Login/logout auditing

[ryhoo2]

Thank you for providing this module, that's the only one that actually work!

Authentication for my app is working fine with Okta integration. Now I need to add auditing, especially log all successful/unsuccessful login attempts and logout events. I have configured the logger in my settings.py like this:

logger = logging.getLogger('oauth2_authcodeflow')
logger.addHandler(logging.StreamHandler())
if DEBUG:
    logger.setLevel(logging.DEBUG)
else:
    logger.setLevel(logging.INFO)

But I cannot find login/logout messages in the logs. Is it missing currently in the module code? Or I have misconfigured something?

Thanks!

[cpontvieux-systra]

Hi @ryhoo2

I tried to read and follow the RFCs to make this library.

It seems your code is correct, but the library does not include proper logging right now. I mean there is some logging (warning, debug) but not at places you expect. It was mainly for me to be sure it’s doing what it’s suppose to do. Logging successful login/logout was not on my radar.

You might get what you want by using a special page for logout and log yourself in that area before redirecting (or not) elsewhere.

For login, you might want to add a custom middleware that monitor if not corrected before request is handled and connected afterwards but that is tedious work.

I may add some logging to this intent in the next version. Does not seems like a lot of work. If you can propose a pull-request (or better a merge-request on gitlab repo) that could accelerate the process.

[ryhoo2]

Cyrille,

Thank you for the reply. It's not that critical for me right now, I just wanted to know if I misconfigured something or it's not yet implemented. I'm afraid I'm not that experienced with gitlab and Python libraries coding to provide the pull-request. Maybe some day:)

Thanks again, great work! Michal

[pinoatrome]

Hi all, in case this is still of interest Django auth provides events for user login, logout and failed logins:

docs: https://docs.djangoproject.com/en/dev/ref/contrib/auth/#module-django.contrib.auth.signals

see https://stackoverflow.com/questions/1990502/django-signal-when-user-logs-in for usage example.

Hope this helps. ciao GG

PS: thanks for the module!

[jrd]

I may add pointer in the doc to those links. I didn’t know those events/signals.

Thanks @pinoatrome

[pinoatrome]

Hi @jrd, you are welcome.

In case you busy I'd be happy to contribute with such task, a documentation task is ideal to start within a project. GG

[cpontvieux-systra]

Hi @pinoatrome, yes please, I’d be glad to include more documentation.

I added mere doc about this in the README.md file, but maybe a proper documentation file would be better.

The main development is happening on gitlab. I would prefer to have pull request and issues there, but if it’s a burden for you, then here is fine too.

[pinoatrome]

Hi @jrd, sure: I'll create a new issue to enhance the documentation about auditing with an example showing how to use Django auth signals for that matter. Ciao GG