Log auth details

Signed-off-by: Kipchirchir Sigei <[email protected]>
onaio · Sep 25, 2023 · 421d9e7 · 421d9e7
1 parent 0cf521e
commit 421d9e7
Showing 1 changed file with 23 additions and 7 deletions.
diff --git a/onadata/libs/authentication.py b/onadata/libs/authentication.py
@@ -4,6 +4,8 @@
 """
 from __future__ import unicode_literals
 
+import logging
+
 from datetime import datetime
 from typing import Optional, Tuple
 
@@ -35,8 +37,13 @@
 from onadata.apps.api.tasks import send_account_lockout_email
 from onadata.libs.utils.cache_tools import LOCKOUT_IP, LOGIN_ATTEMPTS, cache, safe_key
 from onadata.libs.utils.common_tags import API_TOKEN
+from onadata.libs.utils.common_tools import report_exception
 from onadata.libs.utils.email import get_account_lockout_email_data
 
+logger = logging.getLogger("console_logger")
+logger.addHandler(logging.StreamHandler())
+logger.setLevel(logging.INFO)
+
 ENKETO_AUTH_COOKIE = getattr(settings, "ENKETO_AUTH_COOKIE", "__enketo")
 TEMP_TOKEN_EXPIRY_TIME = getattr(
     settings, "DEFAULT_TEMP_TOKEN_EXPIRY_TIME", 60 * 60 * 6
@@ -114,14 +121,23 @@ def authenticate(self, request):
             remaining_attempts = getattr(settings, "MAX_LOGIN_ATTEMPTS", 10) - attempts
             # pylint: disable=unused-variable
             lockout_time = getattr(settings, "LOCKOUT_TIME", 1800) // 60  # noqa
-            raise AuthenticationFailed(
-                _(
-                    "Invalid username/password. "
-                    f"For security reasons, after {remaining_attempts} more failed "
-                    f"login attempts you'll have to wait {lockout_time} minutes "
-                    "before trying again."
-                )
+            ip_address, username = retrieve_user_identification(request)
+            user_agent = request.META.get("HTTP_USER_AGENT", None)
+            info_str = (
+                f"IP: {ip_address}, USERNAME: {username}, "
+                f"REMAINING_ATTEMPTS: {remaining_attempts}, USER_AGENT: {user_agent}"
             )
+            logger.info(info_str)
+            error_str = _(
+                "Invalid username/password. "
+                f"For security reasons, after {remaining_attempts} more failed "
+                f"login attempts you'll have to wait {lockout_time} minutes "
+                "before trying again."
+            )
+            # log to sentry
+            report_exception("Authentication Failure", error_str)
+            raise AuthenticationFailed(error_str)
+
         except (AttributeError, ValueError, DataError) as e:
             raise AuthenticationFailed(e) from e