pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Log details about user login and logout.

Browse Source 
To satisfy security requirements, we need to explicitly track:

- when a user attempts to log in, successful or not
- when a user logs out
- whether or not the user associated with a request is logged in

The first two are satisfied by extra log statements and the last is a
new boolean field on the JSON logs.
This commit is contained in:
dandds
2020-01-09 15:45:47 -05:00
parent a0b96402f2
commit 1ab0c26365
5 changed files with 48 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/utils/test_logging.py
View File

@@ -72,9 +72,11 @@ def test_request_context_filter(logger, log_stream_content, request_ctx, monkeyp
user.dod_id = "5678901234"
monkeypatch.setattr("atst.utils.logging.g", Mock(current_user=user))
monkeypatch.setattr("atst.utils.logging.session", {"user_id": user_uuid})
request_ctx.request.environ["HTTP_X_REQUEST_ID"] = request_uuid
logger.info("this user is doing something")
log = json.loads(log_stream_content())
assert log["user_id"] == str(user_uuid)
assert log["dod_edipi"] == str(user.dod_id)
assert log["request_id"] == request_uuid
assert log["logged_in"] == True