authentik/passbook/audit/models.py

"""passbook audit models"""
from django.conf import settings
from django.contrib.auth.models import AnonymousUser
from django.contrib.postgres.fields import JSONField
from django.core.exceptions import ValidationError
from django.db import models
from django.utils.translation import gettext as _
from ipware import get_client_ip
from structlog import get_logger

from passbook.lib.models import UUIDModel

LOGGER = get_logger()

class Event(UUIDModel):
    """An individual audit log event"""

    ACTION_LOGIN = 'login'
    ACTION_LOGIN_FAILED = 'login_failed'
    ACTION_LOGOUT = 'logout'
    ACTION_AUTHORIZE_APPLICATION = 'authorize_application'
    ACTION_SUSPICIOUS_REQUEST = 'suspicious_request'
    ACTION_SIGN_UP = 'sign_up'
    ACTION_PASSWORD_RESET = 'password_reset' # noqa # nosec
    ACTION_INVITE_CREATED = 'invitation_created'
    ACTION_INVITE_USED = 'invitation_used'
    ACTIONS = (
        (ACTION_LOGIN, ACTION_LOGIN),
        (ACTION_LOGIN_FAILED, ACTION_LOGIN_FAILED),
        (ACTION_LOGOUT, ACTION_LOGOUT),
        (ACTION_AUTHORIZE_APPLICATION, ACTION_AUTHORIZE_APPLICATION),
        (ACTION_SUSPICIOUS_REQUEST, ACTION_SUSPICIOUS_REQUEST),
        (ACTION_SIGN_UP, ACTION_SIGN_UP),
        (ACTION_PASSWORD_RESET, ACTION_PASSWORD_RESET),
        (ACTION_INVITE_CREATED, ACTION_INVITE_CREATED),
        (ACTION_INVITE_USED, ACTION_INVITE_USED),
    )

    user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, on_delete=models.SET_NULL)
    action = models.TextField(choices=ACTIONS)
    date = models.DateTimeField(auto_now_add=True)
    app = models.TextField()
    context = JSONField(default=dict, blank=True)
    request_ip = models.GenericIPAddressField()
    created = models.DateTimeField(auto_now_add=True)

    @staticmethod
    def create(action, request, **kwargs):
        """Create Event from arguments"""
        client_ip, _ = get_client_ip(request)
        if not hasattr(request, 'user'):
            user = None
        else:
            user = request.user
        if isinstance(user, AnonymousUser):
            user = kwargs.get('user', None)
        entry = Event.objects.create(
            action=action,
            user=user,
            # User 255.255.255.255 as fallback if IP cannot be determined
            request_ip=client_ip or '255.255.255.255',
            context=kwargs)
        LOGGER.debug("Created Audit entry", action=action,
                     user=user, from_ip=client_ip, context=kwargs)
        return entry

    def save(self, *args, **kwargs):
        if not self._state.adding:
            raise ValidationError("you may not edit an existing %s" % self._meta.model_name)
        super().save(*args, **kwargs)

    class Meta:

