From 6b755d3ae6ae24bfe932bfb0465d50c05e612aba Mon Sep 17 00:00:00 2001 From: sadnub Date: Tue, 22 Oct 2024 11:54:34 -0400 Subject: [PATCH] fix client ip not showing in audit log for sso logon and disable some unused urls and settings --- api/tacticalrmm/ee/sso/urls.py | 19 +++++-------------- api/tacticalrmm/ee/sso/views.py | 22 +++++++++++++++++----- api/tacticalrmm/tacticalrmm/settings.py | 10 ++++++---- 3 files changed, 28 insertions(+), 23 deletions(-) diff --git a/api/tacticalrmm/ee/sso/urls.py b/api/tacticalrmm/ee/sso/urls.py index 60f59a7769..6519a16006 100644 --- a/api/tacticalrmm/ee/sso/urls.py +++ b/api/tacticalrmm/ee/sso/urls.py @@ -6,10 +6,7 @@ from django.urls import path, include, re_path from allauth.socialaccount.providers.openid_connect.views import callback -from allauth.headless.socialaccount.views import ( - RedirectToProviderView, - ManageProvidersView, -) +from allauth.headless.socialaccount.views import RedirectToProviderView from allauth.headless.base.views import ConfigView from . import views @@ -31,6 +28,7 @@ path("ssoproviders//", views.GetUpdateDeleteSSOProvider.as_view()), path("ssoproviders/token/", views.GetAccessToken.as_view()), path("ssoproviders/settings/", views.GetUpdateSSOSettings.as_view()), + path("ssoproviders/account/", views.DisconnectSSOAccount.as_view()) ] allauth_urls = [ @@ -40,7 +38,7 @@ ( [ path( - "config", + "config/", ConfigView.as_api_view(client="browser"), name="config", ), @@ -50,19 +48,12 @@ ( [ path( - "auth/provider/redirect", + "auth/provider/redirect/", RedirectToProviderView.as_api_view( client="browser" ), name="redirect_to_provider", - ), - path( - "providers", - ManageProvidersView.as_api_view( - client="browser" - ), - name="manage_providers", - ), + ) ], "headless", ), diff --git a/api/tacticalrmm/ee/sso/views.py b/api/tacticalrmm/ee/sso/views.py index 24d1d849f5..7a5ddffebc 100644 --- a/api/tacticalrmm/ee/sso/views.py +++ b/api/tacticalrmm/ee/sso/views.py @@ -6,7 +6,7 @@ import re -from allauth.socialaccount.models import SocialApp +from allauth.socialaccount.models import SocialApp, SocialAccount from django.contrib.auth import logout from django.shortcuts import get_object_or_404 from knox.views import LoginView as KnoxLoginView @@ -124,6 +124,17 @@ def delete(self, request, pk): return Response("ok") +class DisconnectSSOAccount(APIView): + permission_classes = [IsAuthenticated, AccountsPerms] + + def delete(self, request): + account = get_object_or_404(SocialAccount, uid=request.data["account"], provider=request.data["provider"]) + + account.delete() + + return Response("ok") + + class GetAccessToken(KnoxLoginView): permission_classes = [IsAuthenticated, SSOLoginPerms] authentication_classes = [SessionAuthentication] @@ -151,16 +162,17 @@ def post(self, request, format=None): else: response.data["name"] = None - AuditLog.audit_user_login_successful_sso( - request.user.username, login_method["provider"], login_method - ) - # log ip ipw = IpWare() client_ip, _ = ipw.get_client_ip(request.META) if client_ip: request.user.last_login_ip = str(client_ip) request.user.save(update_fields=["last_login_ip"]) + login_method["ip"] = str(client_ip) + + AuditLog.audit_user_login_successful_sso( + request.user.username, login_method["provider"], login_method + ) # invalid user session since we have an access token now logout(request) diff --git a/api/tacticalrmm/tacticalrmm/settings.py b/api/tacticalrmm/tacticalrmm/settings.py index 8abc2d0407..2f4576e0d3 100644 --- a/api/tacticalrmm/tacticalrmm/settings.py +++ b/api/tacticalrmm/tacticalrmm/settings.py @@ -172,7 +172,6 @@ "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.staticfiles", - "django.contrib.messages", "channels", "rest_framework", "rest_framework.authtoken", @@ -237,7 +236,6 @@ "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", "tacticalrmm.middleware.AuditMiddleware", "allauth.account.middleware.AccountMiddleware", ] @@ -255,8 +253,12 @@ MIDDLEWARE.insert(0, "silk.middleware.SilkyMiddleware") if ADMIN_ENABLED: - INSTALLED_APPS += ("django.contrib.admin",) - + MIDDLEWARE += ("django.contrib.messages.middleware.MessageMiddleware",) + INSTALLED_APPS += ( + "django.contrib.admin", + "django.contrib.messages", + ) + if DEMO: MIDDLEWARE += ("tacticalrmm.middleware.DemoMiddleware",)