Beispiel #1
0
def audited_logout(request, *args, **kwargs):
    # share some useful information
    func = auth_views.logout
    logging.info("Function: %s" % (func.__name__))
    logging.info("Logged logout for user %s" % (request.user.username))
    user = request.user
    # it's a successful login.
    ip = request.META.get('REMOTE_ADDR', '')
    ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
    attempt = AccessAudit()
    attempt.doc_type = AccessAudit.__name__
    attempt.access_type = models.ACCESS_LOGOUT
    attempt.user_agent = ua
    attempt.user = user.username
    attempt.session_key = request.session.session_key
    attempt.ip_address = ip
    attempt.get_data = []
    attempt.post_data = []
    attempt.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
    attempt.path_info = request.META.get('PATH_INFO', '<unknown>')
    attempt.failures_since_start = 0
    attempt.save()

    # call the logout function
    response = func(request, *args, **kwargs)
    return response
Beispiel #2
0
def audited_logout (request, *args, **kwargs):
    # share some useful information
    func = auth_views.logout
    logging.info("Function: %s" %(func.__name__))
    logging.info("Logged logout for user %s" % (request.user.username))
    user = request.user
    # it's a successful login.
    ip = request.META.get('REMOTE_ADDR', '')
    ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
    attempt = AccessAudit()
    attempt.doc_type=AccessAudit.__name__
    attempt.access_type = models.ACCESS_LOGOUT
    attempt.user_agent=ua
    attempt.user = user.username
    attempt.session_key = request.session.session_key
    attempt.ip_address=ip
    attempt.get_data=[]
    attempt.post_data=[]
    attempt.http_accept=request.META.get('HTTP_ACCEPT', '<unknown>')
    attempt.path_info=request.META.get('PATH_INFO', '<unknown>')
    attempt.failures_since_start=0
    attempt.save()

    # call the logout function
    response = func(request, *args, **kwargs)
    return response
Beispiel #3
0
    def decorated_logout(request, *args, **kwargs):
        # share some useful information
        if func.__name__ != 'decorated_logout' and VERBOSE:
            log.info('AXES: Calling decorated logout function: %s',
                     func.__name__)
            if args: log.info('args: %s', args)
            if kwargs: log.info('kwargs: %s', kwargs)
        log.info("Function: %s", func.__name__)
        log.info("Logged logout for user %s", request.user.username)
        user = request.user
        #it's a successful login.
        ip = request.META.get('REMOTE_ADDR', '')
        ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
        attempt = AccessAudit()
        attempt.doc_type = AccessAudit.__name__
        attempt.access_type = models.ACCESS_LOGOUT
        attempt.user_agent = ua
        attempt.user = user.username
        attempt.session_key = request.session.session_key
        attempt.ip_address = ip
        attempt.get_data = []  #[query2str(request.GET.items())]
        attempt.post_data = []
        attempt.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
        attempt.path_info = request.META.get('PATH_INFO', '<unknown>')
        attempt.failures_since_start = 0
        attempt.save()

        # call the logout function
        response = func(request, *args, **kwargs)

        if func.__name__ == 'decorated_logout':
            # if we're dealing with this function itself, don't bother checking
            # for invalid login attempts.  I suppose there's a bunch of
            # recursion going on here that used to cause one failed login
            # attempt to generate 10+ failed access attempt records (with 3
            # failed attempts each supposedly)
            return response
        return response
Beispiel #4
0
    def decorated_logout (request, *args, **kwargs):
        # share some useful information
        if func.__name__ != 'decorated_logout' and VERBOSE:
            log.info('AXES: Calling decorated logout function: %s', func.__name__)
            if args: log.info('args: %s', args)
            if kwargs: log.info('kwargs: %s', kwargs)
        log.info("Function: %s", func.__name__)
        log.info("Logged logout for user %s", request.user.username)
        user = request.user
        #it's a successful login.
        ip = request.META.get('REMOTE_ADDR', '')
        ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
        attempt = AccessAudit()
        attempt.doc_type=AccessAudit.__name__
        attempt.access_type = models.ACCESS_LOGOUT
        attempt.user_agent=ua
        attempt.user = user.username
        attempt.session_key = request.session.session_key
        attempt.ip_address=ip
        attempt.get_data=[] #[query2str(request.GET.items())]
        attempt.post_data=[]
        attempt.http_accept=request.META.get('HTTP_ACCEPT', '<unknown>')
        attempt.path_info=request.META.get('PATH_INFO', '<unknown>')
        attempt.failures_since_start=0
        attempt.save()

