authentik/passbook/audit/models.py

"""passbook audit models"""
from enum import Enum
from inspect import getmodule, stack
from typing import Any, Dict, Optional
from uuid import UUID, uuid4

from django.conf import settings
from django.contrib.auth.models import AnonymousUser
from django.core.exceptions import ValidationError
from django.db import models
from django.db.models.base import Model
from django.http import HttpRequest
from django.utils.translation import gettext as _
from django.views.debug import SafeExceptionReporterFilter
from guardian.shortcuts import get_anonymous_user
from structlog import get_logger

from passbook.core.middleware import (
    SESSION_IMPERSONATE_ORIGINAL_USER,
    SESSION_IMPERSONATE_USER,
)
from passbook.lib.utils.http import get_client_ip

LOGGER = get_logger()


def cleanse_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
    """Cleanse a dictionary, recursively"""
    final_dict = {}
    for key, value in source.items():
        try:
            if SafeExceptionReporterFilter.hidden_settings.search(key):
                final_dict[key] = SafeExceptionReporterFilter.cleansed_substitute
            else:
                final_dict[key] = value
        except TypeError:
            final_dict[key] = value
        if isinstance(value, dict):
            final_dict[key] = cleanse_dict(value)
    return final_dict


def model_to_dict(model: Model) -> Dict[str, Any]:
    """Convert model to dict"""
    name = str(model)
    if hasattr(model, "name"):
        name = model.name
    return {
        "app": model._meta.app_label,
        "model_name": model._meta.model_name,
        "pk": model.pk,
        "name": name,
    }


def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
    """clean source of all Models that would interfere with the JSONField.
    Models are replaced with a dictionary of {
        app: str,
        name: str,
        pk: Any
    }"""
    final_dict = {}
    for key, value in source.items():
        if isinstance(value, dict):
            final_dict[key] = sanitize_dict(value)
        elif isinstance(value, models.Model):
            final_dict[key] = sanitize_dict(model_to_dict(value))
        elif isinstance(value, UUID):
            final_dict[key] = value.hex
        else:
            final_dict[key] = value
    return final_dict


class EventAction(Enum):
    """All possible actions to save into the audit log"""

    LOGIN = "login"
    LOGIN_FAILED = "login_failed"
    LOGOUT = "logout"
    AUTHORIZE_APPLICATION = "authorize_application"
    SUSPICIOUS_REQUEST = "suspicious_request"
    SIGN_UP = "sign_up"
    PASSWORD_RESET = "password_reset"  # noqa # nosec
    INVITE_CREATED = "invitation_created"
    INVITE_USED = "invitation_used"
    IMPERSONATION_STARTED = "impersonation_started"
    IMPERSONATION_ENDED = "impersonation_ended"
    CUSTOM = "custom"

    @staticmethod
    def as_choices():
        """Generate choices of actions used for database"""
        return tuple(
            (x, y.value) for x, y in getattr(EventAction, "__members__").items()
        )


class Event(models.Model):
    """An individual audit log event"""

    event_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
    user = models.ForeignKey(
        settings.AUTH_USER_MODEL, null=True, on_delete=models.SET_NULL
    )
    action = models.TextField(choices=EventAction.as_choices())
    date = models.DateTimeField(auto_now_add=True)
    app = models.TextField()
    context = models.JSONField(default=dict, blank=True)
    client_ip = models.GenericIPAddressField(null=True)
    created = models.DateTimeField(auto_now_add=True)

    @staticmethod
    def _get_app_from_request(request: HttpRequest) -> str:
        if not isinstance(request, HttpRequest):
            return ""
        return request.resolver_match.app_name

