3737 ApiLoginForm ,
3838)
3939from ..app import db
40+ from ..audit import emit
41+ from ..audit .listeners import actor_context , request_context
42+ from .events import AuthEventType
4043from ..sync .models import Project
4144from ..sync .utils import files_size
4245
@@ -157,8 +160,20 @@ def login_public(): # noqa: E501
157160 data = user_profile (user )
158161 data ["session" ] = {"token" : token , "expire" : expire }
159162 LoginHistory .add_record (user .id , request )
163+ emit (
164+ AuthEventType .USER_LOGIN_SUCCEEDED ,
165+ actor_id = user .id ,
166+ actor_email = user .email ,
167+ ** request_context (),
168+ target_id = str (user .id ),
169+ )
160170 return data
161171 else :
172+ emit (
173+ AuthEventType .USER_LOGIN_FAILED ,
174+ ** request_context (),
175+ login = form .login .data ,
176+ )
162177 abort (401 , "Invalid username or password" )
163178 abort (400 , _extract_first_error (form .errors ))
164179
@@ -169,7 +184,14 @@ def close_user_account():
169184 Closing user account effectively means to inactivate user (will be removed by cron job) and remove explicitly
170185 shared projects as well clean references to created projects.
171186 """
187+ emit (
188+ AuthEventType .USER_CLOSED ,
189+ ** actor_context (),
190+ target_id = str (current_user .id ),
191+ )
192+ db .session .info ["audit_skip_user_update" ] = True
172193 current_user .inactivate ()
194+ db .session .info .pop ("audit_skip_user_update" , None )
173195 # emit signal to be caught elsewhere
174196 user_account_closed .send (current_user )
175197 return NoContent , 204
@@ -226,8 +248,20 @@ def login(): # pylint: disable=W0613,W0612
226248 login_user (user )
227249 if not os .path .isfile (current_app .config ["MAINTENANCE_FILE" ]):
228250 LoginHistory .add_record (user .id , request )
251+ emit (
252+ AuthEventType .USER_LOGIN_SUCCEEDED ,
253+ actor_id = user .id ,
254+ actor_email = user .email ,
255+ ** request_context (),
256+ target_id = str (user .id ),
257+ )
229258 return "" , 200
230259 else :
260+ emit (
261+ AuthEventType .USER_LOGIN_FAILED ,
262+ ** request_context (),
263+ login = form .login .data ,
264+ )
231265 abort (401 , "Invalid username or password" )
232266 return jsonify (form .errors ), 401
233267
@@ -242,15 +276,32 @@ def admin_login(): # pylint: disable=W0613,W0612
242276 if user :
243277 if user .active and user .is_admin :
244278 login_user (user )
279+ emit (
280+ AuthEventType .USER_LOGIN_SUCCEEDED ,
281+ actor_id = user .id ,
282+ actor_email = user .email ,
283+ ** request_context (),
284+ target_id = str (user .id ),
285+ )
245286 return "" , 200
246287 else :
247288 abort (403 , "You do not have permissions" )
248289 else :
290+ emit (
291+ AuthEventType .USER_LOGIN_FAILED ,
292+ ** request_context (),
293+ login = form .login .data ,
294+ )
249295 abort (401 , "Invalid username or password" )
250296
251297
252298@auth_required
253299def logout (): # pylint: disable=W0613,W0612
300+ emit (
301+ AuthEventType .USER_LOGOUT ,
302+ ** actor_context (),
303+ target_id = str (current_user .id ),
304+ )
254305 logout_user ()
255306 return "" , 200
256307
@@ -266,6 +317,11 @@ def change_password(): # pylint: disable=W0613,W0612
266317 current_user .assign_password (form .password .data )
267318 db .session .add (current_user )
268319 db .session .commit ()
320+ emit (
321+ AuthEventType .USER_PASSWORD_CHANGED ,
322+ ** actor_context (),
323+ target_id = str (current_user .id ),
324+ )
269325 return "" , 200
270326 return jsonify (form .errors ), 400
271327
@@ -326,6 +382,12 @@ def confirm_new_password(token): # pylint: disable=W0613,W0612
326382 user .assign_password (form .password .data )
327383 db .session .add (user )
328384 db .session .commit ()
385+ emit (
386+ AuthEventType .USER_PASSWORD_RESET ,
387+ ** request_context (),
388+ target_id = str (user .id ),
389+ target_email = user .email ,
390+ )
329391 return "" , 200
330392 return jsonify (form .errors ), 400
331393
@@ -454,10 +516,23 @@ def update_user(username): # pylint: disable=W0613,W0612
454516@auth_required (permissions = ["admin" ])
455517def delete_user (username ): # pylint: disable=W0613,W0612
456518 user = User .query .filter_by (username = username ).first_or_404 ("User not found" )
519+ emit (
520+ AuthEventType .USER_CLOSED ,
521+ ** actor_context (),
522+ target_id = str (user .id ),
523+ target_email = user .email ,
524+ )
525+ db .session .info ["audit_skip_user_update" ] = True
457526 user .inactivate ()
458527 user_account_closed .send (user )
459- # force 'delete' user
528+ emit (
529+ AuthEventType .USER_ANONYMIZED ,
530+ ** actor_context (),
531+ target_id = str (user .id ),
532+ target_email = user .email ,
533+ )
460534 user .anonymize ()
535+ db .session .info .pop ("audit_skip_user_update" , None )
461536 return "" , 204
462537
463538
0 commit comments