From 545fb2d342ed75e0eb6d6f6c03bab4bad90cc945 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Rohrlich?= <felix@yaal.coop>
Date: Wed, 9 Oct 2024 15:55:01 +0200
Subject: [PATCH] feat: change password events are logged in #177

---
 canaille/core/endpoints/account.py  |  4 ++++
 demo/.gitignore                     |  1 +
 tests/core/test_profile_settings.py | 10 +++++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/canaille/core/endpoints/account.py b/canaille/core/endpoints/account.py
index 637c99ce..f1e57569 100644
--- a/canaille/core/endpoints/account.py
+++ b/canaille/core/endpoints/account.py
@@ -744,6 +744,7 @@ def profile_settings(user, edited_user):
 def profile_settings_edit(editor, edited_user):
     menuitem = "profile" if editor.id == editor.id else "users"
     fields = editor.readable_fields | editor.writable_fields
+    request_ip = request.remote_addr or "unknown IP"
 
     available_fields = {"password", "groups", "user_name", "lock_date"}
     data = {
@@ -781,6 +782,9 @@ def profile_settings_edit(editor, edited_user):
                 and request.form["action"] == "edit-settings"
             ):
                 Backend.instance.set_user_password(edited_user, form["password1"].data)
+                current_app.logger.info(
+                f'Changed password in settings for {edited_user.user_name} from {request_ip}'
+                )
 
             Backend.instance.save(edited_user)
             flash(_("Profile updated successfully."), "success")
diff --git a/demo/.gitignore b/demo/.gitignore
index 694f1b64..48764a78 100644
--- a/demo/.gitignore
+++ b/demo/.gitignore
@@ -1,2 +1,3 @@
 env
 *.pem
+var/
\ No newline at end of file
diff --git a/tests/core/test_profile_settings.py b/tests/core/test_profile_settings.py
index cb802149..1d604c0b 100644
--- a/tests/core/test_profile_settings.py
+++ b/tests/core/test_profile_settings.py
@@ -1,4 +1,5 @@
 import datetime
+import logging
 from unittest import mock
 
 from flask import g
@@ -118,7 +119,7 @@ def test_edition_without_groups(
     backend.save(logged_user)
 
 
-def test_password_change(testclient, logged_user, backend):
+def test_password_change(testclient, logged_user, backend, caplog):
     res = testclient.get("/profile/user/settings", status=200)
 
     res.form["password1"] = "new_password"
@@ -136,6 +137,13 @@ def test_password_change(testclient, logged_user, backend):
 
     res = res.form.submit(name="action", value="edit-settings")
     assert ("success", "Profile updated successfully.") in res.flashes
+
+    assert (
+        "canaille",
+        logging.INFO,
+        "Changed password in settings for user from unknown IP",
+    ) in caplog.record_tuples
+
     res = res.follow()
 
     backend.reload(logged_user)