Skip to content

fix: Audit log login did not record user #2691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shaohuzhang1 merged 1 commit into from
Mar 26, 2025
Merged

fix: Audit log login did not record user #2691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion apps/common/log/log.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def _get_user(request):
user = request.user
if user is None:
return {
"user_name": gettext('unknown')

}
return {
"id": str(user.id),
Copy link
Copy Markdown
Contributor Author

@shaohuzhang1 shaohuzhang1 Mar 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provided code does not appear to contain any significant errors or issues, but there are a few minor improvements that can be made:

Improvements and Suggestions

  1. Consistency with gettext: The current implementation uses 'unknown', which should be consistent across the application. If you intended to use it for internationalization (i18n), make sure everything else in your project respects this practice.

  2. Default Parameters: It's good practice to include default parameters when defining functions, especially if some arguments might be optional. Although not strictly necessary here, adding them can improve readability and usage patterns.

  3. Simplified Dictionary Assignment: You can simplify the dictionary assignment inside the function using f-strings:

    def _get_user(request):
    user = request.user
    if user is None:
        return {"user_name": "unknown"}  # Using string directly instead of gettext function
 
    return {"id": str(user.id)}

This streamlined version maintains the same functionality while being slightly more concise and adhering to common Python practices.

Expand Down
2 changes: 1 addition & 1 deletion apps/users/views/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ class Login(APIView):
responses=LoginSerializer().get_response_body_api(),
security=[],
tags=[_("User")])
@log(menu='User', operate='Log in', get_user=lambda r: {'user_name': r.data.get('username', None)},
@log(menu='User', operate='Log in', get_user=lambda r: {'username': r.data.get('username', None)},
get_details=_get_details,
get_operation_object=lambda r, k: {'name': r.data.get('username')})
def post(self, request: Request):
Copy link
Copy Markdown
Contributor Author

@shaohuzhang1 shaohuzhang1 Mar 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is largely correct, but there are a few minor improvements and clarifications that can be made:

  1. It's good practice to use the @api_view decorator instead of inheriting from APIView. This allows you to specify which HTTP methods are accepted by the view more directly.
  2. The _get_details function is called at the end of each operation, regardless of whether an error occurs or not. Consider calling it only when no errors occurred to avoid unnecessary database access if an exception is raised.

Here's a revised version with these points addressed:

from rest_framework.decorators import api_view
from rest_framework.response import Response

@api_view(['POST'])
def login(request: Request):
    serializer = LoginSerializer(data=request.data)
    
    if serializer.is_valid(raise_exception=True): 
        return login_successful(serializer.user)

@log(
    menu='User',
    operate='Log in',
    get_user=lambda r: {'user_name': r.data.get('username', None)},  
    get_details=_get_details,
    get_operation_object=lambda r, k: {'name': r.data.get('username')}
)


# Define other functions needed here...

Make sure all necessary imports (like LoginSerializer, login_successful) are correctly imported for this solution to work.

Expand Down