示例#1
0
 def audit_view(cls, request, user, view_func, view_kwargs, extra={}):
     """Creates an instance of a Access log."""
     try:
         audit = cls.create_audit(cls, user)
         audit.description += "View"
         if len(list(request.GET)) > 0:
             audit.request_path = "%s?%s" % (
                 request.path, '&'.join(["%s=%s" % (x, request.GET[x]) for x in request.GET.keys()]))
         else:
             audit.request_path = request.path
         audit.ip_address = utils.get_ip(request)
         audit.user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')
         audit.view = "%s.%s" % (view_func.__module__, view_func.__name__)
         for k in STANDARD_HEADER_KEYS:
             header_item = request.META.get(k, None)
             if header_item is not None:
                 audit.headers[k] = header_item
         #audit.headers = request.META #it's a bit verbose to go to that extreme, TODO: need to have targeted fields in the META, but due to server differences, it's hard to make it universal.
         audit.session_key = request.session.session_key
         audit.extra = extra
         audit.view_kwargs = view_kwargs
         audit.save()
         return audit
     except Exception as ex:
         log.error("NavigationEventAudit.audit_view error: %s", ex)
示例#2
0
 def audit_view(cls, request, user, view_func, view_kwargs, extra={}):
     """Creates an instance of a Access log."""
     try:
         audit = cls.create_audit(cls, user)
         audit.description += "View"
         if len(request.GET.keys()) > 0:
             audit.request_path = "%s?%s" % (
                 request.path, '&'.join(["%s=%s" % (x, request.GET[x]) for x in request.GET.keys()]))
         else:
             audit.request_path = request.path
         audit.ip_address = utils.get_ip(request)
         audit.user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')
         audit.view = "%s.%s" % (view_func.__module__, view_func.func_name)
         for k in STANDARD_HEADER_KEYS:
             header_item = request.META.get(k, None)
             if header_item is not None:
                 audit.headers[k] = header_item
         #audit.headers = request.META #it's a bit verbose to go to that extreme, TODO: need to have targeted fields in the META, but due to server differences, it's hard to make it universal.
         audit.session_key = request.session.session_key
         audit.extra = extra
         audit.view_kwargs = view_kwargs
         audit.save()
         return audit
     except Exception, ex:
         log.error("NavigationEventAudit.audit_view error: %s", ex)
示例#3
0
 def audit_login_failed(cls, request, username, *args, **kwargs):
     '''Creates an instance of a Access log.
     '''
     audit = cls.create_audit(cls, username)
     audit.ip_address = utils.get_ip(request)
     audit.access_type = 'login_failed'
     if username != None:
         audit.description = "Login Failure: %s" % (username)
     else:
         audit.description = "Login Failure"
     audit.session_key = request.session.session_key
     audit.save()
示例#4
0
 def audit_login_failed(cls, request, username, *args, **kwargs):
     '''Creates an instance of a Access log.
     '''
     audit = cls.create_audit(cls, username)
     audit.ip_address = utils.get_ip(request)
     audit.access_type = 'login_failed'
     if username != None:
         audit.description = "Login Failure: %s" % (username)
     else:
         audit.description = "Login Failure"
     audit.session_key = request.session.session_key
     audit.save()
示例#5
0
    def audit_logout(cls, request, user):
        '''Log a logout event'''
        audit = cls.create_audit(cls, user)
        audit.ip_address = utils.get_ip(request)

        if user == AnonymousUser:
            audit.description = "Logout anonymous"
        elif user is None:
            audit.description = "None"
        else:
            audit.description = "Logout %s" % (user.username)
        audit.access_type = 'logout'
        audit.session_key = request.session.session_key
        audit.save()
示例#6
0
    def audit_logout(cls, request, user):
        '''Log a logout event'''
        audit = cls.create_audit(cls, user)
        audit.ip_address = utils.get_ip(request)

        if user == AnonymousUser:
            audit.description = "Logout anonymous"
        elif user is None:
            audit.description = "None"
        else:
            audit.description = "Logout %s" % (user.username)
        audit.access_type = 'logout'
        audit.session_key = request.session.session_key
        audit.save()
示例#7
0
 def audit_login(cls, request, user, *args, **kwargs):
     '''Creates an instance of a Access log.
     '''
     audit = cls.create_audit(cls, user)
     audit.ip_address = utils.get_ip(request)
     ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
     audit.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
     audit.path_info = request.META.get('PATH_INFO', '<unknown>')
     audit.user_agent = ua
     audit.access_type = 'login'
     audit.description = "Login Success"
     audit.session_key = request.session.session_key
     audit.get_data = [] #[query2str(request.GET.items())]
     audit.post_data = []
     audit.save()
示例#8
0
 def audit_login(cls, request, user, *args, **kwargs):
     '''Creates an instance of a Access log.
     '''
     audit = cls.create_audit(cls, user)
     audit.ip_address = utils.get_ip(request)
     ua = request.META.get('HTTP_USER_AGENT', '<unknown>')
     audit.http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')
     audit.path_info = request.META.get('PATH_INFO', '<unknown>')
     audit.user_agent = ua
     audit.access_type = 'login'
     audit.description = "Login Success"
     audit.session_key = request.session.session_key
     audit.get_data = [] #[query2str(request.GET.items())]
     audit.post_data = []
     audit.save()
示例#9
0
        def wrapper(request, *args, **kwargs):
            auth = api_auth_class.is_authenticated(request)
            if auth:
                if isinstance(auth, HttpUnauthorized):
                    return auth
                try:
                    allowed_ips = request.user.api_key.apikeysettings.ip_whitelist
                except (ApiKey.DoesNotExist, ApiKeySettings.DoesNotExist):
                    allowed_ips = []
                if allowed_ips and get_ip(request) not in allowed_ips:
                    return HttpUnauthorized()
                return view(request, *args, **kwargs)

            response = HttpUnauthorized()
            return response