events: add better filters to event API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
8242c139c2
commit
080282a0bc
|
@ -1,9 +1,10 @@
|
|||
"""Events API Views"""
|
||||
import django_filters
|
||||
from django.db.models.aggregates import Count
|
||||
from django.db.models.fields.json import KeyTextTransform
|
||||
from drf_yasg2.utils import swagger_auto_schema
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.fields import DictField, IntegerField
|
||||
from rest_framework.fields import CharField, DictField, IntegerField
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.serializers import ModelSerializer, Serializer
|
||||
|
@ -15,6 +16,11 @@ from authentik.events.models import Event, EventAction
|
|||
class EventSerializer(ModelSerializer):
|
||||
"""Event Serializer"""
|
||||
|
||||
# Since we only use this serializer for read-only operations,
|
||||
# no checking of the action is done here.
|
||||
# This allows clients to check wildcards, prefixes and custom types
|
||||
action = CharField()
|
||||
|
||||
class Meta:
|
||||
|
||||
model = Event
|
||||
|
@ -56,6 +62,49 @@ class EventTopPerUserSerializer(Serializer):
|
|||
raise NotImplementedError
|
||||
|
||||
|
||||
class EventsFilter(django_filters.FilterSet):
|
||||
"""Filter for events"""
|
||||
|
||||
username = django_filters.CharFilter(
|
||||
field_name="user", lookup_expr="username", label="Username"
|
||||
)
|
||||
context_model_pk = django_filters.CharFilter(
|
||||
field_name="context",
|
||||
lookup_expr="model__pk",
|
||||
label="Context Model Primary Key",
|
||||
method="filter_context_model_pk",
|
||||
)
|
||||
context_model_name = django_filters.CharFilter(
|
||||
field_name="context",
|
||||
lookup_expr="model__model_name",
|
||||
label="Context Model Name",
|
||||
)
|
||||
context_model_app = django_filters.CharFilter(
|
||||
field_name="context", lookup_expr="model__app", label="Context Model App"
|
||||
)
|
||||
context_authorized_app = django_filters.CharFilter(
|
||||
field_name="context",
|
||||
lookup_expr="authorized_application__pk",
|
||||
label="Context Authorized application",
|
||||
)
|
||||
action = django_filters.CharFilter(
|
||||
field_name="action",
|
||||
lookup_expr="icontains",
|
||||
)
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
def filter_context_model_pk(self, queryset, name, value):
|
||||
"""Because we store the PK as UUID.hex,
|
||||
we need to remove the dashes that a client may send. We can't use a
|
||||
UUIDField for this, as some models might not have a UUID PK"""
|
||||
value = str(value).replace("-", "")
|
||||
return queryset.filter(context__model__pk=value)
|
||||
|
||||
class Meta:
|
||||
model = Event
|
||||
fields = ["action", "client_ip", "username"]
|
||||
|
||||
|
||||
class EventViewSet(ReadOnlyModelViewSet):
|
||||
"""Event Read-Only Viewset"""
|
||||
|
||||
|
@ -70,7 +119,7 @@ class EventViewSet(ReadOnlyModelViewSet):
|
|||
"context",
|
||||
"client_ip",
|
||||
]
|
||||
filterset_fields = ["action"]
|
||||
filterset_class = EventsFilter
|
||||
|
||||
@swagger_auto_schema(
|
||||
method="GET",
|
||||
|
|
89
swagger.yaml
89
swagger.yaml
|
@ -1866,6 +1866,36 @@ paths:
|
|||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: client_ip
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: username
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_model_pk
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_model_name
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_model_app
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_authorized_app
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: ordering
|
||||
in: query
|
||||
description: Which field to use when ordering the results.
|
||||
|
@ -1937,6 +1967,36 @@ paths:
|
|||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: client_ip
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: username
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_model_pk
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_model_name
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_model_app
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: context_authorized_app
|
||||
in: query
|
||||
description: ''
|
||||
required: false
|
||||
type: string
|
||||
- name: ordering
|
||||
in: query
|
||||
description: Which field to use when ordering the results.
|
||||
|
@ -10991,30 +11051,7 @@ definitions:
|
|||
action:
|
||||
title: Action
|
||||
type: string
|
||||
enum:
|
||||
- login
|
||||
- login_failed
|
||||
- logout
|
||||
- user_write
|
||||
- suspicious_request
|
||||
- password_set
|
||||
- secret_view
|
||||
- invitation_used
|
||||
- authorize_application
|
||||
- source_linked
|
||||
- impersonation_started
|
||||
- impersonation_ended
|
||||
- policy_execution
|
||||
- policy_exception
|
||||
- property_mapping_exception
|
||||
- system_task_execution
|
||||
- system_task_exception
|
||||
- configuration_error
|
||||
- model_created
|
||||
- model_updated
|
||||
- model_deleted
|
||||
- update_available
|
||||
- custom_
|
||||
minLength: 1
|
||||
app:
|
||||
title: App
|
||||
type: string
|
||||
|
@ -11032,6 +11069,10 @@ definitions:
|
|||
type: string
|
||||
format: date-time
|
||||
readOnly: true
|
||||
expires:
|
||||
title: Expires
|
||||
type: string
|
||||
format: date-time
|
||||
EventTopPerUser:
|
||||
description: Response object of Event's top_per_user
|
||||
required:
|
||||
|
|
|
@ -28,13 +28,3 @@ export interface ShellChallenge extends Challenge {
|
|||
export interface RedirectChallenge extends Challenge {
|
||||
to: string;
|
||||
}
|
||||
|
||||
export enum FlowDesignation {
|
||||
Authentication = "authentication",
|
||||
Authorization = "authorization",
|
||||
Invalidation = "invalidation",
|
||||
Enrollment = "enrollment",
|
||||
Unrenollment = "unenrollment",
|
||||
Recovery = "recovery",
|
||||
StageConfiguration = "stage_configuration",
|
||||
}
|
||||
|
|
Reference in a new issue