    @staticmethod
    def new(
        action: EventAction,
        app: Optional[str] = None,
        _inspect_offset: int = 1,
        **kwargs,
    ) -> "Event":
        """Create new Event instance from arguments. Instance is NOT saved."""
        if not isinstance(action, EventAction):
            raise ValueError(
                f"action must be EventAction instance but was {type(action)}"
            )
        if not app:
            app = getmodule(stack()[_inspect_offset][0]).__name__
        cleaned_kwargs = cleanse_dict(sanitize_dict(kwargs))
        event = Event(action=action.value, app=app, context=cleaned_kwargs)
        return event

    def from_http(
        self, request: HttpRequest, user: Optional[settings.AUTH_USER_MODEL] = None
    ) -> "Event":
        """Add data from a Django-HttpRequest, allowing the creation of
        Events independently from requests.
        `user` arguments optionally overrides user from requests."""
        if hasattr(request, "user"):
            if isinstance(request.user, AnonymousUser):
                self.user = get_anonymous_user()
            else:
                self.user = request.user
        if user:
            self.user = user
        # Check if we're currently impersonating, and add that user
        if hasattr(request, "session"):
            if SESSION_IMPERSONATE_ORIGINAL_USER in request.session:
                self.user = request.session[SESSION_IMPERSONATE_ORIGINAL_USER]
                self.context["on_behalf_of"] = model_to_dict(
                    request.session[SESSION_IMPERSONATE_USER]
                )
        # User 255.255.255.255 as fallback if IP cannot be determined
        self.client_ip = get_client_ip(request) or "255.255.255.255"
        # If there's no app set, we get it from the requests too
        if not self.app:
            self.app = Event._get_app_from_request(request)
        self.save()
        return self

    def save(self, *args, **kwargs):
        if not self._state.adding:
            raise ValidationError(
                "you may not edit an existing %s" % self._meta.model_name
            )
        LOGGER.debug(
            "Created Audit event",
            action=self.action,
            context=self.context,
            client_ip=self.client_ip,
            user=self.user,
        )
        return super().save(*args, **kwargs)

    class Meta:

        verbose_name = _("Audit Event")
        verbose_name_plural = _("Audit Events")
Add api and audit structure 2018-11-23 16:05:41 +00:00			`"""passbook audit models"""`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`from enum import Enum`
			`from inspect import getmodule, stack`
global: fix import order 2020-02-14 14:17:40 +00:00			`from typing import Any, Dict, Optional`
migrate to per-model UUID Primary key, remove UUIDModel (#26) * : migrate to per-model UUID Primary key, remove UUIDModel *: fix import order, fix unittests 2020-05-20 07:17:06 +00:00			`from uuid import UUID, uuid4`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00
Add api and audit structure 2018-11-23 16:05:41 +00:00			`from django.conf import settings`
admin: link to invitation on list 2018-12-10 14:26:28 +00:00			`from django.contrib.auth.models import AnonymousUser`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`from django.core.exceptions import ValidationError`
Add api and audit structure 2018-11-23 16:05:41 +00:00			`from django.db import models`
core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`from django.db.models.base import Model`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`from django.http import HttpRequest`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`from django.utils.translation import gettext as _`
*: update JSON fields to django 3.1 2020-08-15 19:04:22 +00:00			`from django.views.debug import SafeExceptionReporterFilter`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`from guardian.shortcuts import get_anonymous_user`
*(minor): stdlib logging to structlog 2019-10-01 08:24:10 +00:00			`from structlog import get_logger`
Add api and audit structure 2018-11-23 16:05:41 +00:00
audit: fix fields for events from impersonation being swapped 2020-09-19 20:49:40 +00:00			`from passbook.core.middleware import (`
			`SESSION_IMPERSONATE_ORIGINAL_USER,`
			`SESSION_IMPERSONATE_USER,`
			`)`
all(minor): replace django-ipware with custom implementation 2019-12-05 13:33:55 +00:00			`from passbook.lib.utils.http import get_client_ip`
Add api and audit structure 2018-11-23 16:05:41 +00:00
*(minor): remove __name__ param from get_logger 2019-10-04 08:08:53 +00:00			`LOGGER = get_logger()`
Add api and audit structure 2018-11-23 16:05:41 +00:00
all: implement black as code formatter 2019-12-31 11:51:16 +00:00
audit: add cleanse_dict function to ensure no passwords end in logs 2020-06-29 17:13:07 +00:00			`def cleanse_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:`
			`"""Cleanse a dictionary, recursively"""`
			`final_dict = {}`
			`for key, value in source.items():`
			`try:`
*: update JSON fields to django 3.1 2020-08-15 19:04:22 +00:00			`if SafeExceptionReporterFilter.hidden_settings.search(key):`
			`final_dict[key] = SafeExceptionReporterFilter.cleansed_substitute`
audit: add cleanse_dict function to ensure no passwords end in logs 2020-06-29 17:13:07 +00:00			`else:`
			`final_dict[key] = value`
			`except TypeError:`
			`final_dict[key] = value`
			`if isinstance(value, dict):`
			`final_dict[key] = cleanse_dict(value)`
			`return final_dict`


