コード例 #1
0
ファイル: auth.py プロジェクト: R0B3RDV/privacyidea
def before_request():
    """
    This is executed before the request
    """
    request.all_data = get_all_params(request.values, request.data)
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # access_route contains the ip adresses of all clients, hops and proxies.
    g.client_ip = get_client_ip(request,
                                get_from_config(SYSCONF.OVERRIDECLIENT))
    g.audit_object.log({
        "success":
        False,
        "client":
        g.client_ip,
        "client_user_agent":
        request.user_agent.browser,
        "privacyidea_server":
        privacyidea_server,
        "action":
        "{0!s} {1!s}".format(request.method, request.url_rule),
        "action_detail":
        "",
        "info":
        ""
    })
コード例 #2
0
def before_request():
    """
    This is executed before the request.

    user_required checks if there is a logged in admin or user

    The checks for ONLY admin are preformed in api/system.py
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    request.all_data = get_all_params(request.values, request.data)

    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    g.event_config = EventConfiguration()
    # access_route contains the ip adresses of all clients, hops and proxies.
    g.client_ip = request.access_route[0] if request.access_route else \
        request.remote_addr
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    # Already get some typical parameters to log
    serial = getParam(request.all_data, "serial")
    realm = getParam(request.all_data, "realm")
    user_loginname = ""
    if "blueprint_token" in request.endpoint:
        # In case of token endpoint we evaluate the user in the request.
        # Note: In policy-endpoint "user" is part of the policy configuration
        #  and will cause an exception
        user = get_user_from_param(request.all_data)
        user_loginname = user.login
        realm = user.realm or realm

    g.audit_object.log({"success": False,
                        "serial": serial,
                        "user": user_loginname,
                        "realm": realm,
                        "client": g.client_ip,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": privacyidea_server,
                        "action": "{0!s} {1!s}".format(request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})

    if g.logged_in_user.get("role") == "user":
        # A user is calling this API
        # In case the token API is called by the user and not by the admin we
        #  need to restrict the token view.
        CurrentUser = get_user_from_param({"user":
                                               g.logged_in_user.get(
                                                   "username"),
                                           "realm": g.logged_in_user.get(
                                               "realm")})
        request.all_data["user"] = CurrentUser.login
        request.all_data["resolver"] = CurrentUser.resolver
        request.all_data["realm"] = CurrentUser.realm
        g.audit_object.log({"user": CurrentUser.login,
                            "realm": CurrentUser.realm})
    else:
        # An administrator is calling this API
        g.audit_object.log({"administrator": g.logged_in_user.get("username")})
コード例 #3
0
ファイル: auth.py プロジェクト: tuxmartin/privacyidea
def before_request():
    """
    This is executed before the request
    """
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # We can add logic to use X-Forwarded-For
    g.client_ip = request.remote_addr
    g.audit_object.log({
        "success":
        False,
        "client":
        g.client_ip,
        "client_user_agent":
        request.user_agent.browser,
        "privacyidea_server":
        privacyidea_server,
        "action":
        "{0!s} {1!s}".format(request.method, request.url_rule),
        "action_detail":
        "",
        "info":
        ""
    })
    request.all_data = get_all_params(request.values, request.data)
コード例 #4
0
ファイル: before_after.py プロジェクト: runt18/privacyidea
def before_request():
    """
    This is executed before the request.

    user_required checks if there is a logged in admin or user

    The checks for ONLY admin are preformed in api/system.py
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    request.all_data = get_all_params(request.values, request.data)

    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # We can add logic to use X-Forwarded-For
    g.client_ip = request.remote_addr
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    # Already get some typical parameters to log
    serial = getParam(request.all_data, "serial")
    realm = getParam(request.all_data, "realm")
    user = get_user_from_param(request.all_data)
    # log it
    g.audit_object.log({"success": False,
                        "serial": serial,
                        "user": user.login,
                        "realm": user.realm or realm,
                        "client": g.client_ip,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": privacyidea_server,
                        "action": "{0!s} {1!s}".format(request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})

    if g.logged_in_user.get("role") == "user":
        # A user is calling this API
        # In case the token API is called by the user and not by the admin we
        #  need to restrict the token view.
        CurrentUser = get_user_from_param({"user":
                                               g.logged_in_user.get(
                                                   "username"),
                                           "realm": g.logged_in_user.get(
                                               "realm")})
        request.all_data["user"] = CurrentUser.login
        request.all_data["resolver"] = CurrentUser.resolver
        request.all_data["realm"] = CurrentUser.realm
        g.audit_object.log({"user": CurrentUser.login,
                            "realm": CurrentUser.realm})
    else:
        # An administrator is calling this API
        g.audit_object.log({"administrator": g.logged_in_user.get("username")})
コード例 #5
0
def before_request():
    """
    This is executed before the request
    """
    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    g.audit_object.log({"success": False,
                        "client": request.remote_addr,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": request.host,
                        "action": "%s %s" % (request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})
    request.all_data = get_all_params(request.values, request.data)
コード例 #6
0
def before_request():
    """
    This is executed before the request.

