You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/05/11 15:36:40 UTC
[airavata-django-portal] 01/05: AIRAVATA-3332 Log password failures
at warning level
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit b23f2c324f42216111c4c19e32cdfcae5b15351e
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon May 11 11:14:57 2020 -0400
AIRAVATA-3332 Log password failures at warning level
The purpose of this is to not generate an error
email for each username/password failure.
---
django_airavata/apps/auth/backends.py | 44 +++++++++++++++++++++--------------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
index fc495c4..bca2881 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -6,7 +6,7 @@ import requests
from django.conf import settings
from django.contrib.auth.models import User
from django.views.decorators.debug import sensitive_variables
-from oauthlib.oauth2 import LegacyApplicationClient
+from oauthlib.oauth2 import LegacyApplicationClient, InvalidGrantError
from requests_oauthlib import OAuth2Session
from . import utils
@@ -27,6 +27,8 @@ class KeycloakBackend(object):
if username and password:
token, userinfo = self._get_token_and_userinfo_password_flow(
username, password)
+ if token is None: # login failed
+ return None
self._process_token(request, token)
return self._process_userinfo(request, userinfo)
# user is already logged in and can use refresh token
@@ -60,23 +62,29 @@ class KeycloakBackend(object):
return None
def _get_token_and_userinfo_password_flow(self, username, password):
- client_id = settings.KEYCLOAK_CLIENT_ID
- client_secret = settings.KEYCLOAK_CLIENT_SECRET
- token_url = settings.KEYCLOAK_TOKEN_URL
- userinfo_url = settings.KEYCLOAK_USERINFO_URL
- verify_ssl = settings.KEYCLOAK_VERIFY_SSL
- oauth2_session = OAuth2Session(client=LegacyApplicationClient(
- client_id=client_id))
- if hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
- oauth2_session.verify = settings.KEYCLOAK_CA_CERTFILE
- token = oauth2_session.fetch_token(token_url=token_url,
- username=username,
- password=password,
- client_id=client_id,
- client_secret=client_secret,
- verify=verify_ssl)
- userinfo = oauth2_session.get(userinfo_url).json()
- return token, userinfo
+ try:
+ client_id = settings.KEYCLOAK_CLIENT_ID
+ client_secret = settings.KEYCLOAK_CLIENT_SECRET
+ token_url = settings.KEYCLOAK_TOKEN_URL
+ userinfo_url = settings.KEYCLOAK_USERINFO_URL
+ verify_ssl = settings.KEYCLOAK_VERIFY_SSL
+ oauth2_session = OAuth2Session(client=LegacyApplicationClient(
+ client_id=client_id))
+ if hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
+ oauth2_session.verify = settings.KEYCLOAK_CA_CERTFILE
+ token = oauth2_session.fetch_token(token_url=token_url,
+ username=username,
+ password=password,
+ client_id=client_id,
+ client_secret=client_secret,
+ verify=verify_ssl)
+ userinfo = oauth2_session.get(userinfo_url).json()
+ return token, userinfo
+ except InvalidGrantError as e:
+ # password wasn't valid, just log as a warning
+ logger.warning(f"Failed to log in user {username} with "
+ f"password: {e}")
+ return None, None
def _get_token_and_userinfo_redirect_flow(self, request):
authorization_code_url = request.build_absolute_uri()