Login/logout auditing about django-oauth2-authcodeflow HOT 7 CLOSED

Hi all,
in case this is still of interest
Django auth provides events for user login, logout and failed logins:

docs:
https://docs.djangoproject.com/en/dev/ref/contrib/auth/#module-django.contrib.auth.signals

see
https://stackoverflow.com/questions/1990502/django-signal-when-user-logs-in
for usage example.

Hope this helps.
ciao
GG

PS:
thanks for the module!

from django-oauth2-authcodeflow.

I may add pointer in the doc to those links. I didn’t know those events/signals.

Thanks @pinoatrome

from django-oauth2-authcodeflow.

Hi @ryhoo2

I tried to read and follow the RFCs to make this library.

It seems your code is correct, but the library does not include proper logging right now. I mean there is some logging (warning, debug) but not at places you expect. It was mainly for me to be sure it’s doing what it’s suppose to do. Logging successful login/logout was not on my radar.

You might get what you want by using a special page for logout and log yourself in that area before redirecting (or not) elsewhere.

For login, you might want to add a custom middleware that monitor if not corrected before request is handled and connected afterwards but that is tedious work.

I may add some logging to this intent in the next version. Does not seems like a lot of work. If you can propose a pull-request (or better a merge-request on gitlab repo) that could accelerate the process.

from django-oauth2-authcodeflow.

Cyrille,

Thank you for the reply.
It's not that critical for me right now, I just wanted to know if I misconfigured something or it's not yet implemented.
I'm afraid I'm not that experienced with gitlab and Python libraries coding to provide the pull-request. Maybe some day:)

Thanks again, great work!
Michal

from django-oauth2-authcodeflow.

Hi @jrd,
you are welcome.

In case you busy I'd be happy to contribute with such task, a documentation task is ideal to start within a project.
GG

from django-oauth2-authcodeflow.

Hi @pinoatrome, yes please, I’d be glad to include more documentation.

I added mere doc about this in the README.md file, but maybe a proper documentation file would be better.

The main development is happening on gitlab. I would prefer to have pull request and issues there, but if it’s a burden for you, then here is fine too.

from django-oauth2-authcodeflow.

Hi @jrd,
sure: I'll create a new issue to enhance the documentation about auditing with an example showing how to use Django auth signals for that matter.
Ciao
GG

from django-oauth2-authcodeflow.