    user_required checks if there is a logged in admin or user

    The checks for ONLY admin are preformed in api/system.py
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    request.all_data = get_all_params(request.values, request.data)

    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # Already get some typical parameters to log
    serial = getParam(request.all_data, "serial")
    realm = getParam(request.all_data, "realm")
    # log it
    g.audit_object.log({
        "success": False,
        "serial": serial,
        "realm": realm,
        "client": request.remote_addr,
        "client_user_agent": request.user_agent.browser,
        "privacyidea_server": request.host,
        "action": "%s %s" % (request.method, request.url_rule),
        "action_detail": "",
        "info": ""
    })

    if g.logged_in_user.get("role") == "user":
        # A user is calling this API
        # In case the token API is called by the user and not by the admin we
        #  need to restrict the token view.
        CurrentUser = get_user_from_param({
            "user":
            g.logged_in_user.get("username"),
            "realm":
            g.logged_in_user.get("realm")
        })
        request.all_data["user"] = CurrentUser.login
        request.all_data["resolver"] = CurrentUser.resolver
        request.all_data["realm"] = CurrentUser.realm
        g.audit_object.log({
            "user": CurrentUser.login,
            "realm": CurrentUser.realm
        })
    else:
        # An administrator is calling this API
        g.audit_object.log({"administrator": g.logged_in_user.get("username")})
コード例 #7
0
ファイル: auth.py プロジェクト: tuxmartin/privacyidea
def before_request():
    """
    This is executed before the request
    """
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # We can add logic to use X-Forwarded-For
    g.client_ip = request.remote_addr
    g.audit_object.log({"success": False,
                        "client": g.client_ip,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": privacyidea_server,
                        "action": "{0!s} {1!s}".format(request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})
    request.all_data = get_all_params(request.values, request.data)
コード例 #8
0
ファイル: auth.py プロジェクト: DINKIN/privacyidea
def before_request():
    """
    This is executed before the request
    """
    request.all_data = get_all_params(request.values, request.data)
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # access_route contains the ip adresses of all clients, hops and proxies.
    g.client_ip = get_client_ip(request,
                                get_from_config(SYSCONF.OVERRIDECLIENT))
    g.audit_object.log({"success": False,
                        "client": g.client_ip,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": privacyidea_server,
                        "action": "{0!s} {1!s}".format(request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})
コード例 #9
0
ファイル: before_after.py プロジェクト: tuxmartin/privacyidea
def before_request():
    """
    This is executed before the request.

    user_required checks if there is a logged in admin or user

    The checks for ONLY admin are preformed in api/system.py
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    request.all_data = get_all_params(request.values, request.data)

    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    # We can add logic to use X-Forwarded-For
    g.client_ip = request.remote_addr
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    # Already get some typical parameters to log
    serial = getParam(request.all_data, "serial")
    realm = getParam(request.all_data, "realm")
    user_loginname = ""
    if "blueprint_token" in request.endpoint:
        # In case of token endpoint we evaluate the user in the request.
        # Note: In policy-endpoint "user" is part of the policy configuration
        #  and will cause an exception
        user = get_user_from_param(request.all_data)
        user_loginname = user.login
        realm = user.realm or realm

    g.audit_object.log({
        "success":
        False,
        "serial":
        serial,
        "user":
        user_loginname,
        "realm":
        realm,
        "client":
        g.client_ip,
        "client_user_agent":
        request.user_agent.browser,
        "privacyidea_server":
        privacyidea_server,
        "action":
        "{0!s} {1!s}".format(request.method, request.url_rule),
        "action_detail":
        "",
        "info":
        ""
    })

    if g.logged_in_user.get("role") == "user":
        # A user is calling this API
        # In case the token API is called by the user and not by the admin we
        #  need to restrict the token view.
        CurrentUser = get_user_from_param({
            "user":
            g.logged_in_user.get("username"),
            "realm":
            g.logged_in_user.get("realm")
        })
        request.all_data["user"] = CurrentUser.login
        request.all_data["resolver"] = CurrentUser.resolver
        request.all_data["realm"] = CurrentUser.realm
        g.audit_object.log({
            "user": CurrentUser.login,
            "realm": CurrentUser.realm
        })
    else:
        # An administrator is calling this API
        g.audit_object.log({"administrator": g.logged_in_user.get("username")})
コード例 #10
0
ファイル: before_after.py プロジェクト: MWelp/privacyidea-1
def before_request():
    """
    This is executed before the request.

