django-axes/tests/test_logging.py

from unittest.mock import patch

from django.test import override_settings

from axes import __version__
from axes.apps import AppConfig
from axes.models import AccessAttempt, AccessLog
from tests.base import AxesTestCase

_BEGIN = "AXES: BEGIN version %s, %s"
_VERSION = __version__


@patch("axes.apps.AppConfig.initialized", False)
@patch("axes.apps.log")
class AppsTestCase(AxesTestCase):
    def test_axes_config_log_re_entrant(self, log):
        """
        Test that initialize call count does not increase on repeat calls.
        """

        AppConfig.initialize()
        calls = log.info.call_count

        AppConfig.initialize()
        self.assertTrue(
            calls == log.info.call_count and calls > 0,
            "AxesConfig.initialize needs to be re-entrant",
        )

    @override_settings(AXES_VERBOSE=False)
    def test_axes_config_log_not_verbose(self, log):
        AppConfig.initialize()
        self.assertFalse(log.info.called)

    @override_settings(AXES_LOCKOUT_PARAMETERS=["username"])
    def test_axes_config_log_user_only(self, log):
        AppConfig.initialize()
        log.info.assert_called_with(_BEGIN, _VERSION, "blocking by username")

    def test_axes_config_log_ip_only(self, log):
        AppConfig.initialize()
        log.info.assert_called_with(_BEGIN, _VERSION, "blocking by ip_address")

    @override_settings(AXES_LOCKOUT_PARAMETERS=[["username", "ip_address"]])
    def test_axes_config_log_user_ip(self, log):
        AppConfig.initialize()
        log.info.assert_called_with(
            _BEGIN, _VERSION, "blocking by combination of username and ip_address"
        )

    @override_settings(AXES_LOCKOUT_PARAMETERS=["username", "ip_address"])
    def test_axes_config_log_user_or_ip(self, log):
        AppConfig.initialize()
        log.info.assert_called_with(_BEGIN, _VERSION, "blocking by username or ip_address")


class AccessLogTestCase(AxesTestCase):
    def test_access_log_on_logout(self):
        """
        Test a valid logout and make sure the logout_time is updated only for that.
        """

        self.login(is_valid_username=True, is_valid_password=True)
        latest_log = AccessLog.objects.latest("id")
        self.assertIsNone(latest_log.logout_time)
        other_log = self.create_log(session_hash='not-the-session')
        self.assertIsNone(other_log.logout_time)

        response = self.logout()
        self.assertContains(response, "Logged out")
        other_log.refresh_from_db()
        self.assertIsNone(other_log.logout_time)
        latest_log.refresh_from_db()
        self.assertIsNotNone(latest_log.logout_time)

    @override_settings(DATA_UPLOAD_MAX_NUMBER_FIELDS=1500)
    def test_log_data_truncated(self):
        """
        Test that get_query_str properly truncates data to the max_length (default 1024).
        """

        # An impossibly large post dict
        extra_data = {"too-large-field": "x" * 2 ** 16}
        self.login(**extra_data)
        self.assertEqual(len(AccessAttempt.objects.latest("id").post_data), 1024)

    @override_settings(AXES_DISABLE_ACCESS_LOG=True)
    def test_valid_logout_without_success_log(self):
        AccessLog.objects.all().delete()

        response = self.login(is_valid_username=True, is_valid_password=True)
        response = self.logout()

        self.assertEqual(AccessLog.objects.all().count(), 0)
        self.assertContains(response, "Logged out", html=True)

    @override_settings(AXES_DISABLE_ACCESS_LOG=True)
    def test_valid_login_without_success_log(self):
        """
        Test that a valid login does not generate an AccessLog when DISABLE_SUCCESS_ACCESS_LOG is True.
        """

        AccessLog.objects.all().delete()

        response = self.login(is_valid_username=True, is_valid_password=True)

        self.assertEqual(response.status_code, 302)
        self.assertEqual(AccessLog.objects.all().count(), 0)

    @override_settings(AXES_DISABLE_ACCESS_LOG=True)
    def test_valid_logout_without_log(self):
        AccessLog.objects.all().delete()

        response = self.login(is_valid_username=True, is_valid_password=True)
        response = self.logout()

        self.assertEqual(AccessLog.objects.count(), 0)
        self.assertContains(response, "Logged out", html=True)

