Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKAN does not capture user login event any more #4436

Closed
FuhuXia opened this issue Aug 25, 2023 · 4 comments
Closed

CKAN does not capture user login event any more #4436

FuhuXia opened this issue Aug 25, 2023 · 4 comments
Assignees
@nickumia-reisys @Jin-Sun-tts
Labels
bug Software defect or bug CKAN component/catalog Related to catalog component playbooks/roles component/inventory Inventory playbooks/roles logging Notifications

Comments

@FuhuXia
Copy link
Member

FuhuXia commented Aug 25, 2023

We made an effort to capture user login and logout events.

But after CKAN2.10 deployment, login event is not captured any more, as shown in the catalog-admin NewRelic log. Same for Inventory.

image

How to reproduce

Log in to catalog and search for "logged in successfully" in catalog-admin NewRelic log.

Expected behavior

See the entry.

Actual behavior

No entry.

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]
@FuhuXia FuhuXia added the bug Software defect or bug label Aug 25, 2023
@Jin-Sun-tts Jin-Sun-tts self-assigned this Sep 11, 2023
@nickumia-reisys
Copy link
Contributor

nickumia-reisys commented Sep 13, 2023
edited
Loading

Code to put api token logging: load_user_from_request

Important functions:

CORRECTION!

API Token is being logged: log.debug(u'Received API Token: %s' % apitoken). However, this requires debug at the ckan level, which is currently set to info for catalog and inventory. While it's not the most effective solution. To get the specific user directly, we'd need to submit a PR upstream to log the user (instead? or as well?). We could add a log.info(u'User used API Token: %s' % user)... but it requires team discussion.

@nickumia-reisys nickumia-reisys mentioned this issue Sep 13, 2023
Merged
@FuhuXia
Copy link
Member Author

FuhuXia commented Sep 13, 2023
edited
Loading

Or extend identify() in IAuthenticator in ckanext-saml2auth or a new ckanext-datagovcommon with the following code:

def identify(self):
    if current_user.is_authenticated and current_user.is_active and not session.get('last_active'):
        log.info('User {} logged in{}'.format(
            current_user.name, 
            ' via saml' if session.get('_saml_session_info') else ''
        ))

@Jin-Sun-tts
Copy link
Contributor

The UI login were fixed to have the log.info in the 2.10 condition in the saml2auth.py file. While working on the solution to capture API login too, added identity in the plugin.py file to extend in IAuthenticator. So we do not need the login info in the saml2auth location anymore as the identify function log both situation. here are the test result from local:

From UI login:
Image

From curl call:
Image

@Jin-Sun-tts
Copy link
Contributor

Jin-Sun-tts commented Sep 14, 2023
edited
Loading

We have the change in gsa/ckanext-saml2auth create_user_via_saml.log_210 branch. Requested PR to upstream keitaroinc/ckanext-saml2auth#92

@Jin-Sun-tts Jin-Sun-tts mentioned this issue Sep 14, 2023
Merged
@nickumia-reisys nickumia-reisys added component/catalog Related to catalog component playbooks/roles component/inventory Inventory playbooks/roles Notifications CKAN logging labels Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nickumia-reisys nickumia-reisys

@Jin-Sun-tts Jin-Sun-tts

Labels
bug Software defect or bug CKAN component/catalog Related to catalog component playbooks/roles component/inventory Inventory playbooks/roles logging Notifications
Projects
data.gov team board
Status: 🗄 Closed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FuhuXia @nickumia-reisys @Jin-Sun-tts