Ft bklogin log

src/login/bklogin/backends/bk.py

@@ -10,12 +10,12 @@
 specific language governing permissions and limitations under the License.
 """
 from bklogin.common.exceptions import AuthenticationError, PasswordNeedReset
+from bklogin.common.log import logger
 from bklogin.common.usermgr import get_categories_str
 from bklogin.components import usermgr_api
 from blue_krill.data_types.enum import StructuredEnum
 from django.contrib.auth import get_user_model
 from django.contrib.auth.backends import ModelBackend
-from django.core.exceptions import ObjectDoesNotExist
 
 
 def _split_username(username):
@@ -59,6 +59,7 @@ class BkUserBackend(ModelBackend):
     def authenticate(self, request, username=None, password=None, **kwargs):
         # NOTE: username here maybe: username/phone/email
         if not username or not password:
+            logger.debug("username or password empty, username=%s, password=%s", username, password)
             return None
 
         domain_list = get_categories_str().split(";")
@@ -73,6 +74,13 @@ def authenticate(self, request, username=None, password=None, **kwargs):
         ok, code, message, extra_values = usermgr_api.authenticate(
             username, password, language=kwargs.get("language"), domain=domain
         )
+        logger.debug(
+            "usermgr_api.authenticate result: ok=%s, code=%s, message=%s, extra_values=%s",
+            ok,
+            code,
+            message,
+            extra_values,
+        )
 
         # 认证不通过
         if not ok:
@@ -82,11 +90,8 @@ def authenticate(self, request, username=None, password=None, **kwargs):
 
         # set the username to real username
         username = extra_values.get("username", username)
-        user_model = get_user_model()
-        try:
-            user = user_model.objects.get(username=username)
-        except ObjectDoesNotExist:
-            user = user_model.objects.create_user(username=username)
+        UserModel = get_user_model()
+        user = UserModel(username)
 
         user.fill_with_userinfo(extra_values)
         return user

src/login/bklogin/bk_i18n/signal_receivers.py

@@ -13,6 +13,7 @@
 from __future__ import unicode_literals
 
 from bklogin.bk_i18n.constants import BK_LANG_TO_DJANGO_LANG, DJANGO_LANG_TO_BK_LANG
+from bklogin.common.log import logger
 from bklogin.components.usermgr_api import upsert_user
 from django.conf import settings
 from django.contrib.auth.signals import user_logged_in
@@ -33,12 +34,20 @@ def _get_language_from_request(request, user):
     # session 有language，说明在登录页面有进行修改或设置，则需要同步到用户个人信息中
     lang_code = request.session.get(translation.LANGUAGE_SESSION_KEY)
     if lang_code in supported_lang_codes and lang_code is not None and check_for_language(lang_code):
+        logger.debug(
+            "user %s's request lang_code is %s. supported_lang_codes: %s",
+            user.username,
+            lang_code,
+            supported_lang_codes,
+        )
         return lang_code
 
     # 个人信息中已有language
     if user.language:
+        logger.debug("user %s already has language: %s", user.username, user.language)
         return None
 
+    logger.debug("user %s has no language, and can't get from session, do a guess", user.username)
     # session 情况不满足同步到用户个人信息，且目前个人信息中无language设置
     # 查询header头
     accept = request.META.get("HTTP_ACCEPT_LANGUAGE", "")
@@ -69,20 +78,40 @@ def update_user_i18n_info(sender, request, user, *args, **kwargs):
         # 默认使用settings中配置
         time_zone = settings.TIME_ZONE
         # sync time_zone to usermgr
-        upsert_user(username=user.username, time_zone=time_zone)
+        ok, message, _ = upsert_user(username=user.username, time_zone=time_zone)
+        if not ok:
+            logger.error(
+                "fail to update user %s's timezone to %s. %s",
+                user.username,
+                time_zone,
+                message,
+            )
 
