Merge "Get remote address from client, behind proxy servers, to log on console."

author: Jenkins <jenkins@review.openstack.org> 2017-01-03 15:41:15 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-01-03 15:41:15 +0000
commit: 32f7ad1bd80034ea1083e2ce608b9de538b524ae (patch)
tree: 92997567620d93e70994042a421a833a3affdd21
parent: a1ac86c6c49da8d73cf4f1504983da6f62c022cf (diff)
parent: 96ca1097a502efca95546641947aba60c85bd0bb (diff)
download: django_openstack_auth-32f7ad1bd80034ea1083e2ce608b9de538b524ae.tar.gz
3 files changed, 70 insertions, 4 deletions
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
index 6e4bf8b..0acb290 100644
--- a/openstack_auth/forms.py
+++ b/openstack_auth/forms.py
@@ -124,12 +124,18 @@ class Login(django_auth_forms.AuthenticationForm):
                                            password=password,
                                            user_domain_name=domain,
                                            auth_url=region)
-            msg = 'Login successful for user "%(username)s".' % \
-                {'username': username}
+            msg = 'Login successful for user "%(username)s", remote address '\
+                '%(remote_ip)s.' % {
+                    'username': username,
+                    'remote_ip': utils.get_client_ip(self.request)
+                }
             LOG.info(msg)
         except exceptions.KeystoneAuthException as exc:
-            msg = 'Login failed for user "%(username)s".' % \
-                {'username': username}
+            msg = 'Login failed for user "%(username)s", remote address '\
+                '%(remote_ip)s.' % {
+                    'username': username,
+                    'remote_ip': utils.get_client_ip(self.request)
+                }
             LOG.warning(msg)
             raise forms.ValidationError(exc)
         if hasattr(self, 'check_for_test_cookie'):  # Dropped in django 1.7
diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py
index ac8482f..f2dbe55 100644
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@@ -1163,3 +1163,41 @@ class UserTestCase(test.TestCase):
         self.assertTrue(created_token._is_pki_token(
                         self.data.domain_scoped_access_info.auth_token))
         self.assertFalse(created_token._is_pki_token(None))
+
+
+class BehindProxyTestCase(test.TestCase):
+
+    def setUp(self):
+        self.request = http.HttpRequest()
+
+    def test_without_proxy(self):
+        self.request.META['REMOTE_ADDR'] = '10.111.111.2'
+        from openstack_auth.utils import get_client_ip
+        self.assertEqual('10.111.111.2', get_client_ip(self.request))
+
+    def test_with_proxy_no_settings(self):
+        from openstack_auth.utils import get_client_ip
+        self.request.META['REMOTE_ADDR'] = '10.111.111.2'
+        self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33'
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
+        self.assertEqual('10.111.111.2', get_client_ip(self.request))
+
+    def test_with_settings_without_proxy(self):
+        from openstack_auth.utils import get_client_ip
+        self.request.META['REMOTE_ADDR'] = '10.111.111.2'
+        self.assertEqual('10.111.111.2', get_client_ip(self.request))
+
+    @override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_FORWARDED_FOR')
+    def test_with_settings_with_proxy_forwardfor(self):
+        from openstack_auth.utils import get_client_ip
+        self.request.META['REMOTE_ADDR'] = '10.111.111.2'
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
+        self.assertEqual('172.18.0.2', get_client_ip(self.request))
+
+    @override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_REAL_IP')
+    def test_with_settings_with_proxy_real_ip(self):
+        from openstack_auth.utils import get_client_ip
+        self.request.META['REMOTE_ADDR'] = '10.111.111.2'
+        self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33'
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
+        self.assertEqual('192.168.15.33', get_client_ip(self.request))
diff --git a/openstack_auth/utils.py b/openstack_auth/utils.py
index 32a39c5..c050726 100644
--- a/openstack_auth/utils.py
+++ b/openstack_auth/utils.py
@@ -476,3 +476,25 @@ def get_admin_permissions():
         }
     """
     return {get_role_permission(role) for role in get_admin_roles()}
+
+
+def get_client_ip(request):
+    """Return client ip address using SECURE_PROXY_ADDR_HEADER variable.
+
+    If not present or not defined on settings then REMOTE_ADDR is used.
+
+    :param request: Django http request object.
+    :type request: django.http.HttpRequest
+
+    :returns: Possible client ip address
+    :rtype: string
+    """
+    _SECURE_PROXY_ADDR_HEADER = getattr(
+        settings, 'SECURE_PROXY_ADDR_HEADER', False
+    )
+    if _SECURE_PROXY_ADDR_HEADER:
+        return request.META.get(
+            _SECURE_PROXY_ADDR_HEADER,
+            request.META.get('REMOTE_ADDR')
+        )
+    return request.META.get('REMOTE_ADDR')
author	Jenkins <jenkins@review.openstack.org>	2017-01-03 15:41:15 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-01-03 15:41:15 +0000
commit	32f7ad1bd80034ea1083e2ce608b9de538b524ae (patch)
tree	92997567620d93e70994042a421a833a3affdd21
parent	a1ac86c6c49da8d73cf4f1504983da6f62c022cf (diff)
parent	96ca1097a502efca95546641947aba60c85bd0bb (diff)
download	django_openstack_auth-32f7ad1bd80034ea1083e2ce608b9de538b524ae.tar.gz