        verbose_name = _('Audit Entry')
        verbose_name_plural = _('Audit Entries')
Add api and audit structure 2018-11-23 16:05:41 +00:00			`"""passbook audit models"""`
			`from django.conf import settings`
admin: link to invitation on list 2018-12-10 14:26:28 +00:00			`from django.contrib.auth.models import AnonymousUser`
Rules -> Policies, more things 2019-02-21 15:06:57 +00:00			`from django.contrib.postgres.fields import JSONField`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`from django.core.exceptions import ValidationError`
Add api and audit structure 2018-11-23 16:05:41 +00:00			`from django.db import models`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`from django.utils.translation import gettext as _`
fix prospector/isort errors 2019-03-03 19:54:23 +00:00			`from ipware import get_client_ip`
*(minor): stdlib logging to structlog 2019-10-01 08:24:10 +00:00			`from structlog import get_logger`
Add api and audit structure 2018-11-23 16:05:41 +00:00
create suspicious request detector and policy, add request to policy engine 2019-03-03 19:26:25 +00:00			`from passbook.lib.models import UUIDModel`
Add api and audit structure 2018-11-23 16:05:41 +00:00
*(minor): remove __name__ param from get_logger 2019-10-04 08:08:53 +00:00			`LOGGER = get_logger()`
Add api and audit structure 2018-11-23 16:05:41 +00:00
audit(major): AuditEntry -> Event 2019-10-28 13:26:34 +00:00			`class Event(UUIDModel):`
			`"""An individual audit log event"""`
Add api and audit structure 2018-11-23 16:05:41 +00:00
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`ACTION_LOGIN = 'login'`
			`ACTION_LOGIN_FAILED = 'login_failed'`
			`ACTION_LOGOUT = 'logout'`
			`ACTION_AUTHORIZE_APPLICATION = 'authorize_application'`
			`ACTION_SUSPICIOUS_REQUEST = 'suspicious_request'`
			`ACTION_SIGN_UP = 'sign_up'`
Fix linting errors with current build-base image 2019-06-25 16:50:37 +00:00			`ACTION_PASSWORD_RESET = 'password_reset' # noqa # nosec`
all: invites -> invitations 2018-12-10 13:21:42 +00:00			`ACTION_INVITE_CREATED = 'invitation_created'`
			`ACTION_INVITE_USED = 'invitation_used'`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`ACTIONS = (`
			`(ACTION_LOGIN, ACTION_LOGIN),`
			`(ACTION_LOGIN_FAILED, ACTION_LOGIN_FAILED),`
			`(ACTION_LOGOUT, ACTION_LOGOUT),`
			`(ACTION_AUTHORIZE_APPLICATION, ACTION_AUTHORIZE_APPLICATION),`
			`(ACTION_SUSPICIOUS_REQUEST, ACTION_SUSPICIOUS_REQUEST),`
			`(ACTION_SIGN_UP, ACTION_SIGN_UP),`
			`(ACTION_PASSWORD_RESET, ACTION_PASSWORD_RESET),`
core: properly handle invites; audit: log invite creation and usage 2018-12-10 13:05:27 +00:00			`(ACTION_INVITE_CREATED, ACTION_INVITE_CREATED),`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`(ACTION_INVITE_USED, ACTION_INVITE_USED),`
			`)`

Add api and audit structure 2018-11-23 16:05:41 +00:00			`user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, on_delete=models.SET_NULL)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`action = models.TextField(choices=ACTIONS)`
Add api and audit structure 2018-11-23 16:05:41 +00:00			`date = models.DateTimeField(auto_now_add=True)`
			`app = models.TextField()`
Rules -> Policies, more things 2019-02-21 15:06:57 +00:00			`context = JSONField(default=dict, blank=True)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`request_ip = models.GenericIPAddressField()`
audit: add created field 2018-12-13 17:01:45 +00:00			`created = models.DateTimeField(auto_now_add=True)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00
			`@staticmethod`
			`def create(action, request, **kwargs):`
audit(major): AuditEntry -> Event 2019-10-28 13:26:34 +00:00			`"""Create Event from arguments"""`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`client_ip, _ = get_client_ip(request)`
add unittests, woo 2019-02-26 09:57:05 +00:00			`if not hasattr(request, 'user'):`
			`user = None`
			`else:`
			`user = request.user`
admin: link to invitation on list 2018-12-10 14:26:28 +00:00			`if isinstance(user, AnonymousUser):`
			`user = kwargs.get('user', None)`
audit(major): AuditEntry -> Event 2019-10-28 13:26:34 +00:00			`entry = Event.objects.create(`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`action=action,`
admin: link to invitation on list 2018-12-10 14:26:28 +00:00			`user=user,`
Fix bandit and prospector errors 2018-12-10 13:26:10 +00:00			`# User 255.255.255.255 as fallback if IP cannot be determined`
			`request_ip=client_ip or '255.255.255.255',`
Rules -> Policies, more things 2019-02-21 15:06:57 +00:00			`context=kwargs)`
root(minor): allow subapps to define CELERY_BEAT_SCHEDULE 2019-10-11 10:47:29 +00:00			`LOGGER.debug("Created Audit entry", action=action,`
			`user=user, from_ip=client_ip, context=kwargs)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`return entry`
Add api and audit structure 2018-11-23 16:05:41 +00:00
			`def save(self, args, *kwargs):`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`if not self._state.adding:`
			`raise ValidationError("you may not edit an existing %s" % self._meta.model_name)`
Add api and audit structure 2018-11-23 16:05:41 +00:00			`super().save(args, *kwargs)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00
			`class Meta:`

			`verbose_name = _('Audit Entry')`
			`verbose_name_plural = _('Audit Entries')`