     # 设置language
     lang_code = _get_language_from_request(request, user)
+    logger.debug(
+        "get language code from user %s's request, language code is %s",
+        user.username,
+        lang_code,
+    )
     bk_lang_code = user.language
     if lang_code:
         # 蓝鲸约定的语言代号与Django的有不同，需要进行转换
         bk_lang_code = DJANGO_LANG_TO_BK_LANG[lang_code]
         # sync language to usermgr
-        upsert_user(username=user.username, language=bk_lang_code)
+        ok, message, _ = upsert_user(username=user.username, language=bk_lang_code)
+        if not ok:
+            logger.error(
+                "fail to update user %s's language to %s. %s",
+                user.username,
+                bk_lang_code,
+                message,
+            )
         request.user.language = bk_lang_code
 
     lang_code = BK_LANG_TO_DJANGO_LANG[bk_lang_code]
     # set session for render html when logged in not redirect
+    logger.debug("session.set language code to %s, timezone to %s", lang_code, time_zone)
     request.session[translation.LANGUAGE_SESSION_KEY] = lang_code
     translation.activate(lang_code)
     request.LANGUAGE_CODE = translation.get_language()

src/login/bklogin/bkauth/actions.py

@@ -18,6 +18,7 @@
 
 from bklogin.bkauth.constants import REDIRECT_FIELD_NAME
 from bklogin.bkauth.utils import get_bk_token, is_safe_url, record_login_log, set_bk_token_invalid
+from bklogin.common.log import logger
 from django.conf import settings
 from django.contrib.auth import login as auth_login
 from django.contrib.auth.forms import AuthenticationForm
@@ -46,6 +47,8 @@ def login_failed_response(request, redirect_to, app_id):
 
     if query:
         redirect_url = "%s?%s" % (BK_LOGIN_URL, urllib.parse.urlencode(query))
+
+    logger.debug("login_failed_response, redirect_to=%s, app_id=%s", redirect_to, app_id)
     response = HttpResponseRedirect(redirect_url)
     response = set_bk_token_invalid(request, response)
     return response
@@ -73,7 +76,10 @@ def login_success_response(request, user_or_form, redirect_to, app_id):
     if redirect_to == "/logout/":
         redirect_to = "/console/"
 
+    logger.debug("login_success_response, username=%s, redirect_to=%s, app_id=%s", username, redirect_to, app_id)
+
     # 设置用户登录
+    # TODO: 这个是django默认的login函数, 调用如果报错可以注解, 目前无实际作用
     auth_login(request, user)
     # 记录登录日志
     record_login_log(request, username, app_id)

src/login/bklogin/bkauth/forms.py

@@ -23,6 +23,7 @@ def clean(self):
         password = self.cleaned_data.get("password")
 
         if username and password:
+            # will call backend/bk.py: BkUserBackend.authenticate()
             self.user_cache = authenticate(
                 username=username,
                 password=password,

src/login/bklogin/bkauth/middlewares.py

@@ -16,10 +16,8 @@
 
 from bklogin.bk_i18n.constants import BK_LANG_TO_DJANGO_LANG
 from bklogin.bkauth.constants import REDIRECT_FIELD_NAME
-from bklogin.bkauth.utils import validate_bk_token
-from bklogin.common.log import logger
 from django.conf import settings
-from django.contrib.auth import authenticate, get_user_model
+from django.contrib.auth import authenticate
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.auth.views import redirect_to_login
 from django.http import HttpResponse
@@ -62,27 +60,12 @@ def process_request(self, request):
         if full_path in [settings.SITE_URL + "i18n/setlang/", "/i18n/setlang/"]:
             return None
 
-        user = None
-        bk_token = request.COOKIES.get("bk_token")
-
-        path_prefix = settings.FORCE_SCRIPT_NAME or ""
-        if bk_token and full_path.startswith("%s/oauth/authorize/" % path_prefix):
-            is_valid, username, message = validate_bk_token(request.COOKIES)
-            if is_valid:
-                try:
-                    UserModel = get_user_model()
-                    user = UserModel.objects.get(username=username)
-                    user.bk_token = bk_token
-                except Exception:
-                    logger.exception("get user via username=%s fail", username)
-                    user = None
-        else:
-            user = authenticate(request=request)
-            if user:
-                # 设置timezone session
-                request.session[settings.TIMEZONE_SESSION_KEY] = user.time_zone
-                # 设置language session
-                request.session[translation.LANGUAGE_SESSION_KEY] = BK_LANG_TO_DJANGO_LANG[user.language]
+        user = authenticate(request=request)
+        if user:
+            # 设置timezone session
+            request.session[settings.TIMEZONE_SESSION_KEY] = user.time_zone
+            # 设置language session
+            request.session[translation.LANGUAGE_SESSION_KEY] = BK_LANG_TO_DJANGO_LANG[user.language]
 
