##// END OF EJS Templates
security: update lastactivity when on audit logs....
marcink -
r2930:a5198975 default
parent child
Show More
Add another comment
@@ -208,6 +208,7
208
208
209 # register our auth-user
209 # register our auth-user
210 request.rpc_user = auth_u
210 request.rpc_user = auth_u
211 request.environ['rc_auth_user_id'] = auth_u.user_id
211
212
212 # now check if token is valid for API
213 # now check if token is valid for API
213 auth_token = request.rpc_api_key
214 auth_token = request.rpc_api_key
@@ -76,6 +76,8
76 'user': ret
76 'user': ret
77 }
77 }
78 expected = ret
78 expected = ret
79 expected['user']['last_activity'] = response.json['result']['user'][
80 'last_activity']
79 assert_ok(id_, expected, given=response.body)
81 assert_ok(id_, expected, given=response.body)
80
82
81 def test_api_update_user_by_user_id(self):
83 def test_api_update_user_by_user_id(self):
@@ -91,6 +93,8
91 'user': ret
93 'user': ret
92 }
94 }
93 expected = ret
95 expected = ret
96 expected['user']['last_activity'] = response.json['result']['user'][
97 'last_activity']
94 assert_ok(id_, expected, given=response.body)
98 assert_ok(id_, expected, given=response.body)
95
99
96 def test_api_update_user_default_user(self):
100 def test_api_update_user_default_user(self):
@@ -25,13 +25,13
25 import tempfile
25 import tempfile
26
26
27 from paste.gzipper import make_gzip_middleware
27 from paste.gzipper import make_gzip_middleware
28 import pyramid.events
28 from pyramid.wsgi import wsgiapp
29 from pyramid.wsgi import wsgiapp
29 from pyramid.authorization import ACLAuthorizationPolicy
30 from pyramid.authorization import ACLAuthorizationPolicy
30 from pyramid.config import Configurator
31 from pyramid.config import Configurator
31 from pyramid.settings import asbool, aslist
32 from pyramid.settings import asbool, aslist
32 from pyramid.httpexceptions import (
33 from pyramid.httpexceptions import (
33 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
34 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
34 from pyramid.events import ApplicationCreated
35 from pyramid.renderers import render_to_response
35 from pyramid.renderers import render_to_response
36
36
37 from rhodecode.model import meta
37 from rhodecode.model import meta
@@ -39,6 +39,7
39 from rhodecode.config import utils as config_utils
39 from rhodecode.config import utils as config_utils
40 from rhodecode.config.environment import load_pyramid_environment
40 from rhodecode.config.environment import load_pyramid_environment
41
41
42 import rhodecode.events
42 from rhodecode.lib.middleware.vcs import VCSMiddleware
43 from rhodecode.lib.middleware.vcs import VCSMiddleware
43 from rhodecode.lib.request import Request
44 from rhodecode.lib.request import Request
44 from rhodecode.lib.vcs import VCSCommunicationError
45 from rhodecode.lib.vcs import VCSCommunicationError
@@ -268,11 +269,14
268 settings['default_locale_name'] = settings.get('lang', 'en')
269 settings['default_locale_name'] = settings.get('lang', 'en')
269
270
270 # Add subscribers.
271 # Add subscribers.
271 config.add_subscriber(inject_app_settings, ApplicationCreated)
272 config.add_subscriber(inject_app_settings,
272 config.add_subscriber(scan_repositories_if_enabled, ApplicationCreated)
273 pyramid.events.ApplicationCreated)
273 config.add_subscriber(write_metadata_if_needed, ApplicationCreated)
274 config.add_subscriber(scan_repositories_if_enabled,
274 config.add_subscriber(write_js_routes_if_enabled, ApplicationCreated)
275 pyramid.events.ApplicationCreated)
275
276 config.add_subscriber(write_metadata_if_needed,
277 pyramid.events.ApplicationCreated)
278 config.add_subscriber(write_js_routes_if_enabled,
279 pyramid.events.ApplicationCreated)
276
280
277 # request custom methods
281 # request custom methods
278 config.add_request_method(
282 config.add_request_method(
@@ -32,9 +32,11
32 # For the first step we are using pyramids thread locals here. If the
32 # For the first step we are using pyramids thread locals here. If the
33 # event mechanism works out as a good solution we should think about
33 # event mechanism works out as a good solution we should think about
34 # passing the registry as an argument to get rid of it.
34 # passing the registry as an argument to get rid of it.
