diff --git a/passbook/admin/urls.py b/passbook/admin/urls.py index 3457acf17..3a21d7785 100644 --- a/passbook/admin/urls.py +++ b/passbook/admin/urls.py @@ -1,5 +1,5 @@ """passbook URL Configuration""" -from django.urls import include, path +from django.urls import path from passbook.admin.views import (applications, audit, debug, factors, groups, invitations, overview, policy, @@ -74,7 +74,7 @@ urlpatterns = [ path('group//update/', groups.GroupUpdateView.as_view(), name='group-update'), path('group//delete/', groups.GroupDeleteView.as_view(), name='group-delete'), # Audit Log - path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'), + path('audit/', audit.EventListView.as_view(), name='audit-log'), # Groups path('groups/', groups.GroupListView.as_view(), name='groups'), # Debug diff --git a/passbook/admin/views/audit.py b/passbook/admin/views/audit.py index a24ccf87d..95498917e 100644 --- a/passbook/admin/views/audit.py +++ b/passbook/admin/views/audit.py @@ -1,18 +1,18 @@ -"""passbook AuditEntry administration""" +"""passbook Event administration""" from django.views.generic import ListView from guardian.mixins import PermissionListMixin -from passbook.audit.models import AuditEntry +from passbook.audit.models import Event -class AuditEntryListView(PermissionListMixin, ListView): +class EventListView(PermissionListMixin, ListView): """Show list of all invitations""" - model = AuditEntry + model = Event template_name = 'administration/audit/list.html' - permission_required = 'passbook_audit.view_auditentry' + permission_required = 'passbook_audit.view_event' ordering = '-created' paginate_by = 10 def get_queryset(self): - return AuditEntry.objects.all().order_by('-created') + return Event.objects.all().order_by('-created') diff --git a/passbook/audit/migrations/0002_auto_20191028_0829.py b/passbook/audit/migrations/0002_auto_20191028_0829.py new file mode 100644 index 000000000..ce66f79b0 --- /dev/null +++ b/passbook/audit/migrations/0002_auto_20191028_0829.py @@ -0,0 +1,19 @@ +# Generated by Django 2.2.6 on 2019-10-28 08:29 + +from django.conf import settings +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('passbook_audit', '0001_initial'), + ] + + operations = [ + migrations.RenameModel( + old_name='AuditEntry', + new_name='Event', + ), + ] diff --git a/passbook/audit/models.py b/passbook/audit/models.py index d9693d4bc..70d35ba3c 100644 --- a/passbook/audit/models.py +++ b/passbook/audit/models.py @@ -12,8 +12,8 @@ from passbook.lib.models import UUIDModel LOGGER = get_logger() -class AuditEntry(UUIDModel): - """An individual audit log entry""" +class Event(UUIDModel): + """An individual audit log event""" ACTION_LOGIN = 'login' ACTION_LOGIN_FAILED = 'login_failed' @@ -46,7 +46,7 @@ class AuditEntry(UUIDModel): @staticmethod def create(action, request, **kwargs): - """Create AuditEntry from arguments""" + """Create Event from arguments""" client_ip, _ = get_client_ip(request) if not hasattr(request, 'user'): user = None @@ -54,7 +54,7 @@ class AuditEntry(UUIDModel): user = request.user if isinstance(user, AnonymousUser): user = kwargs.get('user', None) - entry = AuditEntry.objects.create( + entry = Event.objects.create( action=action, user=user, # User 255.255.255.255 as fallback if IP cannot be determined diff --git a/passbook/audit/signals.py b/passbook/audit/signals.py index a59fb35bd..ad8dd0d24 100644 --- a/passbook/audit/signals.py +++ b/passbook/audit/signals.py @@ -2,7 +2,7 @@ from django.contrib.auth.signals import user_logged_in, user_logged_out from django.dispatch import receiver -from passbook.audit.models import AuditEntry +from passbook.audit.models import Event from passbook.core.signals import (invitation_created, invitation_used, user_signed_up) @@ -10,26 +10,26 @@ from passbook.core.signals import (invitation_created, invitation_used, @receiver(user_logged_in) def on_user_logged_in(sender, request, user, **kwargs): """Log successful login""" - AuditEntry.create(AuditEntry.ACTION_LOGIN, request) + Event.create(Event.ACTION_LOGIN, request) @receiver(user_logged_out) def on_user_logged_out(sender, request, user, **kwargs): """Log