    user_required checks if there is a logged in admin or user

    The checks for ONLY admin are preformed in api/system.py
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    g.config_object = ConfigClass()
    request.all_data = get_all_params(request.values, request.data)
    try:
        request.User = get_user_from_param(request.all_data)
    except AttributeError:
        # Some endpoints do not need users OR e.g. the setPolicy endpoint
        # takes a list as the userobject
        request.User = None

    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    g.event_config = EventConfiguration()
    # access_route contains the ip adresses of all clients, hops and proxies.
    g.client_ip = get_client_ip(request,
                                get_from_config(SYSCONF.OVERRIDECLIENT))
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    # Already get some typical parameters to log
    serial = getParam(request.all_data, "serial")
    realm = getParam(request.all_data, "realm")
    user_loginname = ""
    if "token_blueprint" in request.endpoint:
        # In case of token endpoint we evaluate the user in the request.
        # Note: In policy-endpoint "user" is part of the policy configuration
        #  and will cause an exception
        user = get_user_from_param(request.all_data)
        user_loginname = user.login
        realm = user.realm or realm

    g.audit_object.log({"success": False,
                        "serial": serial,
                        "user": user_loginname,
                        "realm": realm,
                        "client": g.client_ip,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": privacyidea_server,
                        "action": "{0!s} {1!s}".format(request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})

    if g.logged_in_user.get("role") == "user":
        # A user is calling this API
        # In case the token API is called by the user and not by the admin we
        #  need to restrict the token view.
        CurrentUser = get_user_from_param({"user":
                                               g.logged_in_user.get(
                                                   "username"),
                                           "realm": g.logged_in_user.get(
                                               "realm")})
        request.all_data["user"] = CurrentUser.login
        request.all_data["resolver"] = CurrentUser.resolver
        request.all_data["realm"] = CurrentUser.realm
        g.audit_object.log({"user": CurrentUser.login,
                            "realm": CurrentUser.realm})
    else:
        # An administrator is calling this API
        g.audit_object.log({"administrator": g.logged_in_user.get("username")})
コード例 #11
0
ファイル: before_after.py プロジェクト: jh23453/privacyidea
def before_request():
    """
    This is executed before the request.

    user_required checks if there is a logged in admin or user

    The checks for ONLY admin are preformed in api/system.py
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    g.config_object = ConfigClass()
    request.all_data = get_all_params(request.values, request.data)
    try:
        request.User = get_user_from_param(request.all_data)
    except AttributeError:
        # Some endpoints do not need users OR e.g. the setPolicy endpoint
        # takes a list as the userobject
        request.User = None
    except UserError:
        # In cases like the policy API, the parameter "user" is part of the
        # policy and will not resolve to a user object
        pass

    g.policy_object = PolicyClass()
    g.audit_object = getAudit(current_app.config)
    g.event_config = EventConfiguration()
    # access_route contains the ip adresses of all clients, hops and proxies.
    g.client_ip = get_client_ip(request,
                                get_from_config(SYSCONF.OVERRIDECLIENT))
    privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
                         request.host
    # Already get some typical parameters to log
    serial = getParam(request.all_data, "serial")
    if serial and "**" not in serial:
        tokentype = get_token_type(serial)
    else:
        tokentype = None
    realm = getParam(request.all_data, "realm")
    user_loginname = ""
    resolver = ""
    if "token_blueprint" in request.endpoint:
        # In case of token endpoint we evaluate the user in the request.
        # Note: In policy-endpoint "user" is part of the policy configuration
        #  and will cause an exception
        user = get_user_from_param(request.all_data)
        user_loginname = user.login
        realm = user.realm or realm
        resolver = user.resolver

    g.audit_object.log({"success": False,
                        "serial": serial,
                        "user": user_loginname,
                        "realm": realm,
                        "resolver": resolver,
                        "token_type": tokentype,
                        "client": g.client_ip,
                        "client_user_agent": request.user_agent.browser,
                        "privacyidea_server": privacyidea_server,
                        "action": "{0!s} {1!s}".format(request.method, request.url_rule),
                        "action_detail": "",
                        "info": ""})

    if g.logged_in_user.get("role") == "user":
        # A user is calling this API
        # In case the token API is called by the user and not by the admin we
        #  need to restrict the token view.
        CurrentUser = get_user_from_param({"user":
                                               g.logged_in_user.get(
                                                   "username"),
                                           "realm": g.logged_in_user.get(
                                               "realm")})
        request.all_data["user"] = CurrentUser.login
        request.all_data["resolver"] = CurrentUser.resolver
        request.all_data["realm"] = CurrentUser.realm
        g.audit_object.log({"user": CurrentUser.login,
                            "resolver": CurrentUser.resolver,
                            "realm": CurrentUser.realm})
    else:
        # An administrator is calling this API
        g.audit_object.log({"administrator": g.logged_in_user.get("username")})