From cf6ce9c9152fc1de4534d62577d4f8539c92fdbf Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 5 Oct 2020 23:43:56 +0200 Subject: [PATCH] audit: optimize eventaction, --- .../migrations/0005_auto_20201005_2139.py | 37 +++++++++++++++++++ passbook/audit/models.py | 4 +- passbook/audit/signals.py | 16 +++++++- passbook/stages/user_write/signals.py | 2 +- passbook/stages/user_write/stage.py | 6 ++- 5 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 passbook/audit/migrations/0005_auto_20201005_2139.py diff --git a/passbook/audit/migrations/0005_auto_20201005_2139.py b/passbook/audit/migrations/0005_auto_20201005_2139.py new file mode 100644 index 000000000..558c58ab6 --- /dev/null +++ b/passbook/audit/migrations/0005_auto_20201005_2139.py @@ -0,0 +1,37 @@ +# Generated by Django 3.1.2 on 2020-10-05 21:39 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("passbook_audit", "0004_auto_20200921_1829"), + ] + + operations = [ + migrations.AlterField( + model_name="event", + name="action", + field=models.TextField( + choices=[ + ("login", "Login"), + ("login_failed", "Login Failed"), + ("logout", "Logout"), + ("user_write", "User Write"), + ("suspicious_request", "Suspicious Request"), + ("password_set", "Password Set"), + ("invitation_created", "Invite Created"), + ("invitation_used", "Invite Used"), + ("authorize_application", "Authorize Application"), + ("source_linked", "Source Linked"), + ("impersonation_started", "Impersonation Started"), + ("impersonation_ended", "Impersonation Ended"), + ("model_created", "Model Created"), + ("model_updated", "Model Updated"), + ("model_deleted", "Model Deleted"), + ("custom_", "Custom Prefix"), + ] + ), + ), + ] diff --git a/passbook/audit/models.py b/passbook/audit/models.py index db3848ed8..a6b37a648 100644 --- a/passbook/audit/models.py +++ b/passbook/audit/models.py @@ -96,14 +96,14 @@ class EventAction(models.TextChoices): LOGIN_FAILED = "login_failed" LOGOUT = "logout" - SIGN_UP = "sign_up" - AUTHORIZE_APPLICATION = "authorize_application" + USER_WRITE = "user_write" SUSPICIOUS_REQUEST = "suspicious_request" PASSWORD_SET = "password_set" # noqa # nosec INVITE_CREATED = "invitation_created" INVITE_USED = "invitation_used" + AUTHORIZE_APPLICATION = "authorize_application" SOURCE_LINKED = "source_linked" IMPERSONATION_STARTED = "impersonation_started" diff --git a/passbook/audit/signals.py b/passbook/audit/signals.py index 28199cc1a..393051916 100644 --- a/passbook/audit/signals.py +++ b/passbook/audit/signals.py @@ -12,6 +12,7 @@ from django.http import HttpRequest from passbook.audit.models import Event, EventAction from passbook.core.models import User +from passbook.core.signals import password_changed from passbook.stages.invitation.models import Invitation from passbook.stages.invitation.signals import invitation_created, invitation_used from passbook.stages.user_write.signals import user_write @@ -58,9 +59,12 @@ def on_user_logged_out(sender, request: HttpRequest, user: User, **_): @receiver(user_write) # pylint: disable=unused-argument -def on_user_write(sender, request: HttpRequest, user: User, data: Dict[str, Any], **_): +def on_user_write( + sender, request: HttpRequest, user: User, data: Dict[str, Any], **kwargs +): """Log User write""" - thread = EventNewThread("stages/user_write", request, **data) + thread = EventNewThread(EventAction.USER_WRITE, request, **data) + thread.kwargs["created"] = kwargs.get("created", False) thread.user = user thread.run() @@ -93,3 +97,11 @@ def on_invitation_used(sender, request: HttpRequest, invitation: Invitation, **_ EventAction.INVITE_USED, request, invitation_uuid=invitation.invite_uuid.hex ) thread.run() + + +@receiver(password_changed) +# pylint: disable=unused-argument +def on_password_changed(sender, user: User, password: str, **_): + """Log password change""" + thread = EventNewThread(EventAction.PASSWORD_SET, None, user=user) + thread.run() diff --git a/passbook/stages/user_write/signals.py b/passbook/stages/user_write/signals.py index 6fa602b0a..043684abc 100644 --- a/passbook/stages/user_write/signals.py +++ b/passbook/stages/user_write/signals.py @@ -1,5 +1,5 @@ """passbook user_write signals""" from django.core.signals import Signal -# Arguments: request: HttpRequest, user: User, data: Dict[str, Any] +# Arguments: request: HttpRequest, user: User, data: Dict[str, Any], created: bool user_write = Signal() diff --git a/passbook/stages/user_write/stage.py b/passbook/stages/user_write/stage.py index 5e25297a8..cf5b6afe8 100644 --- a/passbook/stages/user_write/stage.py +++ b/passbook/stages/user_write/stage.py @@ -27,6 +27,7 @@ class UserWriteStageView(StageView): LOGGER.debug(message) return self.executor.stage_invalid() data = self.executor.plan.context[PLAN_CONTEXT_PROMPT] + user_created = False if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context: self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User() self.executor.plan.context[ @@ -36,6 +37,7 @@ class UserWriteStageView(StageView): "Created new user", flow_slug=self.executor.flow.slug, ) + user_created = True user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] # Before we change anything, check if the user is the same as in the request # and we're updating a password. In that case we need to update the session hash @@ -63,7 +65,9 @@ class UserWriteStageView(StageView): continue user.attributes[key.replace("attribute_", "", 1)] = value user.save() - user_write.send(sender=self, request=request, user=user, data=data) + user_write.send( + sender=self, request=request, user=user, data=data, created=user_created + ) # Check if the password has been updated, and update the session auth hash if should_update_seesion: update_session_auth_hash(self.request, user)