index 6e4bf8b..0acb290 100644 --- a/openstack_auth/forms.py +++ b/openstack_auth/forms.py @@ -124,12 +124,18 @@ class Login(django_auth_forms.AuthenticationForm): password=password, user_domain_name=domain, auth_url=region) - msg = 'Login successful for user "%(username)s".' % \ - {'username': username} + msg = 'Login successful for user "%(username)s", remote address '\ + '%(remote_ip)s.' % { + 'username': username, + 'remote_ip': utils.get_client_ip(self.request) + } LOG.info(msg) except exceptions.KeystoneAuthException as exc: - msg = 'Login failed for user "%(username)s".' % \ - {'username': username} + msg = 'Login failed for user "%(username)s", remote address '\ + '%(remote_ip)s.' % { + 'username': username, + 'remote_ip': utils.get_client_ip(self.request) + } LOG.warning(msg) raise forms.ValidationError(exc) if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7 diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py index 8f40da7..7423b8d 100644 --- a/openstack_auth/tests/tests.py +++ b/openstack_auth/tests/tests.py @@ -1178,3 +1178,41 @@ class UserTestCase(test.TestCase): self.assertTrue(created_token._is_pki_token( self.data.domain_scoped_access_info.auth_token)) self.assertFalse(created_token._is_pki_token(None)) + + +class BehindProxyTestCase(test.TestCase): + + def setUp(self): + self.request = http.HttpRequest() + + def test_without_proxy(self): + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + from openstack_auth.utils import get_client_ip + self.assertEqual('10.111.111.2', get_client_ip(self.request)) + + def test_with_proxy_no_settings(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33' + self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2' + self.assertEqual('10.111.111.2', get_client_ip(self.request)) + + def test_with_settings_without_proxy(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.assertEqual('10.111.111.2', get_client_ip(self.request)) + + @override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_FORWARDED_FOR') + def test_with_settings_with_proxy_forwardfor(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2' + self.assertEqual('172.18.0.2', get_client_ip(self.request)) + + @override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_REAL_IP') + def test_with_settings_with_proxy_real_ip(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33' + self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2' + self.assertEqual('192.168.15.33', get_client_ip(self.request)) diff --git a/openstack_auth/utils.py b/openstack_auth/utils.py index 44b3931..555560f 100644 --- a/openstack_auth/utils.py +++ b/openstack_auth/utils.py @@ -475,3 +475,25 @@ def get_admin_permissions(): } """ return {get_role_permission(role) for role in get_admin_roles()} + + +def get_client_ip(request): + """Return client ip address using SECURE_PROXY_ADDR_HEADER variable. + + If not present or not defined on settings then REMOTE_ADDR is used. + + :param request: Django http request object. + :type request: django.http.HttpRequest + + :returns: Possible client ip address + :rtype: string + """ + _SECURE_PROXY_ADDR_HEADER = getattr( + settings, 'SECURE_PROXY_ADDR_HEADER', False + ) + if _SECURE_PROXY_ADDR_HEADER: + return request.META.get( + _SECURE_PROXY_ADDR_HEADER, + request.META.get('REMOTE_ADDR') + ) + return request.META.get('REMOTE_ADDR') |