Jumpstart the app

AUTHORS.rst

@@ -0,0 +1,13 @@
+=======
+Credits
+=======
+
+Development Lead
+----------------
+
+* Chrigui Abdelbaki <[email protected]>
+
+Contributors
+------------
+
+None yet. Why not be the first?

CONTRIBUTING.rst

@@ -0,0 +1,112 @@
+============
+Contributing
+============
+
+Contributions are welcome, and they are greatly appreciated! Every
+little bit helps, and credit will always be given. 
+
+You can contribute in many ways:
+
+Types of Contributions
+----------------------
+
+Report Bugs
+~~~~~~~~~~~
+
+Report bugs at https://github.com/abdelbaki1/dj-auth-audit/issues.
+
+If you are reporting a bug, please include:
+
+* Your operating system name and version.
+* Any details about your local setup that might be helpful in troubleshooting.
+* Detailed steps to reproduce the bug.
+
+Fix Bugs
+~~~~~~~~
+
+Look through the GitHub issues for bugs. Anything tagged with "bug"
+is open to whoever wants to implement it.
+
+Implement Features
+~~~~~~~~~~~~~~~~~~
+
+Look through the GitHub issues for features. Anything tagged with "feature"
+is open to whoever wants to implement it.
+
+Write Documentation
+~~~~~~~~~~~~~~~~~~~
+
+dj-auth-audit could always use more documentation, whether as part of the 
+official dj-auth-audit docs, in docstrings, or even on the web in blog posts,
+articles, and such.
+
+Submit Feedback
+~~~~~~~~~~~~~~~
+
+The best way to send feedback is to file an issue at https://github.com/abdelbaki1/dj-auth-audit/issues.
+
+If you are proposing a feature:
+
+* Explain in detail how it would work.
+* Keep the scope as narrow as possible, to make it easier to implement.
+* Remember that this is a volunteer-driven project, and that contributions
+  are welcome :)
+
+Get Started!
+------------
+
+Ready to contribute? Here's how to set up `dj-auth-audit` for local development.
+
+1. Fork the `dj-auth-audit` repo on GitHub.
+2. Clone your fork locally::
+
+    $ git clone [email protected]:your_name_here/dj-auth-audit.git
+
+3. Install your local copy into a virtualenv. Assuming you have virtualenvwrapper installed, this is how you set up your fork for local development::
+
+    $ mkvirtualenv dj-auth-audit
+    $ cd dj-auth-audit/
+    $ python setup.py develop
+
+4. Create a branch for local development::
+
+    $ git checkout -b name-of-your-bugfix-or-feature
+
+   Now you can make your changes locally.
+
+5. When you're done making changes, check that your changes pass flake8 and the
+   tests, including testing other Python versions with tox::
+
+        $ flake8 dj_auth_audit tests
+        $ python setup.py test
+        $ tox
+
+   To get flake8 and tox, just pip install them into your virtualenv. 
+
+6. Commit your changes and push your branch to GitHub::
+
+    $ git add .
+    $ git commit -m "Your detailed description of your changes."
+    $ git push origin name-of-your-bugfix-or-feature
+
+7. Submit a pull request through the GitHub website.
+
+Pull Request Guidelines
+-----------------------
+
+Before you submit a pull request, check that it meets these guidelines:
+
+1. The pull request should include tests.
+2. If the pull request adds functionality, the docs should be updated. Put
+   your new functionality into a function with a docstring, and add the
+   feature to the list in README.rst.
+3. The pull request should work for Python 2.6, 2.7, and 3.3, and for PyPy. Check 
+   https://travis-ci.org/abdelbaki1/dj-auth-audit/pull_requests
+   and make sure that the tests pass for all supported Python versions.
+
+Tips
+----
+
+To run a subset of tests::
+
+    $ python -m unittest tests.test_dj_auth_audit

HISTORY.rst

@@ -0,0 +1,9 @@
+.. :changelog:
+
+History
+-------
+
+0.1.0 (2023-07-16)
+++++++++++++++++++
+
+* First release on PyPI.

LICENSE

@@ -0,0 +1,13 @@
+MIT License
+
+Copyright (c) 2023, Chrigui Abdelbaki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+
+

MANIFEST.in

@@ -0,0 +1,6 @@
+include AUTHORS.rst
+include CONTRIBUTING.rst
+include HISTORY.rst
+include LICENSE
+include README.md
+recursive-include dj_auth_audit *.html *.png *.gif *js *.css *jpg *jpeg *svg *py

