def test_create_audit_event_separate_secrets():
secret = SecretFactory()
secret2 = SecretFactory()
user = UserFactory()
create_audit_event(
user,
Actions.view_secret,
description="I viewed a secret",
secret=secret,
report_once=True,
)
create_audit_event(
user,
Actions.view_secret,
description="I viewed another secret",
secret=secret2,
report_once=True,
)
assert Audit.objects.count() == 2
audit = Audit.objects.last()
assert audit.timestamp == timezone.now()
assert audit.description == "I viewed another secret"
def form_valid(self, form):
messages.info(self.request, "Secret updated")
create_audit_event(self.request.user,
Actions.update_secret,
secret=self.get_object())
return super().form_valid(form)
def get(self, request, *args, **kwargs):
create_audit_event(
self.request.user,
Actions.view_secret,
secret=self.get_object(),
report_once=True,
)
return super().get(request, *args, **kwargs)
def delete(self, request, *args, **kwargs):
self.object.mfa_string = ""
self.object.save()
create_audit_event(self.request.user,
Actions.delete_mfa,
secret=self.object)
messages.info(request, "MFA client removed")
return redirect(self.get_success_url())
def form_valid(self, form):
self.object.mfa_string = form.cleaned_data["mfa_string"]
self.object.save()
create_audit_event(self.request.user,
Actions.setup_mfa,
secret=self.object)
messages.info(self.request, "MFA client successfully set-up")
http_response = super().form_valid(form)
return http_response
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["tab"] = "mfa"
create_audit_event(
self.request.user,
Actions.generate_mfa_token,
secret=context["object"],
report_once=True,
)
return context
def form_valid(self, form):
messages.info(self.request, "Secret created")
http_response = super().form_valid(form)
# give the user edit permissions
assign_perm(EDIT_SECRET_PERMISSION, self.request.user, self.object)
assign_perm(VIEW_SECRET_PERMISSION, self.request.user, self.object)
create_audit_event(self.request.user,
Actions.create_secret,
secret=self.object)
return http_response
def test_create_audit_event():
user = UserFactory()
create_audit_event(user,
Actions.view_secret,
description="I viewed a secret",
secret=None)
audit = Audit.objects.first()
assert audit.timestamp == timezone.now()
assert audit.user == user
assert audit.action == Actions.view_secret.name
assert audit.description == "I viewed a secret"
assert not audit.secret
def test_create_audit_event_recurring():
user = UserFactory()
create_audit_event(user,
Actions.view_secret,
description="I viewed a secret",
secret=None)
assert Audit.objects.count() == 1
create_audit_event(user,
Actions.view_secret,
description="I viewed a secret",
secret=None)
assert Audit.objects.count() == 2
def post(self, request, *args, **kwargs):
object_type, target = self.get_target_object()
if not target:
return self.redirect_to_permissions_list(messages.ERROR,
"Invalid parameters")
self.get_object().remove_permissions(target)
create_audit_event(
self.request.user,
Actions.remove_permission,
secret=self.get_object(),
description=f"Access removed for {target}",
)
return self.redirect_to_permissions_list(
messages.INFO, f"Access removed for {target}")
def form_valid(self, form):
secret = Secret.objects.get(pk=self.kwargs["pk"])
http_response = super().form_valid(form)
target = form.cleaned_data.get("user", form.cleaned_data.get("group"))
assert target
secret.set_permission(target, form.cleaned_data["permission"])
create_audit_event(
self.request.user,
Actions.add_permission,
secret=secret,
description=
f'Permission level to set {form.cleaned_data["permission"]} for {target}',
)
messages.info(self.request, f"Permissions updated for {target}")
return http_response
def test_create_audit_event_report_once(settings, freezer):
user = UserFactory()
create_audit_event(
user,
Actions.view_secret,
description="I viewed a secret",
secret=None,
report_once=True,
)
assert Audit.objects.count() == 1
create_audit_event(
user,
Actions.view_secret,
description="I viewed another secret",
secret=None,
report_once=True,
)
assert Audit.objects.count() == 1
# different action - so it should be created
create_audit_event(
user,
Actions.create_secret,
description="I created a secret",
secret=None,
report_once=True,
)
freezer.move_to(dt.datetime.now() + dt.timedelta(
minutes=settings.AUDIT_EVENT_REPEAT_AFTER_MINUTES + 5))
create_audit_event(
user,
Actions.view_secret,
description="I viewed another secret",
secret=None,
report_once=True,
)
assert Audit.objects.count() == 3