2020-12-05 21:08:42 +00:00
|
|
|
"""authentik admin Middleware to impersonate users"""
|
2020-09-21 17:31:01 +00:00
|
|
|
from logging import Logger
|
|
|
|
|
from threading import local
|
2020-09-17 14:24:53 +00:00
|
|
|
from typing import Callable
|
2020-09-21 17:31:01 +00:00
|
|
|
from uuid import uuid4
|
2020-09-17 14:24:53 +00:00
|
|
|
|
|
|
|
|
from django.http import HttpRequest, HttpResponse
|
2021-12-13 15:15:27 +00:00
|
|
|
from sentry_sdk.api import set_tag
|
2020-09-17 14:24:53 +00:00
|
|
|
|
2020-12-05 21:08:42 +00:00
|
|
|
SESSION_IMPERSONATE_USER = "authentik_impersonate_user"
|
|
|
|
|
SESSION_IMPERSONATE_ORIGINAL_USER = "authentik_impersonate_original_user"
|
2020-09-21 17:31:01 +00:00
|
|
|
LOCAL = local()
|
2021-02-16 18:14:08 +00:00
|
|
|
RESPONSE_HEADER_ID = "X-authentik-id"
|
2021-10-20 20:12:49 +00:00
|
|
|
KEY_AUTH_VIA = "auth_via"
|
|
|
|
|
KEY_USER = "user"
|
2020-09-17 14:24:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class ImpersonateMiddleware:
|
|
|
|
|
"""Middleware to impersonate users"""
|
|
|
|
|
|
|
|
|
|
get_response: Callable[[HttpRequest], HttpResponse]
|
|
|
|
|
|
|
|
|
|
def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
|
|
|
|
|
self.get_response = get_response
|
|
|
|
|
|
|
|
|
|
def __call__(self, request: HttpRequest) -> HttpResponse:
|
|
|
|
|
# No permission checks are done here, they need to be checked before
|
|
|
|
|
# SESSION_IMPERSONATE_USER is set.
|
|
|
|
|
|
|
|
|
|
if SESSION_IMPERSONATE_USER in request.session:
|
|
|
|
|
request.user = request.session[SESSION_IMPERSONATE_USER]
|
2021-06-12 18:40:53 +00:00
|
|
|
# Ensure that the user is active, otherwise nothing will work
|
|
|
|
|
request.user.is_active = True
|
2020-09-17 14:24:53 +00:00
|
|
|
|
|
|
|
|
return self.get_response(request)
|
2020-09-21 17:31:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class RequestIDMiddleware:
|
|
|
|
|
"""Add a unique ID to every request"""
|
|
|
|
|
|
|
|
|
|
get_response: Callable[[HttpRequest], HttpResponse]
|
|
|
|
|
|
|
|
|
|
def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
|
|
|
|
|
self.get_response = get_response
|
|
|
|
|
|
|
|
|
|
def __call__(self, request: HttpRequest) -> HttpResponse:
|
|
|
|
|
if not hasattr(request, "request_id"):
|
|
|
|
|
request_id = uuid4().hex
|
|
|
|
|
setattr(request, "request_id", request_id)
|
2021-05-29 17:07:54 +00:00
|
|
|
LOCAL.authentik = {
|
|
|
|
|
"request_id": request_id,
|
|
|
|
|
"host": request.get_host(),
|
|
|
|
|
}
|
2021-12-13 15:15:27 +00:00
|
|
|
set_tag("authentik.request_id", request_id)
|
2020-09-21 17:31:01 +00:00
|
|
|
response = self.get_response(request)
|
2021-02-16 18:14:08 +00:00
|
|
|
response[RESPONSE_HEADER_ID] = request.request_id
|
2021-11-15 15:32:56 +00:00
|
|
|
setattr(response, "ak_context", {})
|
2021-11-16 09:34:51 +00:00
|
|
|
response.ak_context.update(LOCAL.authentik)
|
2021-11-15 15:32:56 +00:00
|
|
|
response.ak_context[KEY_USER] = request.user.username
|
2021-10-20 20:12:49 +00:00
|
|
|
for key in list(LOCAL.authentik.keys()):
|
|
|
|
|
del LOCAL.authentik[key]
|
2020-09-21 17:31:01 +00:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# pylint: disable=unused-argument
|
2021-10-20 20:12:49 +00:00
|
|
|
def structlog_add_request_id(logger: Logger, method_name: str, event_dict: dict):
|
2020-12-05 21:08:42 +00:00
|
|
|
"""If threadlocal has authentik defined, add request_id to log"""
|
|
|
|
|
if hasattr(LOCAL, "authentik"):
|
2021-10-20 20:12:49 +00:00
|
|
|
event_dict.update(LOCAL.authentik)
|
2021-12-09 08:36:52 +00:00
|
|
|
if hasattr(LOCAL, "authentik_task"):
|
|
|
|
|
event_dict.update(LOCAL.authentik_task)
|
2020-09-21 17:31:01 +00:00
|
|
|
return event_dict
|