README.md

@@ -0,0 +1,76 @@
+**Make your authentication logs more easy with django-auth-audit**
+==================================================================
+# Please note
+``django-auth-audit`` still an experimental project that originated as a feature in one of my professional projects. Due to the specific requirements and lack of existing GitHub repositories targeting this particular situation, I decided to create it as a separate project. As a result, the app is still in its early stages and may undergo frequent updates and improvements. Feedback and contributions are welcome.
+
+# Introduction
+```django-auth-audit``` is a Django reusable app that provides functionality for tracking user authentication events, such as logins,logouts,password rest rate limit ...
+It allows you to define custom mixins that override specific CRUD methods in your target class, send signals, and handle the flow back to your target class. Additionally, django-auth-audit includes a pre-defined mixins,that can be used to send signals and create authentication logs.
+
+## Installation
+
+To install ```django-auth-audit```, follow these steps:
+
+1. Ensure you have Django installed in your project. If not, you can install it using pip:
+
+```shell
+pip install django
+```
+Download the ```django-auth-audit``` package from the GitHub repository or install it using pip:
+```python
+pip install django-auth-audit
+```
+Add ```django-auth-audit``` to the INSTALLED_APPS setting in your Django project's settings.py file:
+```python
+INSTALLED_APPS = [
+   ...
+   'django-auth-audit',
+   ...
+]
+```
+Run the database migrations to create the necessary tables for the app:
+```shell
+python manage.py migrate django-auth-audit
+```
+# Usage
+```django-auth-audit``` allows you to create custom mixins that override specific CRUD methods in your target class, send signals, and handle the flow back to your target class.
+Here's an example:
+
+```python
+from dj_auth_audit.mixins import FailedResetEmailSignalMixin
+
+class CustomPasswordResetView(FailedResetEmailSignalMixin, PasswordResetView):
+    class_name = 'PasswordResetView'
+    serializer_class = CustomPasswordResetSerializer
+    throttle_scope = 'reset_password_rate'
+```
+In this example, the `CustomPasswordResetView` class inherits from `FailedResetEmailSignalMixin` and `PasswordResetView`. The `FailedResetEmailSignalMixin` sends a signal and creates an authentication log in the database, indicating the time of the sent reset email and the user who requested the password reset. If the user reaches the rate limit, another signal is triggered to indicate that the user has exceeded the password reset rate.
+
+The FailedResetEmailSignalMixin is hooked with the POST and throttled methods, which are typically defined in the target class. To use this mixin, you need to define the `class_name` attribute in the subclass alongside with the self.user to define the actor.
+### Note
+```django-auth-audit``` has a built-in mixin for all basic authentication logs you will need ,inclusing but not limited to : `Login` , `Logout`,`password change`,`password reset`,`verfication email` ... and if you define a throttle scope on the subclass , you will get rate limit signal the user have exceeded the allowed request rate.
+
+You can also define your own mixin by inheriting from `AbstractSignalMixin` in the `mixin.py` file.
+
+Note: The `FailedResetEmailSignalMixin` or any other mixin will raise an exception if:
+
+- ***class_name*** is not defined.
+- The target class doesn't have any of the required methods for sending requests **(`POST`,`GET`...)**
+- The ***self.user*** is not defined.
+Please refer to `mixin.py` for more information on creating custom mixins and using the provided mixins.
+# Contributing
+If you'd like to contribute to this project, please follow these guidelines:
+
+Fork the repository on GitHub.
+Create a new branch from the master branch for your feature or bug fix.
+Make your changes and ensure they are properly tested.
+Commit your changes with clear and descriptive commit messages.
+Push your branch to your forked repository.
+Submit a pull request to the master branch of the this repository.
+Please refer to the Contribution Guidelines for more information.
+
+# License
+```django-auth-audit``` is released under the MIT License. See the LICENSE file for more details.
+
+# Support
+If you encounter any issues or have questions, please open an issue on the GitHub repository.

dj_auth_audit/__init__.py

@@ -0,0 +1 @@
+__version__ = '0.0'

dj_auth_audit/admin.py

@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+
+from django.contrib import admin
+
+from .models import (
+    AuthLogEntry,
+)
+
+
+class activityAdmin(admin.ModelAdmin):
+
+    # def has_add_permission(self, request):
+    #     return False
+
+    def has_change_permission(self, request, obj=None):
+        return False
+
+    # def has_delete_permission(self, request, obj=None):
+    #     return False
+admin.site.register(AuthLogEntry, activityAdmin)

dj_auth_audit/apps.py

@@ -0,0 +1,12 @@
+# -*- coding: utf-8
+from django.apps import AppConfig
+
+
+class DjAuthAuditConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'dj_auth_audit'
+    def ready(self) -> None:
+        from .signals import AUTH_SIGNALS_CLASSES
+        from .handlers import create_auth_log
+        for siganl in AUTH_SIGNALS_CLASSES:
+            siganl.connect(create_auth_log)

dj_auth_audit/exceptions.py

@@ -0,0 +1,18 @@
+class ClassNameUnavailbleException(Exception):
+    pass
+
+
+class UserUnavailableException(Exception):
+    pass
+
+
+class PostUnavailableException(Exception):
+    pass
+
+
+class SignalUnavailable(Exception):
+    pass
+
+
+class ViewUnavailable(Exception):
+    pass

dj_auth_audit/handlers.py

@@ -0,0 +1,5 @@
+from .models import AuthLogEntry
+
+
+def create_auth_log(sender, action, changes=None, *args, **kwargs):
+    AuthLogEntry.objects.create(actor=sender, action=action, changes=changes)

dj_auth_audit/migrations/0001_initial.py

@@ -0,0 +1,35 @@
+# Generated by Django 3.2.20 on 2023-07-16 19:26
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AuthLogEntry',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('action', models.PositiveSmallIntegerField(choices=[(0, 'login'), (1, 'login_failure'), (2, 'logout'), (3, 'logout_failure'), (4, 'password_change_success'), (5, 'password_change_failure'), (6, 'password_reset_success'), (7, 'password_reset_failure'), (8, 'email_validation_success'), (9, 'email_validation_failure'), (10, 'email_reset_password_success'), (11, 'email_reset_password_failure'), (12, 'upload_success'), (13, 'upload_failure')], db_index=True, verbose_name='action')),
+                ('cid', models.CharField(blank=True, db_index=True, max_length=255, null=True, verbose_name='Correlation ID')),
+                ('changes', models.JSONField(null=True, verbose_name='change message')),
+                ('timestamp', models.DateTimeField(db_index=True, default=django.utils.timezone.now, verbose_name='timestamp')),
+                ('actor', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to=settings.AUTH_USER_MODEL, verbose_name='actor')),
+            ],
+            options={
+                'verbose_name': 'authlog entry',
+                'verbose_name_plural': 'authlog entries',
+                'ordering': ['-timestamp'],
+                'get_latest_by': 'timestamp',
+            },
+        ),
+    ]