events: fix m2m_change events not being logged
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
8de4471322
commit
069e9c015b
|
@ -7,13 +7,14 @@ from django.conf import settings
|
||||||
from django.contrib.sessions.models import Session
|
from django.contrib.sessions.models import Session
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousOperation
|
||||||
from django.db.models import Model
|
from django.db.models import Model
|
||||||
from django.db.models.signals import post_save, pre_delete
|
from django.db.models.signals import m2m_changed, post_save, pre_delete
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django_otp.plugins.otp_static.models import StaticToken
|
from django_otp.plugins.otp_static.models import StaticToken
|
||||||
from guardian.models import UserObjectPermission
|
from guardian.models import UserObjectPermission
|
||||||
|
|
||||||
from authentik.core.models import (
|
from authentik.core.models import (
|
||||||
AuthenticatedSession,
|
AuthenticatedSession,
|
||||||
|
Group,
|
||||||
PropertyMapping,
|
PropertyMapping,
|
||||||
Provider,
|
Provider,
|
||||||
Source,
|
Source,
|
||||||
|
@ -58,6 +59,13 @@ def should_log_model(model: Model) -> bool:
|
||||||
return model.__class__ not in IGNORED_MODELS
|
return model.__class__ not in IGNORED_MODELS
|
||||||
|
|
||||||
|
|
||||||
|
def should_log_m2m(model: Model) -> bool:
|
||||||
|
"""Return true if m2m operation should be logged"""
|
||||||
|
if model.__class__ in [User, Group]:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
class EventNewThread(Thread):
|
class EventNewThread(Thread):
|
||||||
"""Create Event in background thread"""
|
"""Create Event in background thread"""
|
||||||
|
|
||||||
|
@ -96,6 +104,7 @@ class AuditMiddleware:
|
||||||
return
|
return
|
||||||
post_save_handler = partial(self.post_save_handler, user=request.user, request=request)
|
post_save_handler = partial(self.post_save_handler, user=request.user, request=request)
|
||||||
pre_delete_handler = partial(self.pre_delete_handler, user=request.user, request=request)
|
pre_delete_handler = partial(self.pre_delete_handler, user=request.user, request=request)
|
||||||
|
m2m_changed_handler = partial(self.m2m_changed_handler, user=request.user, request=request)
|
||||||
post_save.connect(
|
post_save.connect(
|
||||||
post_save_handler,
|
post_save_handler,
|
||||||
dispatch_uid=request.request_id,
|
dispatch_uid=request.request_id,
|
||||||
|
@ -106,6 +115,11 @@ class AuditMiddleware:
|
||||||
dispatch_uid=request.request_id,
|
dispatch_uid=request.request_id,
|
||||||
weak=False,
|
weak=False,
|
||||||
)
|
)
|
||||||
|
m2m_changed.connect(
|
||||||
|
m2m_changed_handler,
|
||||||
|
dispatch_uid=request.request_id,
|
||||||
|
weak=False,
|
||||||
|
)
|
||||||
|
|
||||||
def disconnect(self, request: HttpRequest):
|
def disconnect(self, request: HttpRequest):
|
||||||
"""Disconnect signals"""
|
"""Disconnect signals"""
|
||||||
|
@ -113,6 +127,7 @@ class AuditMiddleware:
|
||||||
return
|
return
|
||||||
post_save.disconnect(dispatch_uid=request.request_id)
|
post_save.disconnect(dispatch_uid=request.request_id)
|
||||||
pre_delete.disconnect(dispatch_uid=request.request_id)
|
pre_delete.disconnect(dispatch_uid=request.request_id)
|
||||||
|
m2m_changed.disconnect(dispatch_uid=request.request_id)
|
||||||
|
|
||||||
def __call__(self, request: HttpRequest) -> HttpResponse:
|
def __call__(self, request: HttpRequest) -> HttpResponse:
|
||||||
self.connect(request)
|
self.connect(request)
|
||||||
|
@ -167,3 +182,20 @@ class AuditMiddleware:
|
||||||
user=user,
|
user=user,
|
||||||
model=model_to_dict(instance),
|
model=model_to_dict(instance),
|
||||||
).run()
|
).run()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def m2m_changed_handler(
|
||||||
|
user: User, request: HttpRequest, sender, instance: Model, action: str, **_
|
||||||
|
):
|
||||||
|
"""Signal handler for all object's m2m_changed"""
|
||||||
|
if action not in ["pre_add", "pre_remove"]:
|
||||||
|
return
|
||||||
|
if not should_log_m2m(instance):
|
||||||
|
return
|
||||||
|
|
||||||
|
EventNewThread(
|
||||||
|
EventAction.MODEL_UPDATED,
|
||||||
|
request,
|
||||||
|
user=user,
|
||||||
|
model=model_to_dict(instance),
|
||||||
|
).run()
|
||||||
|
|
|
@ -141,6 +141,7 @@ class AuthorizeError(OAuth2Error):
|
||||||
),
|
),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# pylint: disable=too-many-arguments
|
||||||
def __init__(
|
def __init__(
|
||||||
self,
|
self,
|
||||||
redirect_uri: str,
|
redirect_uri: str,
|
||||||
|
|
|
@ -439,7 +439,6 @@ _LOGGING_HANDLER_MAP = {
|
||||||
"fsevents": "WARNING",
|
"fsevents": "WARNING",
|
||||||
}
|
}
|
||||||
for handler_name, level in _LOGGING_HANDLER_MAP.items():
|
for handler_name, level in _LOGGING_HANDLER_MAP.items():
|
||||||
|
|
||||||
LOGGING["loggers"][handler_name] = {
|
LOGGING["loggers"][handler_name] = {
|
||||||
"handlers": ["console"],
|
"handlers": ["console"],
|
||||||
"level": level,
|
"level": level,
|
||||||
|
|
Reference in a new issue