misc: store the source of password authentication in user.login event (#89627)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
9628e13992
commit
0d18120314
|
@ -51,8 +51,10 @@ class EventTypeWithService(EventTypeDefinition):
|
|||
|
||||
class EventTypeWithHow(EventTypeWithService):
|
||||
@classmethod
|
||||
def record(cls, *, user, session, service, how):
|
||||
super().record(user=user, session=session, service=service, data={'how': how})
|
||||
def record(cls, *, user, session, service, how, data=None):
|
||||
data = data or {}
|
||||
data['how'] = how
|
||||
super().record(user=user, session=session, service=service, data=data)
|
||||
|
||||
@classmethod
|
||||
def get_method_statistics(
|
||||
|
@ -150,10 +152,23 @@ class UserLogin(EventTypeWithHow):
|
|||
name = 'user.login'
|
||||
label = _('login')
|
||||
|
||||
@classmethod
|
||||
def record(cls, *, user, session, service, how, source=None, data=None):
|
||||
data = data or {}
|
||||
if source:
|
||||
data['source'] = source
|
||||
super().record(user=user, session=session, service=service, how=how, data=data)
|
||||
|
||||
@classmethod
|
||||
def get_message(cls, event, context):
|
||||
how = event.get_data('how')
|
||||
return _('login using {method}').format(method=login_method_label(how))
|
||||
source = event.get_data('source')
|
||||
if source:
|
||||
return _('login using {method} coming from {source}').format(
|
||||
method=login_method_label(how), source=source
|
||||
)
|
||||
else:
|
||||
return _('login using {method}').format(method=login_method_label(how))
|
||||
|
||||
|
||||
class UserLoginFailure(EventTypeWithService):
|
||||
|
|
|
@ -462,7 +462,7 @@ def last_authentication_event(request=None, session=None):
|
|||
return None
|
||||
|
||||
|
||||
def login(request, user, how, nonce=None, record=True, next_url=None, **kwargs):
|
||||
def login(request, user, how, nonce=None, record=True, next_url=None, source=None, **kwargs):
|
||||
"""Login a user model, record the authentication event and redirect to next
|
||||
URL or settings.LOGIN_REDIRECT_URL."""
|
||||
from . import hooks
|
||||
|
@ -482,7 +482,7 @@ def login(request, user, how, nonce=None, record=True, next_url=None, **kwargs):
|
|||
if 'login-hint' in request.session:
|
||||
del request.session['login-hint']
|
||||
if record:
|
||||
request.journal.record('user.login', how=how)
|
||||
request.journal.record('user.login', how=how, source=source)
|
||||
return continue_to_next_url(request, next_url=next_url, **kwargs)
|
||||
|
||||
|
||||
|
|
|
@ -49,6 +49,7 @@ from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateVi
|
|||
from ratelimit.utils import is_ratelimited
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
from authentic2.backends.ldap_backend import LDAPUser
|
||||
from authentic2.custom_user.models import iter_attributes
|
||||
from authentic2.forms import authentication as authentication_forms
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization
|
||||
|
@ -1010,7 +1011,12 @@ def login_password_login(request, authenticator, *args, **kwargs):
|
|||
if form.cleaned_data.get('remember_me'):
|
||||
request.session['remember_me'] = True
|
||||
request.session.set_expiry(authenticator.remember_me)
|
||||
response = utils_misc.login(request, form.get_user(), how)
|
||||
user = form.get_user()
|
||||
if isinstance(user, LDAPUser):
|
||||
source = _('LDAP directory')
|
||||
else:
|
||||
source = _('local directory')
|
||||
response = utils_misc.login(request, user, how=how, source=source)
|
||||
if 'ou' in form.fields:
|
||||
utils_misc.prepend_remember_cookie(
|
||||
request, response, 'preferred-ous', form.cleaned_data['ou'].pk
|
||||
|
|
Loading…
Reference in New Issue