Log details about user login and logout.
To satisfy security requirements, we need to explicitly track: - when a user attempts to log in, successful or not - when a user logs out - whether or not the user associated with a request is logged in The first two are satisfied by extra log statements and the last is a new boolean field on the JSON logs.
This commit is contained in:
dandds
@@ -2,16 +2,22 @@ import datetime
|
||||
import json
|
||||
import logging
|
||||
|
||||
from flask import g, request, has_request_context
|
||||
from flask import g, request, has_request_context, session
|
||||
|
||||
|
||||
class RequestContextFilter(logging.Filter):
|
||||
def filter(self, record):
|
||||
if has_request_context():
|
||||
if getattr(g, "current_user", None):
|
||||
record.user_id = str(g.current_user.id)
|
||||
record.dod_edipi = g.current_user.dod_id
|
||||
|
||||
user_id = session.get("user_id")
|
||||
if user_id:
|
||||
record.user_id = str(user_id)
|
||||
record.logged_in = True
|
||||
else:
|
||||
record.logged_in = False
|
||||
|
||||
if request.environ.get("HTTP_X_REQUEST_ID"):
|
||||
record.request_id = request.environ.get("HTTP_X_REQUEST_ID")
|
||||
|
||||
@@ -30,6 +36,7 @@ class JsonFormatter(logging.Formatter):
|
||||
("request_id", lambda r: r.__dict__.get("request_id")),
|
||||
("user_id", lambda r: r.__dict__.get("user_id")),
|
||||
("dod_edipi", lambda r: r.__dict__.get("dod_edipi")),
|
||||
("logged_in", lambda r: r.__dict__.get("logged_in")),
|
||||
("severity", lambda r: r.levelname),
|
||||
("tags", lambda r: r.__dict__.get("tags")),
|
||||
("audit_event", lambda r: r.__dict__.get("audit_event")),
|
||||
@@ -44,7 +51,7 @@ class JsonFormatter(logging.Formatter):
|
||||
|
||||
for field, func in self._DEFAULT_RECORD_FIELDS:
|
||||
result = func(record)
|
||||
if result:
|
||||
if result is not None:
|
||||
message_dict[field] = result
|
||||
|
||||
if record.args:
|
||||
|
||||
Reference in New Issue
Block a user