From 91d5dda89b3cbd39807eb4644eeb6ecda506f7b8 Mon Sep 17 00:00:00 2001
From: Ciro Scognamiglio <ciro.scognamiglio@cslash.net>
Date: Tue, 5 Aug 2014 16:05:30 +0200
Subject: [PATCH] action logging, diff fixes

---
 activity/__init__.py                          | 91 ++++++++++++-------
 activity/user.py                              | 17 ++++
 myslice/myslice.ini.localhost                 |  3 +
 portal/templates/base.html                    |  1 -
 .../onelab/onelab_registration_view.html      |  8 --
 .../onelab/onelab_widget-login-user.html      |  2 +-
 6 files changed, 77 insertions(+), 45 deletions(-)
 create mode 100644 activity/user.py

diff --git a/activity/__init__.py b/activity/__init__.py
index d570662e..677424f8 100644
--- a/activity/__init__.py
+++ b/activity/__init__.py
@@ -1,61 +1,82 @@
 #
 # Activity monitor
 #
+# Client is authenticated with an API key and a secret
+# The API key is a 64 chars string (digits and letters) that is passed to the request
+# The secret is a 64 chars string that is used to sign the request
+# The generated signature is a SHA256 hes digest
 
 import urllib, urllib2
 import threading
-from datetime import datetime
+import hmac
+import hashlib
+import base64
+import time
+import datetime
+from myslice.configengine import ConfigEngine
 
+config = ConfigEngine()
+if config.activity and config.activity.apikey :
+    apikey = config.activity.apikey
+else :
+    # apikey will be necessary
+    apikey = None
+
+if config.activity and config.activity.secret :
+    secret = config.activity.secret
+else :
+    # secret will be necessary
+    secret = None
+
+if config.activity and config.activity.server :
+    server = config.activity.server
+else :
+    # secret will be necessary
+    server = "http://athos.ipv6.lip6.fr/log"
 
 def logWrite(request, action, message):
-    url = "http://localhost:5000/log"
+    
+    if not apikey :
+        print "===============>> activity: no apikey"
+        return
+    if not secret :
+        print "===============>> activity: no secret"
+        return
+    
+    timestamp = time.mktime(datetime.datetime.today().timetuple())
+    ip = getClientIp(request)
     log = {
-        "date" : datetime.today(),
-        "client_ip" : getClientIp(request),
-        "host" : request.get_host(),
-        "referrer" : request.META.get('HTTP_REFERER'),
-        "user" : request.user
+        "timestamp" : timestamp,
+        "client_ip" : ip,
+        "host"      : request.get_host(),
+        "referrer"  : request.META.get('HTTP_REFERER'),
+        "user"      : request.user,
+        "action"    : action,
+        "message"   : message,
+        "apikey"    : apikey,
+        "signature" : sign(secret, "%s%s%s%s" % (timestamp, ip, request.user, action))
     }
-    
     try :
-        result = urllib2.urlopen(url, urllib.urlencode(log))
+        result = urllib2.urlopen(server, urllib.urlencode(log))
         content = result.read()
     except urllib2.URLError as e:
-        print "Error: connection to " + url + " impossible, logging disabled"
+        print "Warning: connection to " + url + " impossible, could not log action"
 
-def spawnThread(request, action, message):
-    print "aaaaaaaaa"
+def log(request, action, message):
     # Create a new thread in Daemon mode to send the log entry
     t = threading.Thread(target=logWrite, args=(request, action, message))
     t.setDaemon(True)
     t.start()
 
