openstack
/
django_openstack_auth
Code Issues Proposed changes

Merge "Get remote address from client, behind proxy servers, to log on console."

This commit is contained in:
Jenkins 2017-01-03 15:41:15 +00:00 committed by Gerrit Code Review
parent a1ac86c6c4 96ca1097a5
commit 32f7ad1bd8
3 changed files with 70 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
openstack_auth/forms.py
View File

@ -124,12 +124,18 @@ class Login(django_auth_forms.AuthenticationForm):
password=password,
user_domain_name=domain,
auth_url=region)
msg = 'Login successful for user "%(username)s".' % \
{'username': username}
msg = 'Login successful for user "%(username)s", remote address '\
'%(remote_ip)s.' % {
'username': username,
'remote_ip': utils.get_client_ip(self.request)
}
LOG.info(msg)
except exceptions.KeystoneAuthException as exc:
msg = 'Login failed for user "%(username)s".' % \
{'username': username}
msg = 'Login failed for user "%(username)s", remote address '\
'%(remote_ip)s.' % {
'username': username,
'remote_ip': utils.get_client_ip(self.request)
}
LOG.warning(msg)
raise forms.ValidationError(exc)
if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7

38
openstack_auth/tests/tests.py
View File

@ -1163,3 +1163,41 @@ class UserTestCase(test.TestCase):
self.assertTrue(created_token._is_pki_token(
self.data.domain_scoped_access_info.auth_token))
self.assertFalse(created_token._is_pki_token(None))
class BehindProxyTestCase(test.TestCase):
def setUp(self):
self.request = http.HttpRequest()
def test_without_proxy(self):
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
from openstack_auth.utils import get_client_ip
self.assertEqual('10.111.111.2', get_client_ip(self.request))
def test_with_proxy_no_settings(self):
from openstack_auth.utils import get_client_ip
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33'
self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
self.assertEqual('10.111.111.2', get_client_ip(self.request))
def test_with_settings_without_proxy(self):
from openstack_auth.utils import get_client_ip
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
self.assertEqual('10.111.111.2', get_client_ip(self.request))
@override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_FORWARDED_FOR')
def test_with_settings_with_proxy_forwardfor(self):
from openstack_auth.utils import get_client_ip
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
self.assertEqual('172.18.0.2', get_client_ip(self.request))
@override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_REAL_IP')
def test_with_settings_with_proxy_real_ip(self):
from openstack_auth.utils import get_client_ip
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33'
self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
self.assertEqual('192.168.15.33', get_client_ip(self.request))

22
openstack_auth/utils.py
View File

@ -476,3 +476,25 @@ def get_admin_permissions():
}
"""
return {get_role_permission(role) for role in get_admin_roles()}
def get_client_ip(request):
"""Return client ip address using SECURE_PROXY_ADDR_HEADER variable.
If not present or not defined on settings then REMOTE_ADDR is used.
:param request: Django http request object.
:type request: django.http.HttpRequest
:returns: Possible client ip address
:rtype: string
"""
_SECURE_PROXY_ADDR_HEADER = getattr(
settings, 'SECURE_PROXY_ADDR_HEADER', False
)
if _SECURE_PROXY_ADDR_HEADER:
return request.META.get(
_SECURE_PROXY_ADDR_HEADER,
request.META.get('REMOTE_ADDR')
)
return request.META.get('REMOTE_ADDR')