From dc4150ca512c78ca1b72c278265637aeb589d1f8 Mon Sep 17 00:00:00 2001
From: Edward Fagin <efagin@edx.org>
Date: Mon, 17 Oct 2016 15:21:29 -0400
Subject: [PATCH] Add logging when header permissions in use.

---
 openedx/core/lib/api/permissions.py | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/openedx/core/lib/api/permissions.py b/openedx/core/lib/api/permissions.py
index 2d7f050d8b..0e666f3e0c 100644
--- a/openedx/core/lib/api/permissions.py
+++ b/openedx/core/lib/api/permissions.py
@@ -10,6 +10,8 @@ from opaque_keys import InvalidKeyError
 from opaque_keys.edx.keys import CourseKey
 from student.roles import CourseStaffRole, CourseInstructorRole
 
+from openedx.core.lib.log_utils import audit_log
+
 
 class ApiKeyHeaderPermission(permissions.BasePermission):
     """
@@ -26,10 +28,17 @@ class ApiKeyHeaderPermission(permissions.BasePermission):
         present in the request and matches the setting.
         """
         api_key = getattr(settings, "EDX_API_KEY", None)
-        return (
-            (settings.DEBUG and api_key is None) or
-            (api_key is not None and request.META.get("HTTP_X_EDX_API_KEY") == api_key)
-        )
+
+        if settings.DEBUG and api_key is None:
+            return True
+
+        elif api_key is not None and request.META.get("HTTP_X_EDX_API_KEY") == api_key:
+            audit_log("ApiKeyHeaderPermission used",
+                      path=request.path,
+                      ip=request.META.get("REMOTE_ADDR"))
+            return True
+
+        return False
 
 
 class ApiKeyHeaderPermissionIsAuthenticated(ApiKeyHeaderPermission, permissions.IsAuthenticated):