External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-19 05:31:22 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1435 from anoek/user-activity-stream-updates

Browse Source 
Added activity stream events for User
This commit is contained in:
Akita Noek 2016-04-12 09:10:52 -04:00
commit dc70262d39
6 changed files with 52 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
awx/api/authentication.py
View File

@ -3,9 +3,11 @@
# Python
import urllib
import logging
# Django
from django.utils.timezone import now as tz_now
from django.utils.encoding import smart_text
# Django REST Framework
from rest_framework import authentication
@ -16,6 +18,8 @@ from rest_framework import HTTP_HEADER_ENCODING
from awx.main.models import UnifiedJob, AuthToken
from awx.main.conf import tower_settings
logger = logging.getLogger('awx.api.authentication')
class TokenAuthentication(authentication.TokenAuthentication):
'''
Custom token authentication using tokens that expire and are associated
@ -93,7 +97,7 @@ class TokenAuthentication(authentication.TokenAuthentication):
if not token.in_valid_tokens(now=now):
token.invalidate(reason='limit_reached')
raise exceptions.AuthenticationFailed(AuthToken.reason_long('limit_reached'))
# If the user is inactive, then return an error.
if not token.user.is_active:
raise exceptions.AuthenticationFailed('User inactive or deleted')
@ -116,6 +120,16 @@ class TokenGetAuthentication(TokenAuthentication):
return super(TokenGetAuthentication, self).authenticate(request)
class LoggedBasicAuthentication(authentication.BasicAuthentication):
def authenticate(self, request):
ret = super(LoggedBasicAuthentication, self).authenticate(request)
if ret:
username = ret[0].username if ret[0] else '<none>'
logger.debug(smart_text(u"User {} performed a {} to {} through the API".format(username, request.method, request.path)))
return ret
class TaskAuthentication(authentication.BaseAuthentication):
'''
Custom authentication used for views accessed by the inventory and callback

11
awx/api/views.py
View File

@ -11,6 +11,7 @@ import time
import socket
import sys
import errno
import logging
from base64 import b64encode
from collections import OrderedDict
@ -22,7 +23,7 @@ from django.core.exceptions import FieldError
from django.db.models import Q, Count
from django.db import IntegrityError, transaction
from django.shortcuts import get_object_or_404
from django.utils.encoding import force_text
from django.utils.encoding import smart_text, force_text
from django.utils.safestring import mark_safe
from django.utils.timezone import now
from django.views.decorators.csrf import csrf_exempt
@ -71,6 +72,8 @@ from awx.api.metadata import RoleMetadata
from awx.main.utils import emit_websocket_notification
from awx.main.conf import tower_settings
logger = logging.getLogger('awx.api.views')
def api_exception_handler(exc, context):
'''
Override default API exception handler to catch IntegrityError exceptions.
@ -528,9 +531,13 @@ class AuthTokenView(APIView):
expires__gt=now(),
reason='')[0]
token.refresh()
if 'username' in request.data:
logger.info(smart_text(u"User {} logged in".format(request.data['username'])))
except IndexError:
token = AuthToken.objects.create(user=serializer.validated_data['user'],
request_hash=request_hash)
if 'username' in request.data:
logger.info(smart_text(u"User {} logged in".format(request.data['username'])))
# Get user un-expired tokens that are not invalidated that are
# over the configured limit.
# Mark them as invalid and inform the user
@ -549,6 +556,8 @@ class AuthTokenView(APIView):
'Auth-Token-Timeout': int(tower_settings.AUTH_TOKEN_EXPIRATION)
}
return Response({'token': token.key, 'expires': token.expires}, headers=headers)
if 'username' in request.data:
logger.warning(smart_text(u"Login failed for user {}".format(request.data['username'])))
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class OrganizationList(ListCreateAPIView):

1
awx/main/models/__init__.py
View File

@ -85,3 +85,4 @@ activity_stream_registrar.connect(TowerSettings)
activity_stream_registrar.connect(Notifier)
activity_stream_registrar.connect(Notification)
activity_stream_registrar.connect(Label)
activity_stream_registrar.connect(User)

30
awx/main/utils.py
View File

@ -284,6 +284,22 @@ def update_scm_url(scm_type, url, username=True, password=True,
return new_url
def get_allowed_fields(obj, serializer_mapping):
from django.contrib.auth.models import User
if serializer_mapping is not None and obj.__class__ in serializer_mapping:
serializer_actual = serializer_mapping[obj.__class__]()
allowed_fields = [x for x in serializer_actual.fields if not serializer_actual.fields[x].read_only] + ['id']
else:
allowed_fields = [x.name for x in obj._meta.fields]
if isinstance(obj, User):
field_blacklist = ['last_login']
allowed_fields = [f for f in allowed_fields if f not in field_blacklist]
return allowed_fields
def model_instance_diff(old, new, serializer_mapping=None):
"""
Calculate the differences between two model instances. One of the instances may be None (i.e., a newly
@ -301,11 +317,7 @@ def model_instance_diff(old, new, serializer_mapping=None):
diff = {}
if serializer_mapping is not None and new.__class__ in serializer_mapping:
serializer_actual = serializer_mapping[new.__class__]()
allowed_fields = [x for x in serializer_actual.fields if not serializer_actual.fields[x].read_only] + ['id']
else:
allowed_fields = [x.name for x in new._meta.fields]
allowed_fields = get_allowed_fields(new, serializer_mapping)
for field in allowed_fields:
old_value = getattr(old, field, None)
@ -334,11 +346,9 @@ def model_to_dict(obj, serializer_mapping=None):
"""
from awx.main.models.credential import Credential
attr_d = {}
if serializer_mapping is not None and obj.__class__ in serializer_mapping:
serializer_actual = serializer_mapping[obj.__class__]()
allowed_fields = [x for x in serializer_actual.fields if not serializer_actual.fields[x].read_only] + ['id']
else:
allowed_fields = [x.name for x in obj._meta.fields]
allowed_fields = get_allowed_fields(obj, serializer_mapping)
for field in obj._meta.fields:
if field.name not in allowed_fields:
continue

2
awx/settings/defaults.py
View File

@ -202,7 +202,7 @@ REST_FRAMEWORK = {
'PAGE_SIZE': 25,
'DEFAULT_AUTHENTICATION_CLASSES': (
'awx.api.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
'awx.api.authentication.LoggedBasicAuthentication',
#'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (

5
awx/sso/views.py
View File

@ -3,6 +3,7 @@
# Python
import urllib
import logging
# Django
from django.core.urlresolvers import reverse
@ -10,6 +11,7 @@ from django.http import HttpResponse
from django.utils.timezone import now, utc
from django.views.generic import View
from django.views.generic.base import RedirectView
from django.utils.encoding import smart_text
# Django REST Framework
from rest_framework.renderers import JSONRenderer
@ -18,6 +20,7 @@ from rest_framework.renderers import JSONRenderer
from awx.main.models import AuthToken
from awx.api.serializers import UserSerializer
logger = logging.getLogger('awx.sso.views')
class BaseRedirectView(RedirectView):
@ -45,9 +48,11 @@ class CompleteView(BaseRedirectView):
request_hash=request_hash,
expires__gt=now())[0]
token.refresh()
logger.info(smart_text(u"User {} logged in".format(self.request.user.username)))
except IndexError:
token = AuthToken.objects.create(user=request.user,
request_hash=request_hash)
logger.info(smart_text(u"User {} logged in".format(self.request.user.username)))
request.session['auth_token_key'] = token.key
token_key = urllib.quote('"%s"' % token.key)
response.set_cookie('token', token_key)