cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-12 16:40:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Emit audit history when SAML assertions promote or demote a user.

Browse Source
This commit is contained in:
Ian Bobbitt 2018-06-24 23:54:29 +00:00
parent 17a61d04b5
commit 765351c5e9
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/views.py
View File

@ -253,10 +253,18 @@ def saml_authorized():
if admin_attribute_name: if admin_attribute_name:
if 'true' in session['samlUserdata'].get(admin_attribute_name, []): if 'true' in session['samlUserdata'].get(admin_attribute_name, []):
logging.debug("User is an admin") logging.debug("User is an admin")
user.role_id = Role.query.filter_by(name='Administrator').first().id admin_role = Role.query.filter_by(name='Administrator').first().id
if user.role_id != admin_role:
user.role_id = admin_role
history = History(msg='Promoting {0} to administrator'.format(user.username), created_by='SAML Assertion')
history.add()
else: else:
logging.debug("User is NOT an admin") logging.debug("User is NOT an admin")
user.role_id = Role.query.filter_by(name='User').first().id user_role = Role.query.filter_by(name='User').first().id
if user.role_id != user_role:
user.role_id = user_role
history = History(msg='Demoting {0} to user'.format(user.username), created_by='SAML Assertion')
history.add()
user.plain_text_password = None user.plain_text_password = None
user.update_profile() user.update_profile()
session['external_auth'] = True session['external_auth'] = True