From 069e9c015b65f8baaac1e08d4af1b034872bd2ae Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 19 Feb 2023 16:28:02 +0100 Subject: [PATCH] events: fix m2m_change events not being logged Signed-off-by: Jens Langhammer --- authentik/events/middleware.py | 34 +++++++++++++++++++++++++++- authentik/providers/oauth2/errors.py | 1 + authentik/root/settings.py | 1 - 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/authentik/events/middleware.py b/authentik/events/middleware.py index 9ecae5319..7c655b459 100644 --- a/authentik/events/middleware.py +++ b/authentik/events/middleware.py @@ -7,13 +7,14 @@ from django.conf import settings from django.contrib.sessions.models import Session from django.core.exceptions import SuspiciousOperation from django.db.models import Model -from django.db.models.signals import post_save, pre_delete +from django.db.models.signals import m2m_changed, post_save, pre_delete from django.http import HttpRequest, HttpResponse from django_otp.plugins.otp_static.models import StaticToken from guardian.models import UserObjectPermission from authentik.core.models import ( AuthenticatedSession, + Group, PropertyMapping, Provider, Source, @@ -58,6 +59,13 @@ def should_log_model(model: Model) -> bool: return model.__class__ not in IGNORED_MODELS +def should_log_m2m(model: Model) -> bool: + """Return true if m2m operation should be logged""" + if model.__class__ in [User, Group]: + return True + return False + + class EventNewThread(Thread): """Create Event in background thread""" @@ -96,6 +104,7 @@ class AuditMiddleware: return post_save_handler = partial(self.post_save_handler, user=request.user, request=request) pre_delete_handler = partial(self.pre_delete_handler, user=request.user, request=request) + m2m_changed_handler = partial(self.m2m_changed_handler, user=request.user, request=request) post_save.connect( post_save_handler, dispatch_uid=request.request_id, @@ -106,6 +115,11 @@ class AuditMiddleware: dispatch_uid=request.request_id, weak=False, ) + m2m_changed.connect( + m2m_changed_handler, + dispatch_uid=request.request_id, + weak=False, + ) def disconnect(self, request: HttpRequest): """Disconnect signals""" @@ -113,6 +127,7 @@ class AuditMiddleware: return post_save.disconnect(dispatch_uid=request.request_id) pre_delete.disconnect(dispatch_uid=request.request_id) + m2m_changed.disconnect(dispatch_uid=request.request_id) def __call__(self, request: HttpRequest) -> HttpResponse: self.connect(request) @@ -167,3 +182,20 @@ class AuditMiddleware: user=user, model=model_to_dict(instance), ).run() + + @staticmethod + def m2m_changed_handler( + user: User, request: HttpRequest, sender, instance: Model, action: str, **_ + ): + """Signal handler for all object's m2m_changed""" + if action not in ["pre_add", "pre_remove"]: + return + if not should_log_m2m(instance): + return + + EventNewThread( + EventAction.MODEL_UPDATED, + request, + user=user, + model=model_to_dict(instance), + ).run() diff --git a/authentik/providers/oauth2/errors.py b/authentik/providers/oauth2/errors.py index f82b434bd..2537d5de5 100644 --- a/authentik/providers/oauth2/errors.py +++ b/authentik/providers/oauth2/errors.py @@ -141,6 +141,7 @@ class AuthorizeError(OAuth2Error): ), } + # pylint: disable=too-many-arguments def __init__( self, redirect_uri: str, diff --git a/authentik/root/settings.py b/authentik/root/settings.py index ec742d3f8..22ccbdb9c 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -439,7 +439,6 @@ _LOGGING_HANDLER_MAP = { "fsevents": "WARNING", } for handler_name, level in _LOGGING_HANDLER_MAP.items(): - LOGGING["loggers"][handler_name] = { "handlers": ["console"], "level": level,