inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-04-28 11:36:44 +00:00
Code

MFA add better logging (#8745)

Browse Source 
* add better logging

* use structlog
This commit is contained in:
Matthias Mair 2024-12-23 21:22:28 +01:00 committed by GitHub
parent 728e0894aa
commit ec6280dacd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/backend/InvenTree/users/api.py
View File

@ -1,7 +1,6 @@
"""DRF API definition for the 'users' app.""" """DRF API definition for the 'users' app."""
import datetime import datetime
import logging
from django.contrib.auth import authenticate, get_user, login, logout from django.contrib.auth import authenticate, get_user, login, logout
from django.contrib.auth.models import Group, User from django.contrib.auth.models import Group, User
@ -10,6 +9,7 @@ from django.shortcuts import redirect
from django.urls import include, path, re_path, reverse from django.urls import include, path, re_path, reverse
from django.views.generic.base import RedirectView from django.views.generic.base import RedirectView
import structlog
from allauth.account import app_settings from allauth.account import app_settings
from allauth.account.adapter import get_adapter from allauth.account.adapter import get_adapter
from allauth_2fa.utils import user_has_valid_totp_device from allauth_2fa.utils import user_has_valid_totp_device
@ -48,7 +48,7 @@ from users.serializers import (
RoleSerializer, RoleSerializer,
) )
logger = logging.getLogger('inventree') logger = structlog.get_logger('inventree')
class OwnerList(ListAPI): class OwnerList(ListAPI):
@ -239,6 +239,7 @@ class Login(LoginView):
_data.update(request.POST.copy()) _data.update(request.POST.copy())
if not _data.get('mfa', None): if not _data.get('mfa', None):
logger.info('No MFA requested - Proceeding')
return super().post(request, *args, **kwargs) return super().post(request, *args, **kwargs)
# Check if login credentials valid # Check if login credentials valid
@ -246,10 +247,12 @@ class Login(LoginView):
request, username=_data.get('username'), password=_data.get('password') request, username=_data.get('username'), password=_data.get('password')
) )
if user is None: if user is None:
logger.info('Invalid login - Aborting')
return HttpResponse(status=401) return HttpResponse(status=401)
# Check if user has mfa set up # Check if user has mfa set up
if not user_has_valid_totp_device(user): if not user_has_valid_totp_device(user):
logger.info('No MFA set up - Proceeding')
return super().post(request, *args, **kwargs) return super().post(request, *args, **kwargs)
# Stage login and redirect to 2fa # Stage login and redirect to 2fa
@ -261,6 +264,7 @@ class Login(LoginView):
'email': None, 'email': None,
'redirect_url': reverse('platform'), 'redirect_url': reverse('platform'),
} }
logger.info('Redirecting to 2fa - Proceeding')
return redirect(reverse('two-factor-authenticate')) return redirect(reverse('two-factor-authenticate'))
def process_login(self): def process_login(self):
@ -275,6 +279,7 @@ class Login(LoginView):
'LOGIN_ENFORCE_MFA' 'LOGIN_ENFORCE_MFA'
): ):
logout(self.request) logout(self.request)
logger.info('User was logged out because MFA is required - Aborting')
raise exceptions.PermissionDenied('MFA required for this user') raise exceptions.PermissionDenied('MFA required for this user')
return ret return ret