Add login log

10aa8c40 · ibuler · f70abec5 · 10aa8c40 · 10aa8c40 · 10aa8c40
Commit 10aa8c40 authored Nov 10, 2016 by ibuler
11 changed files
--- a/apps/audits/hands.py
+++ b/apps/audits/hands.py
 # ~*~ coding: utf-8 ~*~
 #

+from users.utils import AdminUserRequiredMixin
 from users.models import User
 from assets.models import Asset, SystemUser
 from users.backends import IsSuperUserOrTerminalUser

--- a/apps/audits/models.py
+++ b/apps/audits/models.py
@@ -22,9 +22,7 @@ class LoginLog(models.Model):
    login_ip = models.GenericIPAddressField(verbose_name=_('Login ip'))
    login_city = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('Login city'))
    user_agent = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('User agent'))
-    from_terminal = models.ForeignKey
    date_login = models.DateTimeField(auto_now_add=True, verbose_name=_('Date login'))
-    date_logout = models.DateTimeField(null=True, verbose_name=_('Date logout'))

    class Meta:
        db_table = 'login_log'

--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
+#!/usr/bin/env python
+# ~*~ coding: utf-8 ~*~
+# 
+
+from celery import shared_task
+from .utils import write_login_log
+
+
+@shared_task
+def write_login_log_async(*args, **kwargs):
+    write_login_log(*args, **kwargs)
\ No newline at end of file
--- a/apps/audits/utils.py
+++ b/apps/audits/utils.py
 # ~*~ coding: utf-8 ~*~
 #

-from users.utils import AdminUserRequiredMixin
+from __future__ import unicode_literals
+import requests
+import ipaddress
+
+from .models import LoginLog
+
+
+def validate_ip(ip):
+    try:
+        ipaddress.ip_address(ip)
+        return True
+    except ValueError:
+        pass
+    return False
+
+
+def write_login_log(username, name='', login_type='W',
+                    terminal='', login_ip='', user_agent=''):
+    print(login_ip)
+    if not (login_ip and validate_ip(login_ip)):
+        login_ip = '0.0.0.0'
+    if not name:
+        name = username
+    login_city = get_ip_city(login_ip)
+    LoginLog.objects.create(username=username, name=name, login_type=login_type, login_ip=login_ip,
+                            terminal=terminal, login_city=login_city, user_agent=user_agent)
+
+
+def get_ip_city(ip, timeout=3):
+    # Taobao ip api: http://ip.taobao.com//service/getIpInfo.php?ip=8.8.8.8
+    # Sina ip api: http://int.dpool.sina.com.cn/iplookup/iplookup.php?ip=8.8.8.8&format=js
+
+    url = 'http://ip.taobao.com//service/getIpInfo.php?ip=' + ip
+    r = requests.get(url, timeout=timeout)
+    city = 'Unknown'
+    if r.status_code == 200:
+        try:
+            data = r.json()
+            if data['code'] == 0:
+                city = data['data']['country'] + data['data']['city']
+        except ValueError:
+            pass
+    return city
+

--- a/apps/audits/views.py
+++ b/apps/audits/views.py
@@ -11,8 +11,7 @@ from django.conf import settings
 from django.db.models import Q

 from .models import ProxyLog, CommandLog
-from .utils import AdminUserRequiredMixin
-from .hands import User, Asset, SystemUser
+from .hands import User, Asset, SystemUser, AdminUserRequiredMixin


 seven_days_ago_s = (datetime.datetime.now()-datetime.timedelta(7)).strftime('%m/%d/%Y')

--- a/apps/templates/_footer.html
+++ b/apps/templates/_footer.html
 <div class="footer fixed">
    <div class="pull-right">
-        Version <strong>0.3.3</strong> GPL.
+        Version <strong>0.4.0</strong> GPL.
    </div>
    <div>
        <strong>Copyright</strong> Jumpserver.org Team &copy; 2014-2016

--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -16,8 +16,9 @@ from common.mixins import BulkDeleteApiMixin
 from common.utils import get_logger
 from .utils import check_user_valid, token_gen
 from .models import User, UserGroup
-from . import serializers
+from .hands import write_login_log_async
 from .backends import IsSuperUser, IsTerminalUser, IsValidUser, IsSuperUserOrTerminalUser
+from . import serializers


 logger = get_logger(__name__)
@@ -126,8 +127,9 @@ class UserAuthApi(APIView):
        username = request.data.get('username', '')
        password = request.data.get('password', '')
        public_key = request.data.get('public_key', '')
-        remote_addr = request.META.get('REMOTE_ADDR', '')
-        remote_addr = base64.b64encode(remote_addr).replace('=', '')
+        remote_addr = request.data.get('remote_addr', '')
+        terminal = request.data.get('terminal', '')
+        login_type = request.data.get('login_type', 'T')
        user = check_user_valid(username=username, password=password, public_key=public_key)

        if user:
@@ -137,6 +139,8 @@ class UserAuthApi(APIView):

            cache.set(token, user.id, self.expiration)
            cache.set('%s_%s' % (user.id, remote_addr), token, self.expiration)
+            write_login_log_async.delay(user.username, name=user.name, terminal=terminal,
+                                        login_ip=remote_addr, login_type=login_type)
            return Response({'token': token, 'id': user.id, 'username': user.username, 'name': user.name})
        else:
            return Response({'msg': 'Invalid password or public key or user is not active or expired'}, status=401)
--- a/apps/users/hands.py
+++ b/apps/users/hands.py
@@ -11,5 +11,6 @@
 """

 from terminal.models import Terminal
+from audits.tasks import write_login_log_async
 # from perms.models import AssetPermission
 # from perms.utils import get_user_granted_assets, get_user_granted_asset_groups
--- a/apps/users/templates/users/user_granted_asset.html
+++ b/apps/users/templates/users/user_granted_asset.html
@@ -86,7 +86,7 @@
                                    </div>
                                </div>
                                <div class="ibox-content">
-                                    <table class="table table-hover " id="user_asset_groups_table" >
+                                    <table class="table table-hover" id="user_asset_groups_table" >
                                        <thead>
                                            <tr>
                                                <th></th>

--- a/apps/users/views.py
+++ b/apps/users/views.py
@@ -28,7 +28,7 @@ from common.utils import get_object_or_none, get_logger
 from perms.models import AssetPermission
 from .models import User, UserGroup
 from .utils import AdminUserRequiredMixin, user_add_success_next, send_reset_password_mail
-# from .hands import AssetPermission, get_user_granted_asset_groups, get_user_granted_assets
+from .hands import write_login_log_async
 from . import forms


@@ -50,6 +50,10 @@ class UserLoginView(FormView):

    def form_valid(self, form):
        auth_login(self.request, form.get_user())
+        login_ip = self.request.META.get('REMOTE_ADDR', '')
+        user_agent = self.request.META.get('HTTP_USER_AGENT', '')
+        write_login_log_async.delay(self.request.user.username, self.request.user.name,
+                                    login_type='W', login_ip=login_ip, user_agent=user_agent)
        return redirect(self.get_success_url())

    def get_success_url(self):

--- a/requirements.txt
+++ b/requirements.txt
@@ -13,3 +13,4 @@ sshpubkeys==2.2.0
 djangorestframework-bulk==0.2.1
 paramiko==2.0.2
 django-redis-cache==1.7.1
+requests==2.11.1
\ No newline at end of file