262 lines
8.1 KiB
Python
262 lines
8.1 KiB
Python
# authentic2 - versatile identity manager
|
|
# Copyright (C) 2010-2020 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
from authentic2.custom_user.models import get_attributes_map
|
|
from authentic2.apps.journal.models import EventTypeDefinition
|
|
from authentic2.apps.journal.utils import form_to_old_new
|
|
from authentic2.custom_user.models import User
|
|
|
|
from . import models
|
|
|
|
|
|
class EventTypeWithService(EventTypeDefinition):
|
|
@classmethod
|
|
def record(cls, user=None, service=None, session=None, references=None, data=None):
|
|
if service:
|
|
if not data:
|
|
data = {}
|
|
data['service_name'] = str(service)
|
|
if not references:
|
|
references = []
|
|
references = [service] + references
|
|
super().record(user=user, session=session, references=references, data=data)
|
|
|
|
@classmethod
|
|
def get_service_name(self, event):
|
|
(service,) = event.get_typed_references(models.Service)
|
|
if service is not None:
|
|
return str(service)
|
|
if 'service_name' in event.data:
|
|
return event.data['service_name']
|
|
return ''
|
|
|
|
|
|
def login_method_label(how):
|
|
if how.startswith('password'):
|
|
return _('password')
|
|
elif how == 'fc':
|
|
return 'FranceConnect'
|
|
elif how == 'saml':
|
|
return 'SAML'
|
|
elif how == 'oidc':
|
|
return 'OpenIDConnect'
|
|
elif how:
|
|
return how
|
|
else:
|
|
return _('none')
|
|
|
|
|
|
def get_attributes_label(attributes_new_values):
|
|
attributes_map = get_attributes_map()
|
|
for name in attributes_new_values:
|
|
if name in ('email', 'first_name', 'last_name'):
|
|
yield str(User._meta.get_field(name).verbose_name)
|
|
else:
|
|
if name in attributes_map:
|
|
yield attributes_map[name].label
|
|
else:
|
|
yield name
|
|
|
|
|
|
class UserLogin(EventTypeWithService):
|
|
name = 'user.login'
|
|
label = _('login')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service, how):
|
|
super().record(user=user, session=session, service=service, data={'how': how})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
how = event.get_data('how')
|
|
return _('login using {method}').format(method=login_method_label(how))
|
|
|
|
|
|
class UserLoginFailure(EventTypeWithService):
|
|
name = 'user.login.failure'
|
|
label = _('login failure')
|
|
|
|
@classmethod
|
|
def record(cls, service, username):
|
|
super().record(service=service, data={'username': username})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
username = event.get_data('username')
|
|
return _('login failure with username "{username}"').format(username=username)
|
|
|
|
|
|
class UserRegistrationRequest(EventTypeDefinition):
|
|
name = 'user.registration.request'
|
|
label = _('registration request')
|
|
|
|
@classmethod
|
|
def record(cls, email):
|
|
super().record(data={'email': email.lower()})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
email = event.get_data('email')
|
|
return _('registration request with email "%s"') % email
|
|
|
|
|
|
class UserRegistration(EventTypeWithService):
|
|
name = 'user.registration'
|
|
label = _('registration')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service, how):
|
|
super().record(user=user, session=session, service=service, data={'how': how})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
how = event.get_data('how')
|
|
return _('registration using {method}').format(method=login_method_label(how))
|
|
|
|
|
|
class UserLogout(EventTypeWithService):
|
|
name = 'user.logout'
|
|
label = _('logout')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service):
|
|
super().record(user=user, session=session, service=service)
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
return _('logout')
|
|
|
|
|
|
class UserRequestPasswordReset(EventTypeDefinition):
|
|
name = 'user.password.reset.request'
|
|
label = _('password reset request')
|
|
|
|
@classmethod
|
|
def record(cls, user, email):
|
|
super().record(user=user, data={'email': email.lower()})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
email = event.get_data('email')
|
|
if email:
|
|
return _('password reset request with email "%s"') % email
|
|
return super().get_message(event, context)
|
|
|
|
|
|
class UserResetPassword(EventTypeDefinition):
|
|
name = 'user.password.reset'
|
|
label = _('password reset')
|
|
|
|
@classmethod
|
|
def record(cls, user, session):
|
|
super().record(user=user, session=session)
|
|
|
|
|
|
class UserResetPasswordFailure(EventTypeDefinition):
|
|
name = 'user.password.reset.failure'
|
|
label = _('password reset failure')
|
|
|
|
@classmethod
|
|
def record(cls, email):
|
|
super().record(data={'email': email})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
email = event.get_data('email')
|
|
if email:
|
|
return _('password reset failure with email "%s"') % email
|
|
return super().get_message(event, context)
|
|
|
|
|
|
class UserChangePassword(EventTypeWithService):
|
|
name = 'user.password.change'
|
|
label = _('password change')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service):
|
|
super().record(user=user, session=session, service=service)
|
|
|
|
|
|
class UserEdit(EventTypeWithService):
|
|
name = 'user.profile.edit'
|
|
label = _('profile edit')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service, form):
|
|
data = form_to_old_new(form)
|
|
super().record(user=user, session=session, service=service, data=data)
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
new = event.get_data('new')
|
|
if new:
|
|
edited_attributes = ', '.join(get_attributes_label(new))
|
|
return _('profile edit (%s)') % edited_attributes
|
|
return super().get_message(event, context)
|
|
|
|
|
|
class UserDeletion(EventTypeWithService):
|
|
name = 'user.deletion'
|
|
label = _('user deletion')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service):
|
|
super().record(user=user, session=session, service=service)
|
|
|
|
|
|
class UserServiceSSO(EventTypeWithService):
|
|
name = 'user.service.sso'
|
|
label = _('service single sign on')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service, how):
|
|
super().record(user=user, session=session, service=service, data={'how': how})
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
service_name = cls.get_service_name(event)
|
|
return _('service single sign on with "{service}"').format(service=service_name)
|
|
|
|
|
|
class UserServiceSSOAuthorization(EventTypeWithService):
|
|
name = 'user.service.sso.authorization'
|
|
label = _('consent to single sign on')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service, **kwargs):
|
|
super().record(user=user, session=session, service=service, data=kwargs)
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
service_name = cls.get_service_name(event)
|
|
return _('authorization of single sign on with "{service}"').format(service=service_name)
|
|
|
|
|
|
class UserServiceSSOUnauthorization(EventTypeWithService):
|
|
name = 'user.service.sso.unauthorization'
|
|
label = _('remove consent to single sign on')
|
|
|
|
@classmethod
|
|
def record(cls, user, session, service):
|
|
super().record(user=user, session=session, service=service)
|
|
|
|
@classmethod
|
|
def get_message(cls, event, context):
|
|
service_name = cls.get_service_name(event)
|
|
return _('unauthorization of single sign on with "{service}"').format(service=service_name)
|