35 event_name = event.__class__
36 log.debug('event %s sent for execution', event_name)
35 registry = registry or get_current_registry()
37 registry = registry or get_current_registry()
36 registry.notify(event)
38 registry.notify(event)
37 log.debug('event %s triggered using registry %s', event.__class__, registry)
39 log.debug('event %s triggered using registry %s', event_name, registry)
38
40
39 # Send the events to integrations directly
41 # Send the events to integrations directly
40 from rhodecode.integrations import integrations_event_handler
42 from rhodecode.integrations import integrations_event_handler
@@ -241,20 +241,24
241 action_name = safe_unicode(action)
241 action_name = safe_unicode(action)
242 ip_address = safe_unicode(ip_addr)
242 ip_address = safe_unicode(ip_addr)
243
243
244 user_log = _store_log(
244 with sa_session.no_autoflush:
245 action_name=action_name,
245 update_user_last_activity(sa_session, user_id)
246 action_data=action_data or {},
247 user_id=user_id,
248 username=username,
249 user_data=user_data or {},
250 ip_address=ip_address,
251 repository_id=repository_id,
252 repository_name=repository_name
253 )
254
246
255 sa_session.add(user_log)
247 user_log = _store_log(
256 if commit:
248 action_name=action_name,
257 sa_session.commit()
249 action_data=action_data or {},
250 user_id=user_id,
251 username=username,
252 user_data=user_data or {},
253 ip_address=ip_address,
254 repository_id=repository_id,
255 repository_name=repository_name
256 )
257
258 sa_session.add(user_log)
259
260 if commit:
261 sa_session.commit()
258
262
259 entry_id = user_log.entry_id or ''
263 entry_id = user_log.entry_id or ''
260 log.info('AUDIT[%s]: Logging action: `%s` by user:id:%s[%s] ip:%s',
264 log.info('AUDIT[%s]: Logging action: `%s` by user:id:%s[%s] ip:%s',
@@ -262,3 +266,14
262
266
263 except Exception:
267 except Exception:
264 log.exception('AUDIT: failed to store audit log')
268 log.exception('AUDIT: failed to store audit log')
269
270
271 def update_user_last_activity(sa_session, user_id):
272 _last_activity = datetime.datetime.now()
273 try:
274 sa_session.query(User).filter(User.user_id == user_id).update(
275 {"last_activity": _last_activity})
276 log.debug(
277 'updated user `%s` last activity to:%s', user_id, _last_activity)
278 except Exception:
279 log.exception("Failed last activity update")
@@ -521,6 +521,7
521 if not self.valid_and_active_user(user):
521 if not self.valid_and_active_user(user):
522 return HTTPForbidden()(environ, start_response)
522 return HTTPForbidden()(environ, start_response)
523 username = user.username
523 username = user.username
524 user_id = user.user_id
524
525
525 # check user attributes for password change flag
526 # check user attributes for password change flag
526 user_obj = user
527 user_obj = user
@@ -536,6 +537,7
536 plugin, plugin_cache_active, cache_ttl)
537 plugin, plugin_cache_active, cache_ttl)
537 if not perm:
538 if not perm:
538 return HTTPForbidden()(environ, start_response)
539 return HTTPForbidden()(environ, start_response)
540 environ['rc_auth_user_id'] = user_id
539
541
540 # extras are injected into UI object and later available
542 # extras are injected into UI object and later available
541 # in hooks executed by RhodeCode
543 # in hooks executed by RhodeCode
@@ -931,12 +931,6
931 Session().add(self)
931 Session().add(self)
932 log.debug('updated user %s lastlogin', self.username)
932 log.debug('updated user %s lastlogin', self.username)
933
933
934 def update_lastactivity(self):
935 """Update user lastactivity"""
936 self.last_activity = datetime.datetime.now()
937 Session().add(self)
938 log.debug('updated user `%s` last activity', self.username)
939
940 def update_password(self, new_password):
934 def update_password(self, new_password):
941 from rhodecode.lib.auth import get_crypt_password
935 from rhodecode.lib.auth import get_crypt_password
942
936
@@ -100,6 +100,7
100 auth_user = get_auth_user(request)
100 auth_user = get_auth_user(request)
101 request.user = auth_user
101 request.user = auth_user
102 request.environ['rc_auth_user'] = auth_user
102 request.environ['rc_auth_user'] = auth_user
103 request.environ['rc_auth_user_id'] = auth_user.user_id
103 request.environ['rc_req_id'] = req_id
104 request.environ['rc_req_id'] = req_id
104
105
105
106
General Comments 0
You need to be logged in to leave comments. Login now