Add module base_user_auth_log

base_user_auth_log/models/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+
+from . import res_users_auth_log
+from . import res_users

base_user_auth_log/models/res_users.py

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+# © 2017 Akretion (Alexis de Lattre <alexis.delattre@akretion.com>)
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from openerp import models, fields, registry, SUPERUSER_ID
+import logging
+logger = logging.getLogger(__name__)
+
+
+class ResUsers(models.Model):
+    _inherit = 'res.users'
+
+    auth_log_ids = fields.One2many(
+        'res.users.auth.log', 'user_id', string='Authentication Logs')
+
+    def _login(self, db, login, password):
+        user_id = super(ResUsers, self)._login(db, login, password)
+        with registry(db).cursor() as cr:
+            if user_id:
+                result = 'success'
+            else:
+                user_id = None  # To write a null value, psycopg2 wants None
+                result = 'failure'
+                cr.execute(
+                    "SELECT id FROM res_users WHERE login=%s", (login, ))
+                user_select = cr.fetchall()
+                if user_select:
+                    user_id = user_select[0][0]
+
+            cr.execute("""
+                INSERT INTO res_users_auth_log (
+                    create_uid,
+                    create_date,
+                    date,
+                    login,
+                    result,
+                    user_id
+                    ) VALUES (
+                    %s, NOW() AT TIME ZONE 'UTC', NOW() AT TIME ZONE 'UTC',
+                    %s, %s, %s)""", (SUPERUSER_ID, login, result, user_id))
+            logger.info('Auth log created for login %s type %s', login, result)
+        return user_id

base_user_auth_log/models/res_users_auth_log.py

@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+# © 2017 Akretion (Alexis de Lattre <alexis.delattre@akretion.com>)
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from openerp import models, fields, api, _
+from openerp.exceptions import Warning as UserError
+from datetime import datetime, timedelta
+import logging
+logger = logging.getLogger(__name__)
+
+
+class ResUsersAuthLog(models.Model):
+    _name = 'res.users.auth.log'
+    _description = 'Users Authentication Logs'
+    _order = 'date desc'
+    _rec_name = 'date'
+
+    user_id = fields.Many2one(
+        'res.users', string='User', ondelete='cascade', readonly=True)
+    login = fields.Char(string='Login', readonly=True)
+    date = fields.Datetime(
+        string='Authentication Date', required=True, readonly=True)
+    result = fields.Selection([
+        ('success', 'Success'),
+        ('failure', 'Failure'),
+        ], string='Result', required=True, readonly=True)
+
+    @api.model
+    def create(self, vals):
+        if not self._context.get('authenticate_create'):
+            raise UserError(_(
+                "You cannot manually create an authentication log."))
+        return super(ResUsersAuthLog, self).create(vals)
+
+    @api.multi
+    def write(self, vals):
+        raise UserError(_("You cannot modify an authentication log."))
+
+    @api.model
+    def _purge_old_auth_logs(self):
+        expiry_date = datetime.today() - timedelta(days=365)
+        self._cr.execute(
+            "DELETE FROM res_users_auth_log WHERE date <= %s", (expiry_date, ))
+        logger.info('Auth logs older than %s have been purged', expiry_date)