audit: rewrite to be independent of django http requests, allow custom actions

passbook/providers/oauth/views/oauth2.py

@@ -8,7 +8,7 @@ from django.utils.translation import ugettext as _
 from oauth2_provider.views.base import AuthorizationView
 from structlog import get_logger
 
-from passbook.audit.models import Event
+from passbook.audit.models import Event, EventAction
 from passbook.core.models import Application
 from passbook.core.views.access import AccessMixin
 from passbook.core.views.utils import LoadingView, PermissionDeniedView
@@ -77,9 +77,8 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
 
     def form_valid(self, form):
         # User has clicked on "Authorize"
-        Event.create(
-            action=Event.ACTION_AUTHORIZE_APPLICATION,
-            request=self.request,
-            app=str(self._application))
-        LOGGER.debug('user %s authorized %s', self.request.user, self._application)
+        Event.new(EventAction.AUTHORIZE_APPLICATION,
+                  authorized_application=self._application).from_http(self.request)
+        LOGGER.debug('User authorized Application',
+                     user=self.request.user, application=self._application)
         return super().form_valid(form)

passbook/providers/oidc/lib.py

@@ -3,7 +3,7 @@ from django.contrib import messages
 from django.shortcuts import redirect
 from structlog import get_logger
 
-from passbook.audit.models import Event
+from passbook.audit.models import Event, EventAction
 from passbook.core.models import Application
 from passbook.policies.engine import PolicyEngine
 
@@ -28,9 +28,7 @@ def check_permissions(request, user, client):
             messages.error(request, policy_message)
         return redirect('passbook_providers_oauth:oauth2-permission-denied')
 
-    Event.create(
-        action=Event.ACTION_AUTHORIZE_APPLICATION,
-        request=request,
-        app=application.name,
-        skipped_authorization=False)
+    Event.new(EventAction.AUTHORIZE_APPLICATION,
+              authorized_application=application,
+              skipped_authorization=False).from_http(request)
     return None

passbook/providers/saml/views.py

@@ -13,7 +13,7 @@ from django.views.decorators.csrf import csrf_exempt
 from signxml.util import strip_pem_header
 from structlog import get_logger
 
-from passbook.audit.models import Event
+from passbook.audit.models import Event, EventAction
 from passbook.core.models import Application
 from passbook.lib.mixins import CSRFExemptMixin
 from passbook.lib.utils.template import render_to_string
@@ -123,11 +123,9 @@ class LoginProcessView(AccessRequiredView):
         if self.provider.application.skip_authorization:
             ctx = self.provider.processor.generate_response()
             # Log Application Authorization
-            Event.create(
-                action=Event.ACTION_AUTHORIZE_APPLICATION,
-                request=request,
-                app=self.provider.application.name,
-                skipped_authorization=True)
+            Event.new(EventAction.AUTHORIZE_APPLICATION,
+                      authorized_application=self.provider.application,
+                      skipped_authorization=True).from_http(request)
             return RedirectToSPView.as_view()(
                 request=request,
                 acs_url=ctx['acs_url'],
@@ -145,11 +143,9 @@ class LoginProcessView(AccessRequiredView):
         # Check if user has access
         if request.POST.get('ACSUrl', None):
             # User accepted request
-            Event.create(
-                action=Event.ACTION_AUTHORIZE_APPLICATION,
-                request=request,
-                app=self.provider.application.name,
-                skipped_authorization=False)
+            Event.new(EventAction.AUTHORIZE_APPLICATION,
+                      authorized_application=self.provider.application,
+                      skipped_authorization=False).from_http(request)
             return RedirectToSPView.as_view()(
                 request=request,
                 acs_url=request.POST.get('ACSUrl'),