    @override_settings(AXES_DISABLE_ACCESS_LOG=True)
    def test_non_valid_login_without_log(self):
        """
        Test that a non-valid login does generate an AccessLog when DISABLE_ACCESS_LOG is True.
        """
        AccessLog.objects.all().delete()

        response = self.login(is_valid_username=True, is_valid_password=False)
        self.assertEqual(response.status_code, 200)

        self.assertEqual(AccessLog.objects.all().count(), 0)
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`from unittest.mock import patch`

Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`from django.test import override_settings`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00
Drop pkg_resources from tests 2024-03-04 18:27:20 +00:00			`from axes import __version__`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`from axes.apps import AppConfig`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`from axes.models import AccessAttempt, AccessLog`
Move tests outside project source folder 2021-01-06 21:42:25 +00:00			`from tests.base import AxesTestCase`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00
Update expected test results. 2022-05-09 14:23:37 +00:00			`_BEGIN = "AXES: BEGIN version %s, %s"`
Drop pkg_resources from tests 2024-03-04 18:27:20 +00:00			`_VERSION = __version__`
Update expected test results. 2022-05-09 14:23:37 +00:00
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00
Deprecate settings.AXES_LOGGER configuration flag Fixes #634 The Django import system seems to produce errors in certain configurations and especially when MIGRATION_MODULES configuration is set globally. This is most probably caused by misbehaving or cyclic Python module imports in the Django application instrumentatation chain that come up when the MIGRATION_MODULES configuration is altered. This patch migrates to the standard Python logging system use and has less overhead and complexity for users as well. Having a configurable logging prefix does not produce a lot of benefits and is less flexible than having all individual module logging configurations accessible through the module __name__ parameter in Axes. For example axes.handlers.* or axes.backends.* are separately configurable in the new scheme whereas they would have been both bundled under the AXES_LOGGER log configuration. 2020-09-26 14:50:13 +00:00			`@patch("axes.apps.AppConfig.initialized", False)`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`@patch("axes.apps.log")`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`class AppsTestCase(AxesTestCase):`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`def test_axes_config_log_re_entrant(self, log):`
			`"""`
Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`Test that initialize call count does not increase on repeat calls.`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`"""`

Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`AppConfig.initialize()`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`calls = log.info.call_count`

Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`AppConfig.initialize()`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`self.assertTrue(`
			`calls == log.info.call_count and calls > 0,`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`"AxesConfig.initialize needs to be re-entrant",`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`)`

			`@override_settings(AXES_VERBOSE=False)`
			`def test_axes_config_log_not_verbose(self, log):`
Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`AppConfig.initialize()`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`self.assertFalse(log.info.called)`

test: use AXES_LOCKOUT_PARAMETERS in logging test 2023-05-04 09:51:16 +00:00			`@override_settings(AXES_LOCKOUT_PARAMETERS=["username"])`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`def test_axes_config_log_user_only(self, log):`
Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`AppConfig.initialize()`
test: use AXES_LOCKOUT_PARAMETERS in logging test 2023-05-04 09:51:16 +00:00			`log.info.assert_called_with(_BEGIN, _VERSION, "blocking by username")`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00
			`def test_axes_config_log_ip_only(self, log):`
Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`AppConfig.initialize()`
test: use AXES_LOCKOUT_PARAMETERS in logging test 2023-05-04 09:51:16 +00:00			`log.info.assert_called_with(_BEGIN, _VERSION, "blocking by ip_address")`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00
chore: adjust types: use list instead of iterables and nested lists instead of tuples 2023-05-10 17:06:55 +00:00			`@override_settings(AXES_LOCKOUT_PARAMETERS=[["username", "ip_address"]])`
Improve tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-12 21:22:52 +00:00			`def test_axes_config_log_user_ip(self, log):`
Rename Axes appconfig startup method to initialize Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-16 16:33:07 +00:00			`AppConfig.initialize()`
test: use AXES_LOCKOUT_PARAMETERS in logging test 2023-05-04 09:51:16 +00:00			`log.info.assert_called_with(`
			`_BEGIN, _VERSION, "blocking by combination of username and ip_address"`
			`)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
test: use AXES_LOCKOUT_PARAMETERS in logging test 2023-05-04 09:51:16 +00:00			`@override_settings(AXES_LOCKOUT_PARAMETERS=["username", "ip_address"])`
add LOCK_OUT_BY_USER_OR_IP option store all AccessAttempt records 2020-07-07 08:46:22 +00:00			`def test_axes_config_log_user_or_ip(self, log):`
			`AppConfig.initialize()`
test: use AXES_LOCKOUT_PARAMETERS in logging test 2023-05-04 09:51:16 +00:00			`log.info.assert_called_with(_BEGIN, _VERSION, "blocking by username or ip_address")`
add LOCK_OUT_BY_USER_OR_IP option store all AccessAttempt records 2020-07-07 08:46:22 +00:00
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
			`class AccessLogTestCase(AxesTestCase):`
			`def test_access_log_on_logout(self):`
			`"""`
Add session hash to access log 2024-04-30 14:22:50 +00:00			`Test a valid logout and make sure the logout_time is updated only for that.`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`"""`

