Skip to content

Commit

Permalink
fix client ip not showing in audit log for sso logon and disable some…
Browse files Browse the repository at this point in the history
… unused urls and settings
  • Loading branch information
sadnub committed Oct 22, 2024
1 parent c6ff060 commit 519c368
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 23 deletions.
19 changes: 5 additions & 14 deletions api/tacticalrmm/ee/sso/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@

from django.urls import path, include, re_path
from allauth.socialaccount.providers.openid_connect.views import callback
from allauth.headless.socialaccount.views import (
RedirectToProviderView,
ManageProvidersView,
)
from allauth.headless.socialaccount.views import RedirectToProviderView
from allauth.headless.base.views import ConfigView

from . import views
Expand All @@ -31,6 +28,7 @@
path("ssoproviders/<int:pk>/", views.GetUpdateDeleteSSOProvider.as_view()),
path("ssoproviders/token/", views.GetAccessToken.as_view()),
path("ssoproviders/settings/", views.GetUpdateSSOSettings.as_view()),
path("ssoproviders/account/", views.DisconnectSSOAccount.as_view())
]

allauth_urls = [
Expand All @@ -40,7 +38,7 @@
(
[
path(
"config",
"config/",
ConfigView.as_api_view(client="browser"),
name="config",
),
Expand All @@ -50,19 +48,12 @@
(
[
path(
"auth/provider/redirect",
"auth/provider/redirect/",
RedirectToProviderView.as_api_view(
client="browser"
),
name="redirect_to_provider",
),
path(
"providers",
ManageProvidersView.as_api_view(
client="browser"
),
name="manage_providers",
),
)
],
"headless",
),
Expand Down
22 changes: 17 additions & 5 deletions api/tacticalrmm/ee/sso/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

import re

from allauth.socialaccount.models import SocialApp
from allauth.socialaccount.models import SocialApp, SocialAccount
from django.contrib.auth import logout
from django.shortcuts import get_object_or_404
from knox.views import LoginView as KnoxLoginView
Expand Down Expand Up @@ -124,6 +124,17 @@ def delete(self, request, pk):
return Response("ok")


class DisconnectSSOAccount(APIView):
permission_classes = [IsAuthenticated, AccountsPerms]

def delete(self, request):
account = get_object_or_404(SocialAccount, uid=request.data["account"], provider=request.data["provider"])

account.delete()

return Response("ok")


class GetAccessToken(KnoxLoginView):
permission_classes = [IsAuthenticated, SSOLoginPerms]
authentication_classes = [SessionAuthentication]
Expand Down Expand Up @@ -151,16 +162,17 @@ def post(self, request, format=None):
else:
response.data["name"] = None

AuditLog.audit_user_login_successful_sso(
request.user.username, login_method["provider"], login_method
)

# log ip
ipw = IpWare()
client_ip, _ = ipw.get_client_ip(request.META)
if client_ip:
request.user.last_login_ip = str(client_ip)
request.user.save(update_fields=["last_login_ip"])
login_method["ip"] = str(client_ip)

AuditLog.audit_user_login_successful_sso(
request.user.username, login_method["provider"], login_method
)

# invalid user session since we have an access token now
logout(request)
Expand Down
10 changes: 6 additions & 4 deletions api/tacticalrmm/tacticalrmm/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,6 @@
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.staticfiles",
"django.contrib.messages",
"channels",
"rest_framework",
"rest_framework.authtoken",
Expand Down Expand Up @@ -237,7 +236,6 @@
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"tacticalrmm.middleware.AuditMiddleware",
"allauth.account.middleware.AccountMiddleware",
]
Expand All @@ -255,8 +253,12 @@
MIDDLEWARE.insert(0, "silk.middleware.SilkyMiddleware")

if ADMIN_ENABLED:
INSTALLED_APPS += ("django.contrib.admin",)

MIDDLEWARE += ("django.contrib.messages.middleware.MessageMiddleware",)
INSTALLED_APPS += (
"django.contrib.admin",
"django.contrib.messages",
)

if DEMO:
MIDDLEWARE += ("tacticalrmm.middleware.DemoMiddleware",)

Expand Down

0 comments on commit 519c368

Please sign in to comment.