logging: Add "password change" and "account deletion" events

This commit is contained in:
augustin64 2024-02-28 23:38:14 +01:00
parent 3cbc586c78
commit bfb6a127f0
4 changed files with 31 additions and 4 deletions

View File

@ -26,7 +26,7 @@ MAX_AGE=31
INSTANCE_PATH="instance" INSTANCE_PATH="instance"
# Events to log # Events to log
ENABLED_LOGS=["NEW_GROUPE", "NEW_ALBUM", "NEW_PARTITION", "NEW_USER", "SERVER_RESTART", "FAILED_LOGIN"] ENABLED_LOGS=["NEW_GROUPE", "NEW_ALBUM", "NEW_PARTITION", "NEW_USER", "PASSWORD_CHANGE", "DELETE_ACCOUNT", "SERVER_RESTART", "FAILED_LOGIN"]
# Available languages # Available languages
LANGUAGES=['en', 'fr'] LANGUAGES=['en', 'fr']

View File

@ -12,8 +12,10 @@ class LogEntry(Enum):
NEW_ALBUM = 3 NEW_ALBUM = 3
NEW_PARTITION = 4 NEW_PARTITION = 4
NEW_USER = 5 NEW_USER = 5
SERVER_RESTART = 6 PASSWORD_CHANGE = 6
FAILED_LOGIN = 7 DELETE_ACCOUNT = 7
SERVER_RESTART = 8
FAILED_LOGIN = 9
def from_string(entry: str): def from_string(entry: str):
mapping = { mapping = {
@ -22,6 +24,8 @@ class LogEntry(Enum):
"NEW_ALBUM": LogEntry.NEW_ALBUM, "NEW_ALBUM": LogEntry.NEW_ALBUM,
"NEW_PARTITION": LogEntry.NEW_PARTITION, "NEW_PARTITION": LogEntry.NEW_PARTITION,
"NEW_USER": LogEntry.NEW_USER, "NEW_USER": LogEntry.NEW_USER,
"PASSWORD_CHANGE": LogEntry.PASSWORD_CHANGE,
"DELETE_ACCOUNT": LogEntry.DELETE_ACCOUNT,
"SERVER_RESTART": LogEntry.SERVER_RESTART, "SERVER_RESTART": LogEntry.SERVER_RESTART,
"FAILED_LOGIN": LogEntry.FAILED_LOGIN "FAILED_LOGIN": LogEntry.FAILED_LOGIN
} }
@ -61,6 +65,18 @@ def log(content: list[Union[str, bool, int]], log_type: LogEntry) -> None:
else: else:
description = f"New user {content[0]}[{content[1]}] added by {content[3]}" description = f"New user {content[0]}[{content[1]}] added by {content[3]}"
case LogEntry.PASSWORD_CHANGE: # content = (user.name, user.id, admin.name if relevant)
if len(content) == 2:
description = f"New password for {content[0]}[{content[1]}]"
else:
description = f"New password for {content[0]}[{content[1]}], changed by {content[2]}"
case LogEntry.DELETE_ACCOUNT: # content = (user.name, user.id, admin.name if relevant)
if len(content) == 2:
description = f"Account deleted {content[0]}[{content[1]}]"
else:
description = f"Account deleted {content[0]}[{content[1]}], by {content[2]}"
case LogEntry.SERVER_RESTART: # content = () case LogEntry.SERVER_RESTART: # content = ()
description = "Server just restarted" description = "Server just restarted"

View File

@ -11,6 +11,7 @@ from flask_babel import _
from .db import get_db from .db import get_db
from .auth import login_required from .auth import login_required
from .utils import User from .utils import User
from . import logging
bp = Blueprint("settings", __name__, url_prefix="/settings") bp = Blueprint("settings", __name__, url_prefix="/settings")
@ -33,6 +34,7 @@ def index():
@bp.route("/delete-account", methods=["POST"]) @bp.route("/delete-account", methods=["POST"])
@login_required @login_required
def delete_account(): def delete_account():
log_data = None
if "user_id" not in request.form: if "user_id" not in request.form:
flash(_("Missing user id.")) flash(_("Missing user id."))
return redirect(request.referrer) return redirect(request.referrer)
@ -42,12 +44,16 @@ def delete_account():
mod_user = User(user_id=user_id) mod_user = User(user_id=user_id)
if cur_user.access_level != 1: if cur_user.access_level != 1:
log_data = [mod_user.username, mod_user.id]
if cur_user.id != mod_user.id: if cur_user.id != mod_user.id:
flash(_("Missing rights.")) flash(_("Missing rights."))
return redirect(request.referrer) return redirect(request.referrer)
else:
log_data = [mod_user.username, mod_user.id, cur_user.username]
mod_user.delete() mod_user.delete()
flash(_("User successfully deleted.")) flash(_("User successfully deleted."))
logging.log(log_data, logging.LogEntry.DELETE_ACCOUNT)
if cur_user.id == mod_user.id: if cur_user.id == mod_user.id:
return redirect("/") return redirect("/")
return redirect("/admin") return redirect("/admin")
@ -56,6 +62,7 @@ def delete_account():
@bp.route("/change-password", methods=["POST"]) @bp.route("/change-password", methods=["POST"])
@login_required @login_required
def change_password(): def change_password():
log_data = None
if "user_id" not in request.form: if "user_id" not in request.form:
flash(_("Missing user id.")) flash(_("Missing user id."))
return redirect(request.referrer) return redirect(request.referrer)
@ -65,6 +72,7 @@ def change_password():
mod_user = User(user_id=user_id) mod_user = User(user_id=user_id)
if cur_user.access_level != 1: if cur_user.access_level != 1:
log_data = [mod_user.username, mod_user.id]
if cur_user.id != mod_user.id: if cur_user.id != mod_user.id:
flash(_("Missing rights.")) flash(_("Missing rights."))
return redirect(request.referrer) return redirect(request.referrer)
@ -76,6 +84,8 @@ def change_password():
if not check_password_hash(mod_user.password, request.form["old_password"]): if not check_password_hash(mod_user.password, request.form["old_password"]):
flash(_("Incorrect password.")) flash(_("Incorrect password."))
return redirect(request.referrer) return redirect(request.referrer)
else:
log_data = [mod_user.username, mod_user.id, cur_user.username]
if "new_password" not in request.form or "confirm_new_password" not in request.form: if "new_password" not in request.form or "confirm_new_password" not in request.form:
flash(_("Missing password.")) flash(_("Missing password."))
@ -87,4 +97,5 @@ def change_password():
mod_user.update_password(request.form["new_password"]) mod_user.update_password(request.form["new_password"])
flash(_("Successfully updated password.")) flash(_("Successfully updated password."))
logging.log(log_data, logging.LogEntry.PASSWORD_CHANGE)
return redirect(request.referrer) return redirect(request.referrer)

View File

@ -24,7 +24,7 @@
{% block content %} {% block content %}
{{ _("User %(username)s has %(album_count)s albums"), username=inspected_user.username, album_count=len(inspected_user.get_albums()) }} {{ _("User %(username)s has %(album_count)s albums", username=inspected_user.username, album_count=(inspected_user.get_albums() | length)) }}
<form action="/settings/change-password" method="post"> <form action="/settings/change-password" method="post">
<h3>{{ _("Change password") }}</h3> <h3>{{ _("Change password") }}</h3>
{% if not skip_old_password %} {% if not skip_old_password %}