From f3cae7e1f01adfa94a6a124938e50fad346343da Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Mon, 11 Apr 2016 15:38:06 -0400
Subject: [PATCH] Log basic auth requests to the debug log

Part of #1087
---
 awx/api/authentication.py | 16 +++++++++++++++-
 awx/api/views.py          |  2 +-
 awx/settings/defaults.py  |  2 +-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/awx/api/authentication.py b/awx/api/authentication.py
index 300c5cfc65..c8143facbd 100644
--- a/awx/api/authentication.py
+++ b/awx/api/authentication.py
@@ -3,9 +3,11 @@
 
 # Python
 import urllib
+import logging
 
 # Django
 from django.utils.timezone import now as tz_now
+from django.utils.encoding import smart_text
 
 # Django REST Framework
 from rest_framework import authentication
@@ -16,6 +18,8 @@ from rest_framework import HTTP_HEADER_ENCODING
 from awx.main.models import UnifiedJob, AuthToken
 from awx.main.conf import tower_settings
 
+logger = logging.getLogger('awx.api.authentication')
+
 class TokenAuthentication(authentication.TokenAuthentication):
     '''
     Custom token authentication using tokens that expire and are associated
@@ -93,7 +97,7 @@ class TokenAuthentication(authentication.TokenAuthentication):
             if not token.in_valid_tokens(now=now):
                 token.invalidate(reason='limit_reached')
                 raise exceptions.AuthenticationFailed(AuthToken.reason_long('limit_reached'))
-        
+
         # If the user is inactive, then return an error.
         if not token.user.is_active:
             raise exceptions.AuthenticationFailed('User inactive or deleted')
@@ -116,6 +120,16 @@ class TokenGetAuthentication(TokenAuthentication):
         return super(TokenGetAuthentication, self).authenticate(request)
 
 
+class LoggedBasicAuthentication(authentication.BasicAuthentication):
+
+    def authenticate(self, request):
+        ret = super(LoggedBasicAuthentication, self).authenticate(request)
+        if ret:
+            username = ret[0].username if ret[0] else '<none>'
+            logger.debug(smart_text(u"User {} performed a {} to {} through the API".format(username, request.method, request.path)))
+        return ret
+
+
 class TaskAuthentication(authentication.BaseAuthentication):
     '''
     Custom authentication used for views accessed by the inventory and callback
diff --git a/awx/api/views.py b/awx/api/views.py
index 6f6004d74e..adb16289c1 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -72,7 +72,7 @@ from awx.api.metadata import RoleMetadata
 from awx.main.utils import emit_websocket_notification
 from awx.main.conf import tower_settings
 
-logger = logging.getLogger('awx.api.generics')
+logger = logging.getLogger('awx.api.views')
 
 def api_exception_handler(exc, context):
     '''
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index d9cbbbf2b0..3d189f76ef 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -202,7 +202,7 @@ REST_FRAMEWORK = {
     'PAGE_SIZE': 25,
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'awx.api.authentication.TokenAuthentication',
-        'rest_framework.authentication.BasicAuthentication',
+        'awx.api.authentication.LoggedBasicAuthentication',
         #'rest_framework.authentication.SessionAuthentication',
     ),
     'DEFAULT_PERMISSION_CLASSES': (