-
Notifications
You must be signed in to change notification settings - Fork 18
How it works
This part is very straightforward. We are using the User Login signal provided by Django Auth to detect when someone loged in to the system.
The signal provides the user object and the request so we have all the needed information available.
This one is trickier, because there is no signal for failed log in attempts.
The authentication in Django works by Django calling each of the AUTHENTICATION_BACKENDS specified in our settings. The authentication is successful if any of the backends return a User object instead of None. Therefore, if none of them returns a User the authentication failed.
Userlog adds an AuthenticationFailedLoggerBackend as the last element to AUTHENTICATION_BACKENDS. This backend will alway return None, but if it has been reached we know that all the "real" backends couldn't authenticate the User, so the authentication failed.
The AuthenticationFailedLoggedBackend will log the failed login attempt, the only issue is that the request isn't passed to the authentication backends, and that makes logging of information like IP address and User Agent extremely hard :).
To get the request information we use a Middleware that saves the request to thread local data. That is the role of the RequestToThreadLocalMiddleware class.