audit: optimize eventaction,

This commit is contained in:
Jens Langhammer 2020-10-05 23:43:56 +02:00
parent 3b61191614
commit cf6ce9c915
5 changed files with 59 additions and 6 deletions

View File

@ -0,0 +1,37 @@
# Generated by Django 3.1.2 on 2020-10-05 21:39
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("passbook_audit", "0004_auto_20200921_1829"),
]
operations = [
migrations.AlterField(
model_name="event",
name="action",
field=models.TextField(
choices=[
("login", "Login"),
("login_failed", "Login Failed"),
("logout", "Logout"),
("user_write", "User Write"),
("suspicious_request", "Suspicious Request"),
("password_set", "Password Set"),
("invitation_created", "Invite Created"),
("invitation_used", "Invite Used"),
("authorize_application", "Authorize Application"),
("source_linked", "Source Linked"),
("impersonation_started", "Impersonation Started"),
("impersonation_ended", "Impersonation Ended"),
("model_created", "Model Created"),
("model_updated", "Model Updated"),
("model_deleted", "Model Deleted"),
("custom_", "Custom Prefix"),
]
),
),
]

View File

@ -96,14 +96,14 @@ class EventAction(models.TextChoices):
LOGIN_FAILED = "login_failed" LOGIN_FAILED = "login_failed"
LOGOUT = "logout" LOGOUT = "logout"
SIGN_UP = "sign_up" USER_WRITE = "user_write"
AUTHORIZE_APPLICATION = "authorize_application"
SUSPICIOUS_REQUEST = "suspicious_request" SUSPICIOUS_REQUEST = "suspicious_request"
PASSWORD_SET = "password_set" # noqa # nosec PASSWORD_SET = "password_set" # noqa # nosec
INVITE_CREATED = "invitation_created" INVITE_CREATED = "invitation_created"
INVITE_USED = "invitation_used" INVITE_USED = "invitation_used"
AUTHORIZE_APPLICATION = "authorize_application"
SOURCE_LINKED = "source_linked" SOURCE_LINKED = "source_linked"
IMPERSONATION_STARTED = "impersonation_started" IMPERSONATION_STARTED = "impersonation_started"

View File

@ -12,6 +12,7 @@ from django.http import HttpRequest
from passbook.audit.models import Event, EventAction from passbook.audit.models import Event, EventAction
from passbook.core.models import User from passbook.core.models import User
from passbook.core.signals import password_changed
from passbook.stages.invitation.models import Invitation from passbook.stages.invitation.models import Invitation
from passbook.stages.invitation.signals import invitation_created, invitation_used from passbook.stages.invitation.signals import invitation_created, invitation_used
from passbook.stages.user_write.signals import user_write from passbook.stages.user_write.signals import user_write
@ -58,9 +59,12 @@ def on_user_logged_out(sender, request: HttpRequest, user: User, **_):
@receiver(user_write) @receiver(user_write)
# pylint: disable=unused-argument # pylint: disable=unused-argument
def on_user_write(sender, request: HttpRequest, user: User, data: Dict[str, Any], **_): def on_user_write(
sender, request: HttpRequest, user: User, data: Dict[str, Any], **kwargs
):
"""Log User write""" """Log User write"""
thread = EventNewThread("stages/user_write", request, **data) thread = EventNewThread(EventAction.USER_WRITE, request, **data)
thread.kwargs["created"] = kwargs.get("created", False)
thread.user = user thread.user = user
thread.run() thread.run()
@ -93,3 +97,11 @@ def on_invitation_used(sender, request: HttpRequest, invitation: Invitation, **_
EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex
) )
thread.run() thread.run()
@receiver(password_changed)
# pylint: disable=unused-argument
def on_password_changed(sender, user: User, password: str, **_):
"""Log password change"""
thread = EventNewThread(EventAction.PASSWORD_SET, None, user=user)
thread.run()

View File

@ -1,5 +1,5 @@
"""passbook user_write signals""" """passbook user_write signals"""
from django.core.signals import Signal from django.core.signals import Signal
# Arguments: request: HttpRequest, user: User, data: Dict[str, Any] # Arguments: request: HttpRequest, user: User, data: Dict[str, Any], created: bool
user_write = Signal() user_write = Signal()

View File

@ -27,6 +27,7 @@ class UserWriteStageView(StageView):
LOGGER.debug(message) LOGGER.debug(message)
return self.executor.stage_invalid() return self.executor.stage_invalid()
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT] data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
user_created = False
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context: if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User() self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
self.executor.plan.context[ self.executor.plan.context[
@ -36,6 +37,7 @@ class UserWriteStageView(StageView):
"Created new user", "Created new user",
flow_slug=self.executor.flow.slug, flow_slug=self.executor.flow.slug,
) )
user_created = True
user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
# Before we change anything, check if the user is the same as in the request # Before we change anything, check if the user is the same as in the request
# and we're updating a password. In that case we need to update the session hash # and we're updating a password. In that case we need to update the session hash
@ -63,7 +65,9 @@ class UserWriteStageView(StageView):
continue continue
user.attributes[key.replace("attribute_", "", 1)] = value user.attributes[key.replace("attribute_", "", 1)] = value
user.save() user.save()
user_write.send(sender=self, request=request, user=user, data=data) user_write.send(
sender=self, request=request, user=user, data=data, created=user_created
)
# Check if the password has been updated, and update the session auth hash # Check if the password has been updated, and update the session auth hash
if should_update_seesion: if should_update_seesion:
update_session_auth_hash(self.request, user) update_session_auth_hash(self.request, user)