			`self.login(is_valid_username=True, is_valid_password=True)`
Add session hash to access log 2024-04-30 14:22:50 +00:00			`latest_log = AccessLog.objects.latest("id")`
			`self.assertIsNone(latest_log.logout_time)`
			`other_log = self.create_log(session_hash='not-the-session')`
			`self.assertIsNone(other_log.logout_time)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
Add session hash to access log 2024-04-30 14:22:50 +00:00			`response = self.logout()`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`self.assertContains(response, "Logged out")`
Add session hash to access log 2024-04-30 14:22:50 +00:00			`other_log.refresh_from_db()`
			`self.assertIsNone(other_log.logout_time)`
			`latest_log.refresh_from_db()`
			`self.assertIsNotNone(latest_log.logout_time)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
Adopt test based on Django security release for CVE-2023-24580 2023-02-17 13:42:49 +00:00			`@override_settings(DATA_UPLOAD_MAX_NUMBER_FIELDS=1500)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`def test_log_data_truncated(self):`
			`"""`
			`Test that get_query_str properly truncates data to the max_length (default 1024).`
			`"""`

			`# An impossibly large post dict`
Fix failing test case for new Django versions See https://code.djangoproject.com/ticket/34968 for more details 2024-09-21 08:32:34 +00:00			`extra_data = {"too-large-field": "x" * 2 ** 16}`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`self.login(**extra_data)`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`self.assertEqual(len(AccessAttempt.objects.latest("id").post_data), 1024)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
Deprecate AXES_DISABLE_SUCCESS_ACCESS_LOG flag Fixes #446 2019-05-25 17:23:18 +00:00			`@override_settings(AXES_DISABLE_ACCESS_LOG=True)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`def test_valid_logout_without_success_log(self):`
			`AccessLog.objects.all().delete()`

			`response = self.login(is_valid_username=True, is_valid_password=True)`
Add session hash to access log 2024-04-30 14:22:50 +00:00			`response = self.logout()`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
			`self.assertEqual(AccessLog.objects.all().count(), 0)`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`self.assertContains(response, "Logged out", html=True)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
Deprecate AXES_DISABLE_SUCCESS_ACCESS_LOG flag Fixes #446 2019-05-25 17:23:18 +00:00			`@override_settings(AXES_DISABLE_ACCESS_LOG=True)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00			`def test_valid_login_without_success_log(self):`
			`"""`
			`Test that a valid login does not generate an AccessLog when DISABLE_SUCCESS_ACCESS_LOG is True.`
			`"""`

			`AccessLog.objects.all().delete()`

			`response = self.login(is_valid_username=True, is_valid_password=True)`

			`self.assertEqual(response.status_code, 302)`
			`self.assertEqual(AccessLog.objects.all().count(), 0)`

			`@override_settings(AXES_DISABLE_ACCESS_LOG=True)`
			`def test_valid_logout_without_log(self):`
			`AccessLog.objects.all().delete()`

			`response = self.login(is_valid_username=True, is_valid_password=True)`
Add session hash to access log 2024-04-30 14:22:50 +00:00			`response = self.logout()`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
Deprecate AXES_DISABLE_SUCCESS_ACCESS_LOG flag Fixes #446 2019-05-25 17:23:18 +00:00			`self.assertEqual(AccessLog.objects.count(), 0)`
Upgrade CI tooling to use automatic code formatting 2019-09-28 16:27:50 +00:00			`self.assertContains(response, "Logged out", html=True)`
Add cache handler and refactor tests Signed-off-by: Aleksi Häkli <aleksi.hakli@iki.fi> 2019-02-22 23:22:11 +00:00
			`@override_settings(AXES_DISABLE_ACCESS_LOG=True)`
			`def test_non_valid_login_without_log(self):`
			`"""`
			`Test that a non-valid login does generate an AccessLog when DISABLE_ACCESS_LOG is True.`
			`"""`
			`AccessLog.objects.all().delete()`

			`response = self.login(is_valid_username=True, is_valid_password=False)`
			`self.assertEqual(response.status_code, 200)`

			`self.assertEqual(AccessLog.objects.all().count(), 0)`