core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`def model_to_dict(model: Model) -> Dict[str, Any]:`
			`"""Convert model to dict"""`
			`name = str(model)`
			`if hasattr(model, "name"):`
			`name = model.name`
			`return {`
			`"app": model._meta.app_label,`
			`"model_name": model._meta.model_name,`
			`"pk": model.pk,`
			`"name": name,`
			`}`


audit: sanitize kwargs when creating audit event 2019-12-31 12:33:07 +00:00			`def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:`
			`"""clean source of all Models that would interfere with the JSONField.`
			`Models are replaced with a dictionary of {`
			`app: str,`
			`name: str,`
			`pk: Any`
			`}"""`
audit: fix sanitize_dict updating source dict 2020-06-29 14:19:56 +00:00			`final_dict = {}`
audit: sanitize kwargs when creating audit event 2019-12-31 12:33:07 +00:00			`for key, value in source.items():`
			`if isinstance(value, dict):`
audit: fix sanitize_dict updating source dict 2020-06-29 14:19:56 +00:00			`final_dict[key] = sanitize_dict(value)`
audit: sanitize kwargs when creating audit event 2019-12-31 12:33:07 +00:00			`elif isinstance(value, models.Model):`
core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`final_dict[key] = sanitize_dict(model_to_dict(value))`
audit: fix error when trying to save models with UUID as PK 2020-01-02 12:00:16 +00:00			`elif isinstance(value, UUID):`
audit: fix sanitize_dict updating source dict 2020-06-29 14:19:56 +00:00			`final_dict[key] = value.hex`
			`else:`
			`final_dict[key] = value`
			`return final_dict`
audit: sanitize kwargs when creating audit event 2019-12-31 12:33:07 +00:00

audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`class EventAction(Enum):`
			`"""All possible actions to save into the audit log"""`

all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`LOGIN = "login"`
			`LOGIN_FAILED = "login_failed"`
			`LOGOUT = "logout"`
			`AUTHORIZE_APPLICATION = "authorize_application"`
			`SUSPICIOUS_REQUEST = "suspicious_request"`
			`SIGN_UP = "sign_up"`
			`PASSWORD_RESET = "password_reset" # noqa # nosec`
			`INVITE_CREATED = "invitation_created"`
			`INVITE_USED = "invitation_used"`
core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`IMPERSONATION_STARTED = "impersonation_started"`
			`IMPERSONATION_ENDED = "impersonation_ended"`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`CUSTOM = "custom"`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00
			`@staticmethod`
			`def as_choices():`
			`"""Generate choices of actions used for database"""`
*: add pyright type checking 2020-05-06 22:32:03 +00:00			`return tuple(`
			`(x, y.value) for x, y in getattr(EventAction, "__members__").items()`
			`)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00

migrate to per-model UUID Primary key, remove UUIDModel (#26) * : migrate to per-model UUID Primary key, remove UUIDModel *: fix import order, fix unittests 2020-05-20 07:17:06 +00:00			`class Event(models.Model):`
audit(major): AuditEntry -> Event 2019-10-28 13:26:34 +00:00			`"""An individual audit log event"""`
Add api and audit structure 2018-11-23 16:05:41 +00:00
migrate to per-model UUID Primary key, remove UUIDModel (#26) * : migrate to per-model UUID Primary key, remove UUIDModel *: fix import order, fix unittests 2020-05-20 07:17:06 +00:00			`event_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`user = models.ForeignKey(`
			`settings.AUTH_USER_MODEL, null=True, on_delete=models.SET_NULL`
			`)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`action = models.TextField(choices=EventAction.as_choices())`
Add api and audit structure 2018-11-23 16:05:41 +00:00			`date = models.DateTimeField(auto_now_add=True)`
			`app = models.TextField()`
*: update JSON fields to django 3.1 2020-08-15 19:04:22 +00:00			`context = models.JSONField(default=dict, blank=True)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`client_ip = models.GenericIPAddressField(null=True)`
audit: add created field 2018-12-13 17:01:45 +00:00			`created = models.DateTimeField(auto_now_add=True)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00
			`@staticmethod`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`def _get_app_from_request(request: HttpRequest) -> str:`
			`if not isinstance(request, HttpRequest):`
			`return ""`
			`return request.resolver_match.app_name`

