From 20ad0628147a84eb8f1642c0995f7cd47a11fc23 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 3 Mar 2019 00:34:34 +0100 Subject: [PATCH] Log SAML Authorization actions --- passbook/saml_idp/views.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/passbook/saml_idp/views.py b/passbook/saml_idp/views.py index 244755d28..35ceb704a 100644 --- a/passbook/saml_idp/views.py +++ b/passbook/saml_idp/views.py @@ -13,6 +13,7 @@ from django.views import View from django.views.decorators.csrf import csrf_exempt from signxml.util import strip_pem_header +from passbook.audit.models import AuditEntry from passbook.core.models import Application from passbook.core.policies import PolicyEngine from passbook.lib.config import CONFIG @@ -112,7 +113,12 @@ class LoginProcessView(ProviderMixin, LoginRequiredMixin, View): # Check if user has access if self.provider.application.skip_authorization and self._has_access(): ctx = self.provider.processor.generate_response() - # TODO: AuditLog Skipped Authz + # Log Application Authorization + AuditEntry.create( + action=AuditEntry.ACTION_AUTHORIZE_APPLICATION, + request=request, + app=self.provider.application.name, + skipped_authorization=True) return RedirectToSPView.as_view()( request=request, acs_url=ctx['acs_url'], @@ -130,7 +136,11 @@ class LoginProcessView(ProviderMixin, LoginRequiredMixin, View): # Check if user has access if request.POST.get('ACSUrl', None) and self._has_access(): # User accepted request - # TODO: AuditLog accepted + AuditEntry.create( + action=AuditEntry.ACTION_AUTHORIZE_APPLICATION, + request=request, + app=self.provider.application.name, + skipped_authorization=False) return RedirectToSPView.as_view()( request=request, acs_url=request.POST.get('ACSUrl'),