feat: change password events are logged in #177

canaille/core/endpoints/account.py

@@ -744,6 +744,7 @@ def profile_settings(user, edited_user):
 def profile_settings_edit(editor, edited_user):
     menuitem = "profile" if editor.id == editor.id else "users"
     fields = editor.readable_fields | editor.writable_fields
+    request_ip = request.remote_addr or "unknown IP"
 
     available_fields = {"password", "groups", "user_name", "lock_date"}
     data = {
@@ -781,6 +782,9 @@ def profile_settings_edit(editor, edited_user):
                 and request.form["action"] == "edit-settings"
             ):
                 Backend.instance.set_user_password(edited_user, form["password1"].data)
+                current_app.logger.info(
+                f'Changed password in settings for {edited_user.user_name} from {request_ip}'
+                )
 
             Backend.instance.save(edited_user)
             flash(_("Profile updated successfully."), "success")

demo/.gitignore

@@ -1,2 +1,3 @@
 env
 *.pem
+var/

tests/core/test_profile_settings.py

@@ -1,4 +1,5 @@
 import datetime
+import logging
 from unittest import mock
 
 from flask import g
@@ -118,7 +119,7 @@ def test_edition_without_groups(
     backend.save(logged_user)
 
 
-def test_password_change(testclient, logged_user, backend):
+def test_password_change(testclient, logged_user, backend, caplog):
     res = testclient.get("/profile/user/settings", status=200)
 
     res.form["password1"] = "new_password"
@@ -136,6 +137,13 @@ def test_password_change(testclient, logged_user, backend):
 
     res = res.form.submit(name="action", value="edit-settings")
     assert ("success", "Profile updated successfully.") in res.flashes
+
+    assert (
+        "canaille",
+        logging.INFO,
+        "Changed password in settings for user from unknown IP",
+    ) in caplog.record_tuples
+
     res = res.follow()
 
     backend.reload(logged_user)