MFA add better logging (#8745)

* add better logging * use structlog
2025-04-28 11:36:44 +00:00 · 2024-12-23 21:22:28 +01:00 · 2024-12-23 21:22:28 +01:00 · ec6280dacd
commit ec6280dacd
parent 728e0894aa
1 changed files with 7 additions and 2 deletions
--- a/src/backend/InvenTree/users/api.py
+++ b/src/backend/InvenTree/users/api.py
@ -1,7 +1,6 @@
 """DRF API definition for the 'users' app."""

 import datetime
-import logging

 from django.contrib.auth import authenticate, get_user, login, logout
 from django.contrib.auth.models import Group, User
@ -10,6 +9,7 @@ from django.shortcuts import redirect
 from django.urls import include, path, re_path, reverse
 from django.views.generic.base import RedirectView

+import structlog
 from allauth.account import app_settings
 from allauth.account.adapter import get_adapter
 from allauth_2fa.utils import user_has_valid_totp_device
@ -48,7 +48,7 @@ from users.serializers import (
    RoleSerializer,
 )

-logger = logging.getLogger('inventree')
+logger = structlog.get_logger('inventree')


 class OwnerList(ListAPI):
@ -239,6 +239,7 @@ class Login(LoginView):
        _data.update(request.POST.copy())

        if not _data.get('mfa', None):
+            logger.info('No MFA requested - Proceeding')
            return super().post(request, *args, **kwargs)

        # Check if login credentials valid
@ -246,10 +247,12 @@ class Login(LoginView):
            request, username=_data.get('username'), password=_data.get('password')
        )
        if user is None:
+            logger.info('Invalid login - Aborting')
            return HttpResponse(status=401)

        # Check if user has mfa set up
        if not user_has_valid_totp_device(user):
+            logger.info('No MFA set up - Proceeding')
            return super().post(request, *args, **kwargs)

        # Stage login and redirect to 2fa
@ -261,6 +264,7 @@ class Login(LoginView):
            'email': None,
            'redirect_url': reverse('platform'),
        }
+        logger.info('Redirecting to 2fa - Proceeding')
        return redirect(reverse('two-factor-authenticate'))

    def process_login(self):
@ -275,6 +279,7 @@ class Login(LoginView):
            'LOGIN_ENFORCE_MFA'
        ):
            logout(self.request)
+            logger.info('User was logged out because MFA is required - Aborting')
            raise exceptions.PermissionDenied('MFA required for this user')
        return ret