			`@staticmethod`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`def new(`
			`action: EventAction,`
			`app: Optional[str] = None,`
			`_inspect_offset: int = 1,`
			`**kwargs,`
			`) -> "Event":`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`"""Create new Event instance from arguments. Instance is NOT saved."""`
			`if not isinstance(action, EventAction):`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`raise ValueError(`
			`f"action must be EventAction instance but was {type(action)}"`
			`)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`if not app:`
			`app = getmodule(stack()[_inspect_offset][0]).__name__`
audit: add cleanse_dict function to ensure no passwords end in logs 2020-06-29 17:13:07 +00:00			`cleaned_kwargs = cleanse_dict(sanitize_dict(kwargs))`
audit: sanitize kwargs when creating audit event 2019-12-31 12:33:07 +00:00			`event = Event(action=action.value, app=app, context=cleaned_kwargs)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`return event`

all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`def from_http(`
			`self, request: HttpRequest, user: Optional[settings.AUTH_USER_MODEL] = None`
			`) -> "Event":`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`"""Add data from a Django-HttpRequest, allowing the creation of`
			`Events independently from requests.`
			`user` arguments optionally overrides user from requests."""
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`if hasattr(request, "user"):`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`if isinstance(request.user, AnonymousUser):`
			`self.user = get_anonymous_user()`
			`else:`
			`self.user = request.user`
			`if user:`
			`self.user = user`
core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`# Check if we're currently impersonating, and add that user`
			`if hasattr(request, "session"):`
			`if SESSION_IMPERSONATE_ORIGINAL_USER in request.session:`
audit: fix fields for events from impersonation being swapped 2020-09-19 20:49:40 +00:00			`self.user = request.session[SESSION_IMPERSONATE_ORIGINAL_USER]`
core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`self.context["on_behalf_of"] = model_to_dict(`
audit: fix fields for events from impersonation being swapped 2020-09-19 20:49:40 +00:00			`request.session[SESSION_IMPERSONATE_USER]`
core: add impersonation start/end to audit log also add impersonated user as context to other logs 2020-09-18 21:39:37 +00:00			`)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`# User 255.255.255.255 as fallback if IP cannot be determined`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`self.client_ip = get_client_ip(request) or "255.255.255.255"`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`# If there's no app set, we get it from the requests too`
			`if not self.app:`
			`self.app = Event._get_app_from_request(request)`
			`self.save()`
			`return self`
Add api and audit structure 2018-11-23 16:05:41 +00:00
			`def save(self, args, *kwargs):`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00			`if not self._state.adding:`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`raise ValidationError(`
			`"you may not edit an existing %s" % self._meta.model_name`
			`)`
audit: log event creation on save 2020-02-18 16:05:11 +00:00			`LOGGER.debug(`
			`"Created Audit event",`
			`action=self.action,`
			`context=self.context,`
			`client_ip=self.client_ip,`
providers/saml: fix CannotHandleAssertion Error still being sent to sentry 2020-02-24 18:14:43 +00:00			`user=self.user,`
audit: log event creation on save 2020-02-18 16:05:11 +00:00			`)`
audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 15:14:08 +00:00			`return super().save(args, *kwargs)`
Audit: implement logging of basic events like login, logout, failed login 2018-12-10 12:47:51 +00:00
			`class Meta:`

all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`verbose_name = _("Audit Event")`
			`verbose_name_plural = _("Audit Events")`