successfully logout""" - AuditEntry.create(AuditEntry.ACTION_LOGOUT, request) + Event.create(Event.ACTION_LOGOUT, request) @receiver(user_signed_up) def on_user_signed_up(sender, request, user, **kwargs): """Log successfully signed up""" - AuditEntry.create(AuditEntry.ACTION_SIGN_UP, request) + Event.create(Event.ACTION_SIGN_UP, request) @receiver(invitation_created) def on_invitation_created(sender, request, invitation, **kwargs): """Log Invitation creation""" - AuditEntry.create(AuditEntry.ACTION_INVITE_CREATED, request, + Event.create(Event.ACTION_INVITE_CREATED, request, invitation_uuid=invitation.uuid.hex) @receiver(invitation_used) def on_invitation_used(sender, request, invitation, **kwargs): """Log Invitation usage""" - AuditEntry.create(AuditEntry.ACTION_INVITE_USED, request, + Event.create(Event.ACTION_INVITE_USED, request, invitation_uuid=invitation.uuid.hex) diff --git a/passbook/providers/oauth/views/oauth2.py b/passbook/providers/oauth/views/oauth2.py index 0ec663220..223bac2ea 100644 --- a/passbook/providers/oauth/views/oauth2.py +++ b/passbook/providers/oauth/views/oauth2.py @@ -8,7 +8,7 @@ from django.utils.translation import ugettext as _ from oauth2_provider.views.base import AuthorizationView from structlog import get_logger -from passbook.audit.models import AuditEntry +from passbook.audit.models import Event from passbook.core.models import Application from passbook.core.views.access import AccessMixin from passbook.core.views.utils import LoadingView, PermissionDeniedView @@ -77,8 +77,8 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView): def form_valid(self, form): # User has clicked on "Authorize" - AuditEntry.create( - action=AuditEntry.ACTION_AUTHORIZE_APPLICATION, + Event.create( + action=Event.ACTION_AUTHORIZE_APPLICATION, request=self.request, app=str(self._application)) LOGGER.debug('user %s authorized %s', self.request.user, self._application) diff --git a/passbook/providers/oidc/lib.py b/passbook/providers/oidc/lib.py index 2be1a34c2..557471139 100644 --- a/passbook/providers/oidc/lib.py +++ b/passbook/providers/oidc/lib.py @@ -3,7 +3,7 @@ from django.contrib import messages from django.shortcuts import redirect from structlog import get_logger -from passbook.audit.models import AuditEntry +from passbook.audit.models import Event from passbook.core.models import Application from passbook.policies.engine import PolicyEngine @@ -28,8 +28,8 @@ def check_permissions(request, user, client): messages.error(request, policy_message) return redirect('passbook_providers_oauth:oauth2-permission-denied') - AuditEntry.create( - action=AuditEntry.ACTION_AUTHORIZE_APPLICATION, + Event.create( + action=Event.ACTION_AUTHORIZE_APPLICATION, request=request, app=application.name, skipped_authorization=False) diff --git a/passbook/providers/saml/views.py b/passbook/providers/saml/views.py index 8f7e12d57..b95eebdd5 100644 --- a/passbook/providers/saml/views.py +++ b/passbook/providers/saml/views.py @@ -13,7 +13,7 @@ from django.views.decorators.csrf import csrf_exempt from signxml.util import strip_pem_header from structlog import get_logger -from passbook.audit.models import AuditEntry +from passbook.audit.models import Event from passbook.core.models import Application from passbook.lib.mixins import CSRFExemptMixin from passbook.lib.utils.template import render_to_string @@ -123,8 +123,8 @@ class LoginProcessView(AccessRequiredView): if self.provider.application.skip_authorization: ctx = self.provider.processor.generate_response() # Log Application Authorization - AuditEntry.create( - action=AuditEntry.ACTION_AUTHORIZE_APPLICATION, + Event.create( + action=Event.ACTION_AUTHORIZE_APPLICATION, request=request, app=self.provider.application.name, skipped_authorization=True) @@ -145,8 +145,8 @@ class LoginProcessView(AccessRequiredView): # Check if user has access if request.POST.get('ACSUrl', None): # User accepted request - AuditEntry.create( - action=AuditEntry.ACTION_AUTHORIZE_APPLICATION, + Event.create( + action=Event.ACTION_AUTHORIZE_APPLICATION, request=request, app=self.provider.application.name, skipped_authorization=False)