This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/authentik/audit/signals.py

108 lines
3.1 KiB
Python
Raw Normal View History

2020-12-05 21:08:42 +00:00
"""authentik audit signal listener"""
from threading import Thread
from typing import Any, Dict, Optional
from django.contrib.auth.signals import (
user_logged_in,
user_logged_out,
user_login_failed,
)
from django.dispatch import receiver
from django.http import HttpRequest
2020-12-05 21:08:42 +00:00
from authentik.audit.models import Event, EventAction
from authentik.core.models import User
from authentik.core.signals import password_changed
from authentik.stages.invitation.models import Invitation
from authentik.stages.invitation.signals import invitation_created, invitation_used
from authentik.stages.user_write.signals import user_write
2020-07-07 13:46:57 +00:00
class EventNewThread(Thread):
"""Create Event in background thread"""
action: str
request: HttpRequest
kwargs: Dict[str, Any]
2020-07-07 13:46:57 +00:00
user: Optional[User] = None
def __init__(
self, action: str, request: HttpRequest, user: Optional[User] = None, **kwargs
):
super().__init__()
self.action = action
self.request = request
self.user = user
self.kwargs = kwargs
def run(self):
Event.new(self.action, **self.kwargs).from_http(self.request, user=self.user)
@receiver(user_logged_in)
# pylint: disable=unused-argument
def on_user_logged_in(sender, request: HttpRequest, user: User, **_):
"""Log successful login"""
thread = EventNewThread(EventAction.LOGIN, request)
thread.user = user
thread.run()
@receiver(user_logged_out)
# pylint: disable=unused-argument
def on_user_logged_out(sender, request: HttpRequest, user: User, **_):
"""Log successfully logout"""
thread = EventNewThread(EventAction.LOGOUT, request)
thread.user = user
thread.run()
2020-07-07 13:46:57 +00:00
@receiver(user_write)
# pylint: disable=unused-argument
2020-10-05 21:43:56 +00:00
def on_user_write(
sender, request: HttpRequest, user: User, data: Dict[str, Any], **kwargs
):
2020-07-07 13:46:57 +00:00
"""Log User write"""
2020-10-05 21:43:56 +00:00
thread = EventNewThread(EventAction.USER_WRITE, request, **data)
thread.kwargs["created"] = kwargs.get("created", False)
2020-07-07 13:46:57 +00:00
thread.user = user
thread.run()
@receiver(user_login_failed)
# pylint: disable=unused-argument
def on_user_login_failed(
sender, credentials: Dict[str, str], request: HttpRequest, **_
):
"""Failed Login"""
thread = EventNewThread(EventAction.LOGIN_FAILED, request, **credentials)
thread.run()
2018-12-10 13:21:42 +00:00
@receiver(invitation_created)
# pylint: disable=unused-argument
2020-07-07 13:46:57 +00:00
def on_invitation_created(sender, request: HttpRequest, invitation: Invitation, **_):
2018-12-10 13:49:15 +00:00
"""Log Invitation creation"""
thread = EventNewThread(
2020-07-07 13:46:57 +00:00
EventAction.INVITE_CREATED, request, invitation_uuid=invitation.invite_uuid.hex
)
thread.run()
2018-12-10 13:21:42 +00:00
@receiver(invitation_used)
# pylint: disable=unused-argument
2020-07-07 13:46:57 +00:00
def on_invitation_used(sender, request: HttpRequest, invitation: Invitation, **_):
2018-12-10 13:49:15 +00:00
"""Log Invitation usage"""
thread = EventNewThread(
2020-07-07 13:46:57 +00:00
EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex
2019-12-31 11:51:16 +00:00
)
thread.run()
2020-10-05 21:43:56 +00:00
@receiver(password_changed)
# pylint: disable=unused-argument
def on_password_changed(sender, user: User, password: str, **_):
"""Log password change"""
thread = EventNewThread(EventAction.PASSWORD_SET, None, user=user)
thread.run()