Log granted/denied authorization requests

This commit is contained in:
Kumi 2022-08-05 09:29:11 +02:00
parent b20ef4fcb0
commit fe57923c35
Signed by: kumi
GPG key ID: 5D1CE6AF1805ECA2
6 changed files with 60 additions and 1 deletions

View file

@ -4,3 +4,6 @@ from django.apps import AppConfig
class CoreConfig(AppConfig):
default_auto_field = 'django.db.models.BigAutoField'
name = 'core'
def ready(self):
from . import receivers

View file

@ -0,0 +1,27 @@
# Generated by Django 3.2.15 on 2022-08-05 07:28
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('oidc_provider', '0027_auto_20220801_1333'),
('core', '0005_profile_last_name'),
]
operations = [
migrations.CreateModel(
name='AuthorizationLog',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('scope', models.TextField()),
('granted', models.BooleanField()),
('timestamp', models.DateTimeField(auto_now_add=True)),
('client', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='oidc_provider.client')),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
),
]

View file

@ -1,2 +1,3 @@
from .auth import User
from .profile import Profile
from .logging import AuthorizationLog

12
core/models/logging.py Normal file
View file

@ -0,0 +1,12 @@
from django.db import models
from django.contrib.auth import get_user_model
from oidc_provider.models import Client
class AuthorizationLog(models.Model):
user = models.ForeignKey(get_user_model(), models.CASCADE)
client = models.ForeignKey(Client, models.CASCADE)
scope = models.TextField()
granted = models.BooleanField()
timestamp = models.DateTimeField(auto_now_add=True)

View file

@ -0,0 +1 @@
from .oidc import user_accept_consent, user_decline_consent

15
core/receivers/oidc.py Normal file
View file

@ -0,0 +1,15 @@
from django.dispatch import receiver
from oidc_provider.signals import user_accept_consent, user_decline_consent
from ..models import AuthorizationLog
@receiver(user_accept_consent)
def consent_granted(sender, **kwargs):
AuthorizationLog.objects.create(user=kwargs["user"], client=kwargs["client"], scope=kwargs["scope"], granted=True)
@receiver(user_decline_consent)
def consent_denied(sender, **kwargs):
AuthorizationLog.objects.create(user=kwargs["user"], client=kwargs["client"], scope=kwargs["scope"], granted=False)