audit: optimize eventaction,
This commit is contained in:
parent
3b61191614
commit
cf6ce9c915
37
passbook/audit/migrations/0005_auto_20201005_2139.py
Normal file
37
passbook/audit/migrations/0005_auto_20201005_2139.py
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# Generated by Django 3.1.2 on 2020-10-05 21:39
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("passbook_audit", "0004_auto_20200921_1829"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="event",
|
||||||
|
name="action",
|
||||||
|
field=models.TextField(
|
||||||
|
choices=[
|
||||||
|
("login", "Login"),
|
||||||
|
("login_failed", "Login Failed"),
|
||||||
|
("logout", "Logout"),
|
||||||
|
("user_write", "User Write"),
|
||||||
|
("suspicious_request", "Suspicious Request"),
|
||||||
|
("password_set", "Password Set"),
|
||||||
|
("invitation_created", "Invite Created"),
|
||||||
|
("invitation_used", "Invite Used"),
|
||||||
|
("authorize_application", "Authorize Application"),
|
||||||
|
("source_linked", "Source Linked"),
|
||||||
|
("impersonation_started", "Impersonation Started"),
|
||||||
|
("impersonation_ended", "Impersonation Ended"),
|
||||||
|
("model_created", "Model Created"),
|
||||||
|
("model_updated", "Model Updated"),
|
||||||
|
("model_deleted", "Model Deleted"),
|
||||||
|
("custom_", "Custom Prefix"),
|
||||||
|
]
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -96,14 +96,14 @@ class EventAction(models.TextChoices):
|
||||||
LOGIN_FAILED = "login_failed"
|
LOGIN_FAILED = "login_failed"
|
||||||
LOGOUT = "logout"
|
LOGOUT = "logout"
|
||||||
|
|
||||||
SIGN_UP = "sign_up"
|
USER_WRITE = "user_write"
|
||||||
AUTHORIZE_APPLICATION = "authorize_application"
|
|
||||||
SUSPICIOUS_REQUEST = "suspicious_request"
|
SUSPICIOUS_REQUEST = "suspicious_request"
|
||||||
PASSWORD_SET = "password_set" # noqa # nosec
|
PASSWORD_SET = "password_set" # noqa # nosec
|
||||||
|
|
||||||
INVITE_CREATED = "invitation_created"
|
INVITE_CREATED = "invitation_created"
|
||||||
INVITE_USED = "invitation_used"
|
INVITE_USED = "invitation_used"
|
||||||
|
|
||||||
|
AUTHORIZE_APPLICATION = "authorize_application"
|
||||||
SOURCE_LINKED = "source_linked"
|
SOURCE_LINKED = "source_linked"
|
||||||
|
|
||||||
IMPERSONATION_STARTED = "impersonation_started"
|
IMPERSONATION_STARTED = "impersonation_started"
|
||||||
|
|
|
@ -12,6 +12,7 @@ from django.http import HttpRequest
|
||||||
|
|
||||||
from passbook.audit.models import Event, EventAction
|
from passbook.audit.models import Event, EventAction
|
||||||
from passbook.core.models import User
|
from passbook.core.models import User
|
||||||
|
from passbook.core.signals import password_changed
|
||||||
from passbook.stages.invitation.models import Invitation
|
from passbook.stages.invitation.models import Invitation
|
||||||
from passbook.stages.invitation.signals import invitation_created, invitation_used
|
from passbook.stages.invitation.signals import invitation_created, invitation_used
|
||||||
from passbook.stages.user_write.signals import user_write
|
from passbook.stages.user_write.signals import user_write
|
||||||
|
@ -58,9 +59,12 @@ def on_user_logged_out(sender, request: HttpRequest, user: User, **_):
|
||||||
|
|
||||||
@receiver(user_write)
|
@receiver(user_write)
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def on_user_write(sender, request: HttpRequest, user: User, data: Dict[str, Any], **_):
|
def on_user_write(
|
||||||
|
sender, request: HttpRequest, user: User, data: Dict[str, Any], **kwargs
|
||||||
|
):
|
||||||
"""Log User write"""
|
"""Log User write"""
|
||||||
thread = EventNewThread("stages/user_write", request, **data)
|
thread = EventNewThread(EventAction.USER_WRITE, request, **data)
|
||||||
|
thread.kwargs["created"] = kwargs.get("created", False)
|
||||||
thread.user = user
|
thread.user = user
|
||||||
thread.run()
|
thread.run()
|
||||||
|
|
||||||
|
@ -93,3 +97,11 @@ def on_invitation_used(sender, request: HttpRequest, invitation: Invitation, **_
|
||||||
EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex
|
EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex
|
||||||
)
|
)
|
||||||
thread.run()
|
thread.run()
|
||||||
|
|
||||||
|
|
||||||
|
@receiver(password_changed)
|
||||||
|
# pylint: disable=unused-argument
|
||||||
|
def on_password_changed(sender, user: User, password: str, **_):
|
||||||
|
"""Log password change"""
|
||||||
|
thread = EventNewThread(EventAction.PASSWORD_SET, None, user=user)
|
||||||
|
thread.run()
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
"""passbook user_write signals"""
|
"""passbook user_write signals"""
|
||||||
from django.core.signals import Signal
|
from django.core.signals import Signal
|
||||||
|
|
||||||
# Arguments: request: HttpRequest, user: User, data: Dict[str, Any]
|
# Arguments: request: HttpRequest, user: User, data: Dict[str, Any], created: bool
|
||||||
user_write = Signal()
|
user_write = Signal()
|
||||||
|
|
|
@ -27,6 +27,7 @@ class UserWriteStageView(StageView):
|
||||||
LOGGER.debug(message)
|
LOGGER.debug(message)
|
||||||
return self.executor.stage_invalid()
|
return self.executor.stage_invalid()
|
||||||
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
|
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
|
||||||
|
user_created = False
|
||||||
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
|
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
|
||||||
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
|
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
|
||||||
self.executor.plan.context[
|
self.executor.plan.context[
|
||||||
|
@ -36,6 +37,7 @@ class UserWriteStageView(StageView):
|
||||||
"Created new user",
|
"Created new user",
|
||||||
flow_slug=self.executor.flow.slug,
|
flow_slug=self.executor.flow.slug,
|
||||||
)
|
)
|
||||||
|
user_created = True
|
||||||
user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
|
user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
|
||||||
# Before we change anything, check if the user is the same as in the request
|
# Before we change anything, check if the user is the same as in the request
|
||||||
# and we're updating a password. In that case we need to update the session hash
|
# and we're updating a password. In that case we need to update the session hash
|
||||||
|
@ -63,7 +65,9 @@ class UserWriteStageView(StageView):
|
||||||
continue
|
continue
|
||||||
user.attributes[key.replace("attribute_", "", 1)] = value
|
user.attributes[key.replace("attribute_", "", 1)] = value
|
||||||
user.save()
|
user.save()
|
||||||
user_write.send(sender=self, request=request, user=user, data=data)
|
user_write.send(
|
||||||
|
sender=self, request=request, user=user, data=data, created=user_created
|
||||||
|
)
|
||||||
# Check if the password has been updated, and update the session auth hash
|
# Check if the password has been updated, and update the session auth hash
|
||||||
if should_update_seesion:
|
if should_update_seesion:
|
||||||
update_session_auth_hash(self.request, user)
|
update_session_auth_hash(self.request, user)
|
||||||
|
|
Reference in a new issue