fix client ip not showing in audit log for sso logon and disable some unused urls and settings

2024-10-22 11:54:34 -04:00 · 2024-10-22 11:54:34 -04:00 · 5520a84062
parent 66c7123f7c
commit 5520a84062
3 changed files with 28 additions and 23 deletions
--- a/api/tacticalrmm/ee/sso/urls.py
+++ b/api/tacticalrmm/ee/sso/urls.py
@ -6,10 +6,7 @@ For details, see: https://license.tacticalrmm.com/ee

 from django.urls import path, include, re_path
 from allauth.socialaccount.providers.openid_connect.views import callback
-from allauth.headless.socialaccount.views import (
-    RedirectToProviderView,
-    ManageProvidersView,
-)
+from allauth.headless.socialaccount.views import RedirectToProviderView
 from allauth.headless.base.views import ConfigView

 from . import views
@ -31,6 +28,7 @@ urlpatterns = [
    path("ssoproviders/<int:pk>/", views.GetUpdateDeleteSSOProvider.as_view()),
    path("ssoproviders/token/", views.GetAccessToken.as_view()),
    path("ssoproviders/settings/", views.GetUpdateSSOSettings.as_view()),
+    path("ssoproviders/account/", views.DisconnectSSOAccount.as_view())
 ]

 allauth_urls = [
@ -40,7 +38,7 @@ allauth_urls = [
            (
                [
                    path(
-                        "config",
+                        "config/",
                        ConfigView.as_api_view(client="browser"),
                        name="config",
                    ),
@ -50,19 +48,12 @@ allauth_urls = [
                            (
                                [
                                    path(
-                                        "auth/provider/redirect",
+                                        "auth/provider/redirect/",
                                        RedirectToProviderView.as_api_view(
                                            client="browser"
                                        ),
                                        name="redirect_to_provider",
-                                    ),
-                                    path(
-                                        "providers",
-                                        ManageProvidersView.as_api_view(
-                                            client="browser"
-                                        ),
-                                        name="manage_providers",
-                                    ),
+                                    )
                                ],
                                "headless",
                            ),
--- a/api/tacticalrmm/ee/sso/views.py
+++ b/api/tacticalrmm/ee/sso/views.py
@ -6,7 +6,7 @@ For details, see: https://license.tacticalrmm.com/ee

 import re

-from allauth.socialaccount.models import SocialApp
+from allauth.socialaccount.models import SocialApp, SocialAccount
 from django.contrib.auth import logout
 from django.shortcuts import get_object_or_404
 from knox.views import LoginView as KnoxLoginView
@ -124,6 +124,17 @@ class GetUpdateDeleteSSOProvider(APIView):
        return Response("ok")


+class DisconnectSSOAccount(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
+    def delete(self, request):
+        account = get_object_or_404(SocialAccount, uid=request.data["account"], provider=request.data["provider"])
+
+        account.delete()
+
+        return Response("ok")
+
+
 class GetAccessToken(KnoxLoginView):
    permission_classes = [IsAuthenticated, SSOLoginPerms]
    authentication_classes = [SessionAuthentication]
@ -151,16 +162,17 @@ class GetAccessToken(KnoxLoginView):
            else:
                response.data["name"] = None

-            AuditLog.audit_user_login_successful_sso(
-                request.user.username, login_method["provider"], login_method
-            )
-
            # log ip
            ipw = IpWare()
            client_ip, _ = ipw.get_client_ip(request.META)
            if client_ip:
                request.user.last_login_ip = str(client_ip)
                request.user.save(update_fields=["last_login_ip"])
+                login_method["ip"] = str(client_ip)
+
+            AuditLog.audit_user_login_successful_sso(
+                request.user.username, login_method["provider"], login_method
+            )

            # invalid user session since we have an access token now
            logout(request)
--- a/api/tacticalrmm/tacticalrmm/settings.py
+++ b/api/tacticalrmm/tacticalrmm/settings.py
@ -172,7 +172,6 @@ INSTALLED_APPS = [
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.staticfiles",
-    "django.contrib.messages",
    "channels",
    "rest_framework",
    "rest_framework.authtoken",
@ -237,7 +236,6 @@ MIDDLEWARE = [
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "django.contrib.messages.middleware.MessageMiddleware",
    "tacticalrmm.middleware.AuditMiddleware",
    "allauth.account.middleware.AccountMiddleware",
 ]
@ -255,8 +253,12 @@ if DEBUG and not DEMO:
    MIDDLEWARE.insert(0, "silk.middleware.SilkyMiddleware")

 if ADMIN_ENABLED:
-    INSTALLED_APPS += ("django.contrib.admin",)
-
+    MIDDLEWARE += ("django.contrib.messages.middleware.MessageMiddleware",)
+    INSTALLED_APPS += (
+        "django.contrib.admin",
+        "django.contrib.messages",
+    )
+    
 if DEMO:
    MIDDLEWARE += ("tacticalrmm.middleware.DemoMiddleware",)