entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

misc: store the source of password authentication in user.login event (#89627)
gitea/authentic/pipeline/head This commit looks good Details

This commit is contained in:
Benjamin Dauvergne 2024-04-16 18:29:01 +02:00
parent 9628e13992
commit 0d18120314
3 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/authentic2/journal_event_types.py
View File

@ -51,8 +51,10 @@ class EventTypeWithService(EventTypeDefinition):
class EventTypeWithHow(EventTypeWithService):
@classmethod
def record(cls, *, user, session, service, how):
super().record(user=user, session=session, service=service, data={'how': how})
def record(cls, *, user, session, service, how, data=None):
data = data or {}
data['how'] = how
super().record(user=user, session=session, service=service, data=data)
@classmethod
def get_method_statistics(
@ -150,10 +152,23 @@ class UserLogin(EventTypeWithHow):
name = 'user.login'
label = _('login')
@classmethod
def record(cls, *, user, session, service, how, source=None, data=None):
data = data or {}
if source:
data['source'] = source
super().record(user=user, session=session, service=service, how=how, data=data)
@classmethod
def get_message(cls, event, context):
how = event.get_data('how')
return _('login using {method}').format(method=login_method_label(how))
source = event.get_data('source')
if source:
return _('login using {method} coming from {source}').format(
method=login_method_label(how), source=source
)
else:
return _('login using {method}').format(method=login_method_label(how))
class UserLoginFailure(EventTypeWithService):

4
src/authentic2/utils/misc.py
View File

@ -462,7 +462,7 @@ def last_authentication_event(request=None, session=None):
return None
def login(request, user, how, nonce=None, record=True, next_url=None, **kwargs):
def login(request, user, how, nonce=None, record=True, next_url=None, source=None, **kwargs):
"""Login a user model, record the authentication event and redirect to next
URL or settings.LOGIN_REDIRECT_URL."""
from . import hooks
@ -482,7 +482,7 @@ def login(request, user, how, nonce=None, record=True, next_url=None, **kwargs):
if 'login-hint' in request.session:
del request.session['login-hint']
if record:
request.journal.record('user.login', how=how)
request.journal.record('user.login', how=how, source=source)
return continue_to_next_url(request, next_url=next_url, **kwargs)

8
src/authentic2/views.py
View File

@ -49,6 +49,7 @@ from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateVi
from ratelimit.utils import is_ratelimited
from authentic2.a2_rbac.models import Role
from authentic2.backends.ldap_backend import LDAPUser
from authentic2.custom_user.models import iter_attributes
from authentic2.forms import authentication as authentication_forms
from authentic2_idp_oidc.models import OIDCAuthorization
@ -1010,7 +1011,12 @@ def login_password_login(request, authenticator, *args, **kwargs):
if form.cleaned_data.get('remember_me'):
request.session['remember_me'] = True
request.session.set_expiry(authenticator.remember_me)
response = utils_misc.login(request, form.get_user(), how)
user = form.get_user()
if isinstance(user, LDAPUser):
source = _('LDAP directory')
else:
source = _('local directory')
response = utils_misc.login(request, user, how=how, source=source)
if 'ou' in form.fields:
utils_misc.prepend_remember_cookie(
request, response, 'preferred-ous', form.cleaned_data['ou'].pk