        # call the logout function
        response = func(request, *args, **kwargs)

        if func.__name__ == 'decorated_logout':
            # if we're dealing with this function itself, don't bother checking
            # for invalid login attempts.  I suppose there's a bunch of
            # recursion going on here that used to cause one failed login
            # attempt to generate 10+ failed access attempt records (with 3
            # failed attempts each supposedly)
            return response
        return response
Beispiel #5
0
def log_request(request, login_unsuccessful):
    failures = 0
    attempt = get_user_attempt(request)

    if attempt:
        failures = attempt.failures_since_start

    # no matter what, we want to lock them out
    # if they're past the number of attempts allowed
    if failures > FAILURE_LIMIT and LOCK_OUT_AT_FAILURE:
        # We log them out in case they actually managed to enter
        # the correct password.
        logout(request)
        log.warning('AXES: locked out %s after repeated login attempts.', attempt.ip_address)
        return False

    if login_unsuccessful:
        #interpret the auth form to get the user in question
        if request.method == "POST":
            form = AuthenticationForm(data=request.POST)
            if form.is_valid():
                attempted_username = form.get_user().username
            else:
                attempted_username = form.data.get('username')
                attempted_password = form.data.get('password')

        # add a failed attempt for this user
        failures += 1

        # Create an AccessAttempt record if the login wasn't successful
        # has already attempted, update the info
        if attempt:
            #attempt.get_data.append(query2str(request.GET.items()))
            #attempt.post_data.append(query2str(request.POST.items()))
            attempt.access_type = models.ACCESS_FAILED
            attempt.user = attempted_username
            attempt.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
            attempt.path_info = request.META.get('PATH_INFO', '<unknown>')
            attempt.failures_since_start = failures
            attempt.event_date = datetime.utcnow() #why do we do this?
            attempt.save()
            log.info('AXES: Repeated login failure by %s. Updating access '
                     'record. Count = %s', attempt.ip_address, failures)
        else:
            ip = request.META.get('REMOTE_ADDR', '')
            ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
            attempt = AccessAudit()
            attempt.event_date = datetime.utcnow()
            attempt.doc_type=AccessAudit.__name__
            attempt.access_type = models.ACCESS_FAILED
            attempt.user_agent=ua
            attempt.user = attempted_username
            attempt.ip_address=ip
            #attempt.get_data = [query2str(request.GET.items())]
            #attempt.post_data= [query2str(request.POST.items())]
            attempt.http_accept=request.META.get('HTTP_ACCEPT', '<unknown>')
            attempt.path_info=request.META.get('PATH_INFO', '<unknown>')
            attempt.failures_since_start=failures
            attempt.save()
            log.info('AXES: New login failure by %s. Creating access record.', ip)
    else:
        #it's a successful login.

        #if we're django 1.3, this will have already been logged.
        if django.get_version() < '1.3':
            AccessAudit.audit_login(request, request.user)

    return True
Beispiel #6
0
def log_request(request, login_unsuccessful):
    failures = 0
    attempt = get_user_attempt(request)

    if attempt:
        failures = attempt.failures_since_start

    # no matter what, we want to lock them out
    # if they're past the number of attempts allowed
    if failures > FAILURE_LIMIT and LOCK_OUT_AT_FAILURE:
        # We log them out in case they actually managed to enter
        # the correct password.
        logout(request)
        log.warning('AXES: locked out %s after repeated login attempts.',
                    attempt.ip_address)
        return False

    if login_unsuccessful:
        #interpret the auth form to get the user in question
        if request.method == "POST":
            form = AuthenticationForm(data=request.POST)
            if form.is_valid():
                attempted_username = form.get_user().username
            else:
                attempted_username = form.data.get('username')
                attempted_password = form.data.get('password')

        # add a failed attempt for this user
        failures += 1

        # Create an AccessAttempt record if the login wasn't successful
        # has already attempted, update the info
        if attempt:
            #attempt.get_data.append(query2str(request.GET.items()))
            #attempt.post_data.append(query2str(request.POST.items()))
            attempt.access_type = models.ACCESS_FAILED
            attempt.user = attempted_username
            attempt.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
            attempt.path_info = request.META.get('PATH_INFO', '<unknown>')
            attempt.failures_since_start = failures
            attempt.event_date = datetime.utcnow()  #why do we do this?
            attempt.save()
            log.info(
                'AXES: Repeated login failure by %s. Updating access '
                'record. Count = %s', attempt.ip_address, failures)
        else:
            ip = request.META.get('REMOTE_ADDR', '')
            ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
            attempt = AccessAudit()
            attempt.event_date = datetime.utcnow()
            attempt.doc_type = AccessAudit.__name__
            attempt.access_type = models.ACCESS_FAILED
            attempt.user_agent = ua
            attempt.user = attempted_username
            attempt.ip_address = ip
            #attempt.get_data = [query2str(request.GET.items())]
            #attempt.post_data= [query2str(request.POST.items())]
            attempt.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
            attempt.path_info = request.META.get('PATH_INFO', '<unknown>')
            attempt.failures_since_start = failures
            attempt.save()
            log.info('AXES: New login failure by %s. Creating access record.',
                     ip)

    return True