a4dc6d13b5
* events: rename audit to events * policies/expression: log expression exceptions as event * policies/expression: add ExpressionPolicy Model to event when possible * lib/expressions: ensure syntax errors are logged too * lib: fix lint error * policies: add execution_logging field * core: add property mapping tests * policies/expression: add full test * policies/expression: fix attribute name * policies: add execution_logging * web: fix imports * root: update swagger * policies: use dataclass instead of dict for types * events: add support for dataclass as event param * events: add special keys which are never cleaned * policies: add tests for process, don't clean full cache * admin: create event when new version is seen * events: move utils to separate file * admin: add tests for admin tasks * events: add .set_user method to ensure users have correct attributes set * core: add test for property_mapping errors with user and request
59 lines
1.9 KiB
Python
59 lines
1.9 KiB
Python
"""authentik impersonation views"""
|
|
|
|
from django.http import HttpRequest, HttpResponse
|
|
from django.shortcuts import get_object_or_404, redirect
|
|
from django.views import View
|
|
from structlog import get_logger
|
|
|
|
from authentik.core.middleware import (
|
|
SESSION_IMPERSONATE_ORIGINAL_USER,
|
|
SESSION_IMPERSONATE_USER,
|
|
)
|
|
from authentik.core.models import User
|
|
from authentik.events.models import Event, EventAction
|
|
|
|
LOGGER = get_logger()
|
|
|
|
|
|
class ImpersonateInitView(View):
|
|
"""Initiate Impersonation"""
|
|
|
|
def get(self, request: HttpRequest, user_id: int) -> HttpResponse:
|
|
"""Impersonation handler, checks permissions"""
|
|
if not request.user.has_perm("impersonate"):
|
|
LOGGER.debug(
|
|
"User attempted to impersonate without permissions", user=request.user
|
|
)
|
|
return HttpResponse("Unauthorized", status=401)
|
|
|
|
user_to_be = get_object_or_404(User, pk=user_id)
|
|
|
|
request.session[SESSION_IMPERSONATE_ORIGINAL_USER] = request.user
|
|
request.session[SESSION_IMPERSONATE_USER] = user_to_be
|
|
|
|
Event.new(EventAction.IMPERSONATION_STARTED).from_http(request, user_to_be)
|
|
|
|
return redirect("authentik_core:shell")
|
|
|
|
|
|
class ImpersonateEndView(View):
|
|
"""End User impersonation"""
|
|
|
|
def get(self, request: HttpRequest) -> HttpResponse:
|
|
"""End Impersonation handler"""
|
|
if (
|
|
SESSION_IMPERSONATE_USER not in request.session
|
|
or SESSION_IMPERSONATE_ORIGINAL_USER not in request.session
|
|
):
|
|
LOGGER.debug("Can't end impersonation", user=request.user)
|
|
return redirect("authentik_core:shell")
|
|
|
|
original_user = request.session[SESSION_IMPERSONATE_ORIGINAL_USER]
|
|
|
|
del request.session[SESSION_IMPERSONATE_USER]
|
|
del request.session[SESSION_IMPERSONATE_ORIGINAL_USER]
|
|
|
|
Event.new(EventAction.IMPERSONATION_ENDED).from_http(request, original_user)
|
|
|
|
return redirect("authentik_core:shell")
|