         request.user = user or AnonymousUser()
 

src/login/bklogin/bkauth/models.py

@@ -14,7 +14,6 @@
 
 from builtins import object
 
-from bklogin.bkauth.manager import BkUserManager
 from bklogin.bkauth.utils import is_bk_token_valid
 from bklogin.components.usermgr_api import upsert_user
 from django.contrib.auth import models
@@ -28,8 +27,6 @@ class User(models.AbstractBaseUser, models.AnonymousUser):
     username = db_models.CharField(primary_key=True, max_length=255)
     USERNAME_FIELD = "username"
 
-    objects = BkUserManager()
-
     def __init__(self, *args, **kwargs):
         self.init_fields()
 

src/login/bklogin/bkauth/utils.py

@@ -129,6 +129,7 @@ def validate_bk_token(data):
     # 验证Token参数
     is_valid, username = is_bk_token_valid(bk_token)
     if not is_valid:
+        logger.debug("bk_token %s not valid, %s", bk_token, username)
         return False, None, username
 
     # TODO: ? use usermgr get user check if user exists?

src/login/bklogin/bkauth/views.py

@@ -17,9 +17,10 @@
 from bklogin.bkauth.forms import BkAuthenticationForm
 from bklogin.bkauth.utils import is_safe_url, set_bk_token_invalid
 from bklogin.common.exceptions import AuthenticationError, PasswordNeedReset
-from bklogin.common.license import check_license
+from bklogin.common.log import logger
 from bklogin.common.mixins.exempt import LoginExemptMixin
 from bklogin.common.usermgr import get_categories_str
+from bklogin.components.license import check_license
 from django.conf import settings
 from django.contrib.auth import logout as auth_logout
 from django.contrib.sites.shortcuts import get_current_site
@@ -70,13 +71,16 @@ def post(self, request):
         return self._login(request)
 
     def _login(self, request):
+        logger.debug(
+            "login_type is %s, using custom_login: %s", settings.LOGIN_TYPE, settings.LOGIN_TYPE == "custom_login"
+        )
         # 判断调用方式
         if settings.LOGIN_TYPE != "custom_login":
             return _bk_login(request)
 
         if settings.EDITION == "ee":
             # 校验企业正式是否有效，无效则不可登录
-            is_license_ok, message, vaild_start_time, vaild_end_time = check_license()
+            is_license_ok, msg, valid_start_time, valid_end_time = check_license()
             if not is_license_ok:
                 return login_license_fail_response(request)
 
@@ -96,15 +100,12 @@ def _bk_login(request):
     token_set_password_url = ""
 
     redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, ""))
-    # support oauth2 redirect ?next=
-    if not redirect_to and "next" in request.GET:
-        redirect_to = request.GET.get("next")
 
     app_id = request.POST.get("app_id", request.GET.get("app_id", ""))
 
     if settings.EDITION == "ee":
         # 校验企业证书是否有效，无效则不可登录
-        is_license_ok, message, vaild_start_time, vaild_end_time = check_license()
+        is_license_ok, msg, valid_start_time, valid_end_time = check_license()
     else:
         is_license_ok = True
         template_name = "account/login_ce.html"

src/login/bklogin/common/context_processors.py

@@ -25,15 +25,15 @@ def site_settings(request):
     real_static_url = urllib.parse.urljoin(str(settings.SITE_URL), str("." + settings.STATIC_URL))
     cur_domain = request.get_host()
     return {
-        "LOGIN_URL": settings.LOGIN_URL,
+        # "LOGIN_URL": settings.LOGIN_URL,
         "LOGOUT_URL": settings.LOGOUT_URL,
         "STATIC_URL": real_static_url,
         "SITE_URL": settings.SITE_URL,
         "STATIC_VERSION": settings.STATIC_VERSION,
         "CUR_DOMIAN": cur_domain,
         "APP_PATH": request.get_full_path(),
         "NOW": timezone.now(),
-        "EDITION": settings.EDITION,
+        # "EDITION": settings.EDITION,
         # 本地 js 后缀名
         "JS_SUFFIX": settings.JS_SUFFIX,
         # 本地 css 后缀名