-def userLogin(request):
-    spawnThread(request, 'userlogin', 'User logged in')
-
-def userLogout(request):
-    spawnThread(request, 'userlogout', 'User logged out')
-
-def userRegistration(request):
-    spawnThread(request, 'userregistration', 'User registered')
-
-def userSliceRequest(request):
-    spawnThread(request, 'userslicerequest', 'User requested a slice')
-
-def userContactSupport(request):
-    spawnThread(request, 'usercontactsupport', 'User contacted suppport')
-
-def userAddResource(request):
-    spawnThread(request, 'useraddresource', 'User added resource to slice')
-
-def userDelResource(request):
-    spawnThread(request, 'userdelresource', 'User removed resource from slice')
-
-
 def getClientIp(request):
     x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
     if x_forwarded_for:
         ip = x_forwarded_for.split(',')[0]
     else:
         ip = request.META.get('REMOTE_ADDR')
-    return ip
\ No newline at end of file
+    return ip
+
+#
+# sign the request with the secret key
+def sign(secret, message):
+    return hmac.new(secret, msg=message, digestmod=hashlib.sha256).hexdigest()
\ No newline at end of file
diff --git a/activity/user.py b/activity/user.py
new file mode 100644
index 00000000..216180e0
--- /dev/null
+++ b/activity/user.py
@@ -0,0 +1,17 @@
+#
+# log functions for user activity
+#
+
+import activity
+
+def login(request):
+    activity.log(request, "user.login", "User log in")
+    
+def logout(request):
+    activity.log(request, "user.logout", "User log out")
+
+def signup(request):
+    activity.log(request, "user.signup", "User sign up")
+
+def register(request):
+    activity.log(request, "user.register", "User registered")
\ No newline at end of file
diff --git a/myslice/myslice.ini.localhost b/myslice/myslice.ini.localhost
index 0467c0ba..524e7be9 100644
--- a/myslice/myslice.ini.localhost
+++ b/myslice/myslice.ini.localhost
@@ -2,3 +2,6 @@
 url = https://localhost:7080
 admin_user = admin
 admin_password = admin
+
+[myslice]
+theme = onelab
diff --git a/portal/templates/base.html b/portal/templates/base.html
index 1b83737f..d16b2a43 100644
--- a/portal/templates/base.html
+++ b/portal/templates/base.html
@@ -88,7 +88,6 @@ $(document).ready(function() {
   	{% block topmenu %}
   	{% widget "_widget-topmenu.html" %}
   	{% endblock topmenu %}
-	{% include 'messages-transient.html' %}
 	{% block base_content %}
 	{% endblock %}
 {% endblock container %}
diff --git a/portal/templates/onelab/onelab_registration_view.html b/portal/templates/onelab/onelab_registration_view.html
index 295fe800..62011060 100644
--- a/portal/templates/onelab/onelab_registration_view.html
+++ b/portal/templates/onelab/onelab_registration_view.html
@@ -489,9 +489,6 @@ $(document).ready(function(){
         {% for authority in authorities %}
             {% if authority.name %}
                 {value:"{{ authority.name }}",label:"{{authority.name}}"},
-			// to show only full name
-           // {% else %}
-           //     {value:"{{ authority.authority_hrn }}",label:"{{authority.authority_hrn}}"},
             {% endif %}
         {% endfor %}    
     {% else %}
@@ -515,15 +512,10 @@ $(document).ready(function(){
       minLength: 0,
       change: function (event, ui) {
           if(!ui.item){
-              //http://api.jqueryui.com/autocomplete/#event-change -
-              // The item selected from the menu, if any. Otherwise the property is null
-              //so clear the item for force selection
               jQuery("#authority_hrn").val("");
           }
       }
-      //select: function( event, ui ) {console.log(jQuery(this))}
     });
-	// for hover texts
 	$('[title!=""]').qtip();
 	$("form").validate();
 	$("form").submit(function() {
diff --git a/portal/templates/onelab/onelab_widget-login-user.html b/portal/templates/onelab/onelab_widget-login-user.html
index d7342f80..790c720b 100644
--- a/portal/templates/onelab/onelab_widget-login-user.html
+++ b/portal/templates/onelab/onelab_widget-login-user.html
@@ -20,7 +20,7 @@
 	<div class="login-signup">
 		You don't have yet an account? 
 		
-		<a href="/portal/register">Sign Up!</a>
+		<a href="/register">Sign Up!</a>
 	</div>
 	</form>
 </div>
-- 
2.43.0