projects
/
osm
/
NBI.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Feature 10958: Audit Logs for OSM
[osm/NBI.git]
/
osm_nbi
/
authconn_internal.py
diff --git
a/osm_nbi/authconn_internal.py
b/osm_nbi/authconn_internal.py
index
d039f84
..
3f495d8
100644
(file)
--- a/
osm_nbi/authconn_internal.py
+++ b/
osm_nbi/authconn_internal.py
@@
-40,6
+40,7
@@
from osm_nbi.authconn import (
) # , AuthconnOperationException
from osm_common.dbbase import DbException
from osm_nbi.base_topic import BaseTopic
) # , AuthconnOperationException
from osm_common.dbbase import DbException
from osm_nbi.base_topic import BaseTopic
+from osm_nbi.utils import cef_event, cef_event_builder
from osm_nbi.validation import is_valid_uuid
from time import time, sleep
from http import HTTPStatus
from osm_nbi.validation import is_valid_uuid
from time import time, sleep
from http import HTTPStatus
@@
-68,6
+69,7
@@
class AuthconnInternal(Authconn):
# To be Confirmed
self.sess = None
# To be Confirmed
self.sess = None
+ self.cef_logger = cef_event_builder(config)
def validate_token(self, token):
"""
def validate_token(self, token):
"""
@@
-193,6
+195,18
@@
class AuthconnInternal(Authconn):
if user:
user_content = self.validate_user(user, password)
if not user_content:
if user:
user_content = self.validate_user(user, password)
if not user_content:
+ cef_event(
+ self.cef_logger,
+ {
+ "name": "User login",
+ "sourceUserName": user,
+ "message": "Invalid username/password Project={} Outcome=Failure".format(
+ project
+ ),
+ "severity": "3",
+ },
+ )
+ self.logger.exception("{}".format(self.cef_logger))
raise AuthException(
"Invalid username/password", http_code=HTTPStatus.UNAUTHORIZED
)
raise AuthException(
"Invalid username/password", http_code=HTTPStatus.UNAUTHORIZED
)
@@
-401,6
+415,16
@@
class AuthconnInternal(Authconn):
if pswd and (
len(pswd) != 64 or not re.match("[a-fA-F0-9]*", pswd)
): # TODO: Improve check?
if pswd and (
len(pswd) != 64 or not re.match("[a-fA-F0-9]*", pswd)
): # TODO: Improve check?
+ cef_event(
+ self.cef_logger,
+ {
+ "name": "Change Password",
+ "sourceUserName": user_data["username"],
+ "message": "Changing Password for user, Outcome=Success",
+ "severity": "2",
+ },
+ )
+ self.logger.info("{}".format(self.cef_logger))
salt = uuid4().hex
if "_admin" not in user_data:
user_data["_admin"] = {}
salt = uuid4().hex
if "_admin" not in user_data:
user_data["_admin"] = {}