Disable logging remote IP address (#620)

* Disable logging remote IP address

* Update auditlog/middleware.py

* Update CHANGELOG.md

* Update auditlog/middleware.py

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Update auditlog/middleware.py and add tests in ManyRelatedModelTest

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

---------

Co-authored-by: Hasan Ramezani <[email protected]>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -5,6 +5,7 @@
 ## 3.0.0-beta.4 (2024-01-02)
 
 #### Improvements
+- feat: Excluding ip address when `AUDITLOG_DISABLE_REMOTE_ADDR` is set to True ([#620](https://github.com/jazzband/django-auditlog/pull/620))
 - feat: If any receiver returns False, no logging will be made. This can be useful if logging should be conditionally enabled / disabled ([#590](https://github.com/jazzband/django-auditlog/pull/590))
 - Django: Confirm Django 5.0 support ([#598](https://github.com/jazzband/django-auditlog/pull/598))
 - Django: Drop Django 4.1 support ([#598](https://github.com/jazzband/django-auditlog/pull/598))

auditlog/conf.py

@@ -40,3 +40,8 @@
 settings.AUDITLOG_USE_TEXT_CHANGES_IF_JSON_IS_NOT_PRESENT = getattr(
     settings, "AUDITLOG_USE_TEXT_CHANGES_IF_JSON_IS_NOT_PRESENT", False
 )
+
+# Disable remote_addr field in database
+settings.AUDITLOG_DISABLE_REMOTE_ADDR = getattr(
+    settings, "AUDITLOG_DISABLE_REMOTE_ADDR", False
+)

auditlog/middleware.py

@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.contrib.auth import get_user_model
 
 from auditlog.cid import set_cid
@@ -12,9 +13,14 @@ class AuditlogMiddleware:
 
     def __init__(self, get_response=None):
         self.get_response = get_response
+        if not isinstance(settings.AUDITLOG_DISABLE_REMOTE_ADDR, bool):
+            raise TypeError("Setting 'AUDITLOG_DISABLE_REMOTE_ADDR' must be a boolean")
 
     @staticmethod
     def _get_remote_addr(request):
+        if settings.AUDITLOG_DISABLE_REMOTE_ADDR:
+            return None
+
         # In case there is no proxy, return the original address
         if not request.headers.get("X-Forwarded-For"):
             return request.META.get("REMOTE_ADDR")

auditlog_tests/tests.py

@@ -513,6 +513,20 @@ def test_exception(self):
 
         self.assert_no_listeners()
 
+    def test_init_middleware(self):
+        with override_settings(AUDITLOG_DISABLE_REMOTE_ADDR="str"):
+            with self.assertRaisesMessage(
+                TypeError, "Setting 'AUDITLOG_DISABLE_REMOTE_ADDR' must be a boolean"
+            ):
+                AuditlogMiddleware()
+
+    def test_disable_remote_addr(self):
+        with override_settings(AUDITLOG_DISABLE_REMOTE_ADDR=True):
+            headers = {"HTTP_X_FORWARDED_FOR": "127.0.0.2"}
+            request = self.factory.get("/", **headers)
+            remote_addr = self.middleware._get_remote_addr(request)
+            self.assertIsNone(remote_addr)
+
     def test_get_remote_addr(self):
         tests = [  # (headers, expected_remote_addr)
             ({}, "127.0.0.1"),

docs/source/usage.rst

@@ -206,6 +206,19 @@ It will be considered when ``AUDITLOG_INCLUDE_ALL_MODELS`` is `True`.
 
 .. versionadded:: 3.0.0
 
+**AUDITLOG_EXCLUDE_TRACKING_FIELDS**
+
+When using "AuditlogMiddleware",
+the IP address is logged by default, you can use this setting
+to exclude the IP address from logging.
+It will be considered when ``AUDITLOG_DISABLE_REMOTE_ADDR`` is `True`.
+
+.. code-block:: python
+
+    AUDITLOG_DISABLE_REMOTE_ADDR = True
+
+.. versionadded:: 3.0.0
+
 **AUDITLOG_EXCLUDE_TRACKING_MODELS**
 
 You can use this setting to exclude models in registration process.