def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({
"success":
False,
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail":
"",
"info":
""
})
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
# get additional request information such as parameters in the
# call path from the view_args
request.all_data.update(request.view_args)
request.User = get_user_from_param(request.all_data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config, g.startdate)
g.event_config = EventConfiguration()
# access_route contains the ip addresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT))
# Save the HTTP header in the localproxy object
g.request_headers = request.headers
g.serial = getParam(request.all_data, "serial", default=None)
g.audit_object.log({"success": False,
"action_detail": "",
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"info": ""})
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.serial = getParam(request.all_data, "serial") or None
g.audit_object.log({
"success":
False,
"action_detail":
"",
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"info":
""
})
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({"success": False,
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail": "",
"info": ""})
username = getParam(request.all_data, "username")
if username:
# We only fill request.User, if we really have a username.
# On endpoints like /auth/rights, this is not available
loginname, realm = split_user(username)
# overwrite the split realm if we have a realm parameter. Default back to default_realm
realm = getParam(request.all_data, "realm", default=realm) or realm or get_default_realm()
# Prefill the request.User. This is used by some pre-event handlers
request.User = User(loginname, realm)
def before_request():
"""
This is executed before the request.
user_required checks if there is a logged in admin or user
The checks for ONLY admin are preformed in api/system.py
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
if g.logged_in_user.get("role") == "user":
# A user is calling this API. First thing we do is restricting the user parameter.
# ...to restrict token view, audit view or token actions.
request.all_data["user"] = g.logged_in_user.get("username")
request.all_data["realm"] = g.logged_in_user.get("realm")
try:
request.User = get_user_from_param(request.all_data)
# overwrite or set the resolver parameter in case of a logged in user
if g.logged_in_user.get("role") == "user":
request.all_data["resolver"] = request.User.resolver
except AttributeError:
# Some endpoints do not need users OR e.g. the setPolicy endpoint
# takes a list as the userobject
request.User = None
except UserError:
# In cases like the policy API, the parameter "user" is part of the
# policy and will not resolve to a user object
request.User = User()
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Already get some typical parameters to log
serial = getParam(request.all_data, "serial")
if serial:
tokentype = get_token_type(serial)
else:
tokentype = None
if request.User:
audit_username = request.User.login
audit_realm = request.User.realm
audit_resolver = request.User.resolver
else:
audit_realm = getParam(request.all_data, "realm")
audit_resolver = getParam(request.all_data, "resolver")
audit_username = getParam(request.all_data, "user")
g.audit_object.log({
"success":
False,
"serial":
serial,
"user":
audit_username,
"realm":
audit_realm,
"resolver":
audit_resolver,
"token_type":
tokentype,
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail":
"",
"info":
""
})
if g.logged_in_user.get("role") == "admin":
# An administrator is calling this API
g.audit_object.log({"administrator": g.logged_in_user.get("username")})
