paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix client ip not showing in audit log for sso logon and disable some unused urls and settings

Browse Source
This commit is contained in:
sadnub
2024-10-22 11:54:34 -04:00
parent 66c7123f7c
commit 5520a84062
3 changed files with 28 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
api/tacticalrmm/ee/sso/urls.py
View File

@@ -6,10 +6,7 @@ For details, see: https://license.tacticalrmm.com/ee
from django.urls import path, include, re_path from django.urls import path, include, re_path
from allauth.socialaccount.providers.openid_connect.views import callback from allauth.socialaccount.providers.openid_connect.views import callback
from allauth.headless.socialaccount.views import ( from allauth.headless.socialaccount.views import RedirectToProviderView
RedirectToProviderView,
ManageProvidersView,
)
from allauth.headless.base.views import ConfigView from allauth.headless.base.views import ConfigView
from . import views from . import views
@@ -31,6 +28,7 @@ urlpatterns = [
path("ssoproviders/<int:pk>/", views.GetUpdateDeleteSSOProvider.as_view()), path("ssoproviders/<int:pk>/", views.GetUpdateDeleteSSOProvider.as_view()),
path("ssoproviders/token/", views.GetAccessToken.as_view()), path("ssoproviders/token/", views.GetAccessToken.as_view()),
path("ssoproviders/settings/", views.GetUpdateSSOSettings.as_view()), path("ssoproviders/settings/", views.GetUpdateSSOSettings.as_view()),
path("ssoproviders/account/", views.DisconnectSSOAccount.as_view())
] ]
allauth_urls = [ allauth_urls = [
@@ -40,7 +38,7 @@ allauth_urls = [
( (
[ [
path( path(
"config", "config/",
ConfigView.as_api_view(client="browser"), ConfigView.as_api_view(client="browser"),
name="config", name="config",
), ),
@@ -50,19 +48,12 @@ allauth_urls = [
( (
[ [
path( path(
"auth/provider/redirect", "auth/provider/redirect/",
RedirectToProviderView.as_api_view( RedirectToProviderView.as_api_view(
client="browser" client="browser"
), ),
name="redirect_to_provider", name="redirect_to_provider",
), )
path(
"providers",
ManageProvidersView.as_api_view(
client="browser"
),
name="manage_providers",
),
], ],
"headless", "headless",
), ),

22
api/tacticalrmm/ee/sso/views.py
View File

@@ -6,7 +6,7 @@ For details, see: https://license.tacticalrmm.com/ee
import re import re
from allauth.socialaccount.models import SocialApp from allauth.socialaccount.models import SocialApp, SocialAccount
from django.contrib.auth import logout from django.contrib.auth import logout
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from knox.views import LoginView as KnoxLoginView from knox.views import LoginView as KnoxLoginView
@@ -124,6 +124,17 @@ class GetUpdateDeleteSSOProvider(APIView):
return Response("ok") return Response("ok")
class DisconnectSSOAccount(APIView):
permission_classes = [IsAuthenticated, AccountsPerms]
def delete(self, request):
account = get_object_or_404(SocialAccount, uid=request.data["account"], provider=request.data["provider"])
account.delete()
return Response("ok")
class GetAccessToken(KnoxLoginView): class GetAccessToken(KnoxLoginView):
permission_classes = [IsAuthenticated, SSOLoginPerms] permission_classes = [IsAuthenticated, SSOLoginPerms]
authentication_classes = [SessionAuthentication] authentication_classes = [SessionAuthentication]
@@ -151,16 +162,17 @@ class GetAccessToken(KnoxLoginView):
else: else:
response.data["name"] = None response.data["name"] = None
AuditLog.audit_user_login_successful_sso(
request.user.username, login_method["provider"], login_method
)
# log ip # log ip
ipw = IpWare() ipw = IpWare()
client_ip, _ = ipw.get_client_ip(request.META) client_ip, _ = ipw.get_client_ip(request.META)
if client_ip: if client_ip:
request.user.last_login_ip = str(client_ip) request.user.last_login_ip = str(client_ip)
request.user.save(update_fields=["last_login_ip"]) request.user.save(update_fields=["last_login_ip"])
login_method["ip"] = str(client_ip)
AuditLog.audit_user_login_successful_sso(
request.user.username, login_method["provider"], login_method
)
# invalid user session since we have an access token now # invalid user session since we have an access token now
logout(request) logout(request)

10
api/tacticalrmm/tacticalrmm/settings.py
View File

@@ -172,7 +172,6 @@ INSTALLED_APPS = [
"django.contrib.contenttypes", "django.contrib.contenttypes",
"django.contrib.sessions", "django.contrib.sessions",
"django.contrib.staticfiles", "django.contrib.staticfiles",
"django.contrib.messages",
"channels", "channels",
"rest_framework", "rest_framework",
"rest_framework.authtoken", "rest_framework.authtoken",
@@ -237,7 +236,6 @@ MIDDLEWARE = [
"django.middleware.common.CommonMiddleware", "django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware", "django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"tacticalrmm.middleware.AuditMiddleware", "tacticalrmm.middleware.AuditMiddleware",
"allauth.account.middleware.AccountMiddleware", "allauth.account.middleware.AccountMiddleware",
] ]
@@ -255,8 +253,12 @@ if DEBUG and not DEMO:
MIDDLEWARE.insert(0, "silk.middleware.SilkyMiddleware") MIDDLEWARE.insert(0, "silk.middleware.SilkyMiddleware")
if ADMIN_ENABLED: if ADMIN_ENABLED:
INSTALLED_APPS += ("django.contrib.admin",) MIDDLEWARE += ("django.contrib.messages.middleware.MessageMiddleware",)
INSTALLED_APPS += (
"django.contrib.admin",
"django.contrib.messages",
)
if DEMO: if DEMO:
MIDDLEWARE += ("tacticalrmm.middleware.DemoMiddleware",) MIDDLEWARE += ("tacticalrmm.middleware.DemoMiddleware",)