django-auditlog/src/auditlog/middleware.py

import contextlib

from auditlog.compat import is_authenticated
from auditlog.context import set_actor


@contextlib.contextmanager
def nullcontext():
    """Equivalent to contextlib.nullcontext(None) from Python 3.7."""
    yield


class AuditlogMiddleware(object):
    """
    Middleware to couple the request's user to log items. This is accomplished by currying the signal receiver with the
    user from the request (or None if the user is not authenticated).
    """

    def __init__(self, get_response=None):
        self.get_response = get_response

    def __call__(self, request):

        if request.META.get('HTTP_X_FORWARDED_FOR'):
            # In case of proxy, set 'original' address
            remote_addr = request.META.get('HTTP_X_FORWARDED_FOR').split(',')[0]
        else:
            remote_addr = request.META.get('REMOTE_ADDR')

        if hasattr(request, 'user') and is_authenticated(request.user):
            context = set_actor(actor=request.user, remote_addr=remote_addr)
        else:
            context = nullcontext()

        with context:
            return self.get_response(request)
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`import contextlib`
ensure signal disconnection 2014-02-07 19:59:16 +00:00
Add Django 2.0 Support (#154) * Add changes for django 2.0 Made the following changes to ensure compatibility with django 2.0: 1. Replaced function calls to `is_authenticated()` with reference to property `is_authenticated`. 2. Added try/except call to import `django.core.urlresolvers` (now called `django.urls`. Also added an `... as ...` statement to ensure that references in the code to `urlresolvers` don't need to be changed. 3. Fixed calls statement of `on_delete` arg to all ForeignKey fields. Note that previously a kwarg was acceptable, but this is now a positional arg, and the selected `on_delete` method has been retained. * Update tox tests and consequentual changes Updated tox.ini to also test django 2.0 on python 3+. Some changes made to previous commits required to ensure all tests passed: - Added `compat.py` to have a `is_authenticated()` function to check authentication. This was necessary as the property/method call for `is_authenticated` is no compatible between django 1.8 (LTS) and 2.0. Changed AuditLogMiddleware to call this compatibility function instead of the django built-ins as a result. - Changes made to `auditlog/models.py` to apply kwargs to both `to=` and `on_delete=` for consistency of handling in all version tested. Incorrect django version specified for tox.ini. Now fixed. * Add 'on_delete' kwarg to initial migration Added and re-arranged 'on_delete' and 'to' kwargs in initial migration to ensure compatbility with later versions of Django. Also included updated manifest with changes required due to django 2.0 work. * Add TestCase for compat.py Added simple test case for compat.py file. * Changes follow code review 2017-12-21 * More changes following code review 2017-12-28 1. Added detailed commentary to `compat.py` to ensure reason why `is_authenticated()` compatibility function is needed 2. Changed `hasattr` to `callable` in compat.is_authenticated() 3. Fixed typo in migration 0001 to use correct `on_delete` function 2018-01-02 18:50:45 +00:00			`from auditlog.compat import is_authenticated`
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`from auditlog.context import set_actor`
First implementation 2013-10-20 13:25:48 +00:00
Update middleware for Django 1.10 2016-08-17 20:45:02 +00:00
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`@contextlib.contextmanager`
			`def nullcontext():`
			`"""Equivalent to contextlib.nullcontext(None) from Python 3.7."""`
			`yield`
First implementation 2013-10-20 13:25:48 +00:00
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`class AuditlogMiddleware(object):`
First implementation 2013-10-20 13:25:48 +00:00			`"""`
			`Middleware to couple the request's user to log items. This is accomplished by currying the signal receiver with the`
			`user from the request (or None if the user is not authenticated).`
			`"""`

Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`def __init__(self, get_response=None):`
			`self.get_response = get_response`

			`def __call__(self, request):`
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00
			`if request.META.get('HTTP_X_FORWARDED_FOR'):`
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`# In case of proxy, set 'original' address`
			`remote_addr = request.META.get('HTTP_X_FORWARDED_FOR').split(',')[0]`
			`else:`
			`remote_addr = request.META.get('REMOTE_ADDR')`
Use threadlocals to store middleware data instead of the request 2015-06-03 14:29:40 +00:00
Add Django 2.0 Support (#154) * Add changes for django 2.0 Made the following changes to ensure compatibility with django 2.0: 1. Replaced function calls to `is_authenticated()` with reference to property `is_authenticated`. 2. Added try/except call to import `django.core.urlresolvers` (now called `django.urls`. Also added an `... as ...` statement to ensure that references in the code to `urlresolvers` don't need to be changed. 3. Fixed calls statement of `on_delete` arg to all ForeignKey fields. Note that previously a kwarg was acceptable, but this is now a positional arg, and the selected `on_delete` method has been retained. * Update tox tests and consequentual changes Updated tox.ini to also test django 2.0 on python 3+. Some changes made to previous commits required to ensure all tests passed: - Added `compat.py` to have a `is_authenticated()` function to check authentication. This was necessary as the property/method call for `is_authenticated` is no compatible between django 1.8 (LTS) and 2.0. Changed AuditLogMiddleware to call this compatibility function instead of the django built-ins as a result. - Changes made to `auditlog/models.py` to apply kwargs to both `to=` and `on_delete=` for consistency of handling in all version tested. Incorrect django version specified for tox.ini. Now fixed. * Add 'on_delete' kwarg to initial migration Added and re-arranged 'on_delete' and 'to' kwargs in initial migration to ensure compatbility with later versions of Django. Also included updated manifest with changes required due to django 2.0 work. * Add TestCase for compat.py Added simple test case for compat.py file. * Changes follow code review 2017-12-21 * More changes following code review 2017-12-28 1. Added detailed commentary to `compat.py` to ensure reason why `is_authenticated()` compatibility function is needed 2. Changed `hasattr` to `callable` in compat.is_authenticated() 3. Fixed typo in migration 0001 to use correct `on_delete` function 2018-01-02 18:50:45 +00:00			`if hasattr(request, 'user') and is_authenticated(request.user):`
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`context = set_actor(actor=request.user, remote_addr=remote_addr)`
			`else:`
			`context = nullcontext()`
(bugfix) Adds hasattr check before threadlocal.auditlog access in set_actor middleware.set_actor was inconsistent with other methods in checking for hasattr(threadlocal, 'auditlog') 2018-01-04 19:07:13 +00:00
Move signal management to a context manager This change allows setting the same signals when the request is not present, i.e. in a celery task. 2019-05-11 10:11:12 +00:00			`with context:`
			`return self.get_response(request)`