[NDH-757] Adding UserID Logging

[sachin-panayil]

Adding UserID Logging

Jira Ticket #757

Problem

We were not logging the user ID when users made a request which gives us less of an ability to see how users are interacting with our API.

Solution

Add logging that fires on every request via signal. We store the username as is and the ID as a hashed id so that it is opaque.

Result

Proper user logging is now made on every request.

Some important notes regarding the summary line:

• Im open to different ways we can make the userID opaque

Test Plan

• I ran a manual test in the Docker Django Shell: bin/npr python manage.py shell

from django.test import RequestFactory
from django.contrib.auth.models import User
from structlog.contextvars import get_contextvars, clear_contextvars
from django_structlog import signals
from npdfhir.signals import bind_user_id

factory = RequestFactory()

clear_contextvars() 

request = factory.get("/api/v1/Practitioner")  
user = User.objects.create_user(username="xxx", password="testpass123")
request.user = user  

signals.bind_extra_request_metadata.send(
    sender=None, 
    request=request,
    logger=None,
)

print(get_contextvars())

[tspecht-cms]

@sachin-panayil what type of user IDs do we expect in the system, and why is it important to hash them in the logs?

[sachin-panayil]

@sachin-panayil what type of user IDs do we expect in the system, and why is it important to hash them in the logs?

@tspecht-cms the user id we're capturing is the sequential number. so if your the 5th user, your user id would be 5. logging these raw would expose how many users exist and make it trivial to correlate user activity in the logs. since they're not UUIDs, hashing them before they hit the logs make them opaque. this also solves the opaqueness requirement in the acceptance criteria.