diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-01-03 15:41:15 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-01-03 15:41:15 +0000 |
commit | 32f7ad1bd80034ea1083e2ce608b9de538b524ae (patch) | |
tree | 92997567620d93e70994042a421a833a3affdd21 | |
parent | a1ac86c6c49da8d73cf4f1504983da6f62c022cf (diff) | |
parent | 96ca1097a502efca95546641947aba60c85bd0bb (diff) | |
download | django_openstack_auth-32f7ad1bd80034ea1083e2ce608b9de538b524ae.tar.gz |
Merge "Get remote address from client, behind proxy servers, to log on console."
-rw-r--r-- | openstack_auth/forms.py | 14 | ||||
-rw-r--r-- | openstack_auth/tests/tests.py | 38 | ||||
-rw-r--r-- | openstack_auth/utils.py | 22 |
3 files changed, 70 insertions, 4 deletions
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py index 6e4bf8b..0acb290 100644 --- a/openstack_auth/forms.py +++ b/openstack_auth/forms.py @@ -124,12 +124,18 @@ class Login(django_auth_forms.AuthenticationForm): password=password, user_domain_name=domain, auth_url=region) - msg = 'Login successful for user "%(username)s".' % \ - {'username': username} + msg = 'Login successful for user "%(username)s", remote address '\ + '%(remote_ip)s.' % { + 'username': username, + 'remote_ip': utils.get_client_ip(self.request) + } LOG.info(msg) except exceptions.KeystoneAuthException as exc: - msg = 'Login failed for user "%(username)s".' % \ - {'username': username} + msg = 'Login failed for user "%(username)s", remote address '\ + '%(remote_ip)s.' % { + 'username': username, + 'remote_ip': utils.get_client_ip(self.request) + } LOG.warning(msg) raise forms.ValidationError(exc) if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7 diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py index ac8482f..f2dbe55 100644 --- a/openstack_auth/tests/tests.py +++ b/openstack_auth/tests/tests.py @@ -1163,3 +1163,41 @@ class UserTestCase(test.TestCase): self.assertTrue(created_token._is_pki_token( self.data.domain_scoped_access_info.auth_token)) self.assertFalse(created_token._is_pki_token(None)) + + +class BehindProxyTestCase(test.TestCase): + + def setUp(self): + self.request = http.HttpRequest() + + def test_without_proxy(self): + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + from openstack_auth.utils import get_client_ip + self.assertEqual('10.111.111.2', get_client_ip(self.request)) + + def test_with_proxy_no_settings(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33' + self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2' + self.assertEqual('10.111.111.2', get_client_ip(self.request)) + + def test_with_settings_without_proxy(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.assertEqual('10.111.111.2', get_client_ip(self.request)) + + @override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_FORWARDED_FOR') + def test_with_settings_with_proxy_forwardfor(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2' + self.assertEqual('172.18.0.2', get_client_ip(self.request)) + + @override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_REAL_IP') + def test_with_settings_with_proxy_real_ip(self): + from openstack_auth.utils import get_client_ip + self.request.META['REMOTE_ADDR'] = '10.111.111.2' + self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33' + self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2' + self.assertEqual('192.168.15.33', get_client_ip(self.request)) diff --git a/openstack_auth/utils.py b/openstack_auth/utils.py index 32a39c5..c050726 100644 --- a/openstack_auth/utils.py +++ b/openstack_auth/utils.py @@ -476,3 +476,25 @@ def get_admin_permissions(): } """ return {get_role_permission(role) for role in get_admin_roles()} + + +def get_client_ip(request): + """Return client ip address using SECURE_PROXY_ADDR_HEADER variable. + + If not present or not defined on settings then REMOTE_ADDR is used. + + :param request: Django http request object. + :type request: django.http.HttpRequest + + :returns: Possible client ip address + :rtype: string + """ + _SECURE_PROXY_ADDR_HEADER = getattr( + settings, 'SECURE_PROXY_ADDR_HEADER', False + ) + if _SECURE_PROXY_ADDR_HEADER: + return request.META.get( + _SECURE_PROXY_ADDR_HEADER, + request.META.get('REMOTE_ADDR') + ) + return request.META.get('REMOTE_ADDR') |