From 765351c5e947d28de7242589725b4056bba3ac2b Mon Sep 17 00:00:00 2001 From: Ian Bobbitt Date: Sun, 24 Jun 2018 23:54:29 +0000 Subject: [PATCH] Emit audit history when SAML assertions promote or demote a user. --- app/views.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/app/views.py b/app/views.py index 73da8ce..5fc3da0 100644 --- a/app/views.py +++ b/app/views.py @@ -253,10 +253,18 @@ def saml_authorized(): if admin_attribute_name: if 'true' in session['samlUserdata'].get(admin_attribute_name, []): logging.debug("User is an admin") - user.role_id = Role.query.filter_by(name='Administrator').first().id + admin_role = Role.query.filter_by(name='Administrator').first().id + if user.role_id != admin_role: + user.role_id = admin_role + history = History(msg='Promoting {0} to administrator'.format(user.username), created_by='SAML Assertion') + history.add() else: logging.debug("User is NOT an admin") - user.role_id = Role.query.filter_by(name='User').first().id + user_role = Role.query.filter_by(name='User').first().id + if user.role_id != user_role: + user.role_id = user_role + history = History(msg='Demoting {0} to user'.format(user.username), created_by='SAML Assertion') + history.add() user.plain_text_password = None user.update_profile() session['external_auth'] = True