Merge "Get remote address from client, behind proxy servers, to log on console."
This commit is contained in:
commit
32f7ad1bd8
|
@ -124,12 +124,18 @@ class Login(django_auth_forms.AuthenticationForm):
|
|||
password=password,
|
||||
user_domain_name=domain,
|
||||
auth_url=region)
|
||||
msg = 'Login successful for user "%(username)s".' % \
|
||||
{'username': username}
|
||||
msg = 'Login successful for user "%(username)s", remote address '\
|
||||
'%(remote_ip)s.' % {
|
||||
'username': username,
|
||||
'remote_ip': utils.get_client_ip(self.request)
|
||||
}
|
||||
LOG.info(msg)
|
||||
except exceptions.KeystoneAuthException as exc:
|
||||
msg = 'Login failed for user "%(username)s".' % \
|
||||
{'username': username}
|
||||
msg = 'Login failed for user "%(username)s", remote address '\
|
||||
'%(remote_ip)s.' % {
|
||||
'username': username,
|
||||
'remote_ip': utils.get_client_ip(self.request)
|
||||
}
|
||||
LOG.warning(msg)
|
||||
raise forms.ValidationError(exc)
|
||||
if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7
|
||||
|
|
|
@ -1163,3 +1163,41 @@ class UserTestCase(test.TestCase):
|
|||
self.assertTrue(created_token._is_pki_token(
|
||||
self.data.domain_scoped_access_info.auth_token))
|
||||
self.assertFalse(created_token._is_pki_token(None))
|
||||
|
||||
|
||||
class BehindProxyTestCase(test.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.request = http.HttpRequest()
|
||||
|
||||
def test_without_proxy(self):
|
||||
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
|
||||
from openstack_auth.utils import get_client_ip
|
||||
self.assertEqual('10.111.111.2', get_client_ip(self.request))
|
||||
|
||||
def test_with_proxy_no_settings(self):
|
||||
from openstack_auth.utils import get_client_ip
|
||||
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
|
||||
self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33'
|
||||
self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
|
||||
self.assertEqual('10.111.111.2', get_client_ip(self.request))
|
||||
|
||||
def test_with_settings_without_proxy(self):
|
||||
from openstack_auth.utils import get_client_ip
|
||||
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
|
||||
self.assertEqual('10.111.111.2', get_client_ip(self.request))
|
||||
|
||||
@override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_FORWARDED_FOR')
|
||||
def test_with_settings_with_proxy_forwardfor(self):
|
||||
from openstack_auth.utils import get_client_ip
|
||||
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
|
||||
self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
|
||||
self.assertEqual('172.18.0.2', get_client_ip(self.request))
|
||||
|
||||
@override_settings(SECURE_PROXY_ADDR_HEADER='HTTP_X_REAL_IP')
|
||||
def test_with_settings_with_proxy_real_ip(self):
|
||||
from openstack_auth.utils import get_client_ip
|
||||
self.request.META['REMOTE_ADDR'] = '10.111.111.2'
|
||||
self.request.META['HTTP_X_REAL_IP'] = '192.168.15.33'
|
||||
self.request.META['HTTP_X_FORWARDED_FOR'] = '172.18.0.2'
|
||||
self.assertEqual('192.168.15.33', get_client_ip(self.request))
|
||||
|
|
|
@ -476,3 +476,25 @@ def get_admin_permissions():
|
|||
}
|
||||
"""
|
||||
return {get_role_permission(role) for role in get_admin_roles()}
|
||||
|
||||
|
||||
def get_client_ip(request):
|
||||
"""Return client ip address using SECURE_PROXY_ADDR_HEADER variable.
|
||||
|
||||
If not present or not defined on settings then REMOTE_ADDR is used.
|
||||
|
||||
:param request: Django http request object.
|
||||
:type request: django.http.HttpRequest
|
||||
|
||||
:returns: Possible client ip address
|
||||
:rtype: string
|
||||
"""
|
||||
_SECURE_PROXY_ADDR_HEADER = getattr(
|
||||
settings, 'SECURE_PROXY_ADDR_HEADER', False
|
||||
)
|
||||
if _SECURE_PROXY_ADDR_HEADER:
|
||||
return request.META.get(
|
||||
_SECURE_PROXY_ADDR_HEADER,
|
||||
request.META.get('REMOTE_ADDR')
|
||||
)
|
||||
return request.META.get('REMOTE_ADDR')
|
||||
|
|
Loading…
Reference in New Issue