Log activity when modifying account details

This commit is contained in:
DaneEveritt 2022-05-29 18:48:35 -04:00
parent 0b2c0db170
commit 287fd60891
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
15 changed files with 85 additions and 57 deletions

View File

@ -6,6 +6,7 @@ use Illuminate\Http\Request;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Illuminate\Auth\AuthManager; use Illuminate\Auth\AuthManager;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Facades\Activity;
use Pterodactyl\Services\Users\UserUpdateService; use Pterodactyl\Services\Users\UserUpdateService;
use Pterodactyl\Transformers\Api\Client\AccountTransformer; use Pterodactyl\Transformers\Api\Client\AccountTransformer;
use Pterodactyl\Http\Requests\Api\Client\Account\UpdateEmailRequest; use Pterodactyl\Http\Requests\Api\Client\Account\UpdateEmailRequest;
@ -43,14 +44,16 @@ class AccountController extends ClientApiController
/** /**
* Update the authenticated user's email address. * Update the authenticated user's email address.
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/ */
public function updateEmail(UpdateEmailRequest $request): JsonResponse public function updateEmail(UpdateEmailRequest $request): JsonResponse
{ {
$original = $request->user()->email;
$this->updateService->handle($request->user(), $request->validated()); $this->updateService->handle($request->user(), $request->validated());
Activity::event('user:account.email-changed')
->property(['old' => $original, 'new' => $request->input('email')])
->log();
return new JsonResponse([], Response::HTTP_NO_CONTENT); return new JsonResponse([], Response::HTTP_NO_CONTENT);
} }
@ -76,6 +79,8 @@ class AccountController extends ClientApiController
$guard->logoutOtherDevices($request->input('password')); $guard->logoutOtherDevices($request->input('password'));
} }
Activity::event('user:account.password-changed')->log();
return new JsonResponse([], Response::HTTP_NO_CONTENT); return new JsonResponse([], Response::HTTP_NO_CONTENT);
} }
} }

View File

@ -4,47 +4,14 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
use Pterodactyl\Models\ApiKey; use Pterodactyl\Models\ApiKey;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Facades\Activity;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Services\Api\KeyCreationService;
use Pterodactyl\Repositories\Eloquent\ApiKeyRepository;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest; use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
use Pterodactyl\Transformers\Api\Client\ApiKeyTransformer; use Pterodactyl\Transformers\Api\Client\ApiKeyTransformer;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest; use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest;
class ApiKeyController extends ClientApiController class ApiKeyController extends ClientApiController
{ {
/**
* @var \Pterodactyl\Services\Api\KeyCreationService
*/
private $keyCreationService;
/**
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
private $encrypter;
/**
* @var \Pterodactyl\Repositories\Eloquent\ApiKeyRepository
*/
private $repository;
/**
* ApiKeyController constructor.
*/
public function __construct(
Encrypter $encrypter,
KeyCreationService $keyCreationService,
ApiKeyRepository $repository
) {
parent::__construct();
$this->encrypter = $encrypter;
$this->keyCreationService = $keyCreationService;
$this->repository = $repository;
}
/** /**
* Returns all of the API keys that exist for the given client. * Returns all of the API keys that exist for the given client.
* *
@ -75,6 +42,11 @@ class ApiKeyController extends ClientApiController
$request->input('allowed_ips') $request->input('allowed_ips')
); );
Activity::event('user:api-key.create')
->subject($token->accessToken)
->property('identifier', $token->accessToken->identifier)
->log();
return $this->fractal->item($token->accessToken) return $this->fractal->item($token->accessToken)
->transformWith($this->getTransformer(ApiKeyTransformer::class)) ->transformWith($this->getTransformer(ApiKeyTransformer::class))
->addMeta(['secret_token' => $token->plainTextToken]) ->addMeta(['secret_token' => $token->plainTextToken])
@ -88,15 +60,16 @@ class ApiKeyController extends ClientApiController
*/ */
public function delete(ClientApiRequest $request, string $identifier) public function delete(ClientApiRequest $request, string $identifier)
{ {
$response = $this->repository->deleteWhere([ $key = $request->user()->apiKeys()
'key_type' => ApiKey::TYPE_ACCOUNT, ->where('key_type', ApiKey::TYPE_ACCOUNT)
'user_id' => $request->user()->id, ->where('identifier', $identifier)
'identifier' => $identifier, ->first();
]);
if (!$response) { Activity::event('user:api-key.delete')
throw new NotFoundHttpException(); ->property('identifer', $key->identifer)
} ->log();
$key->delete();
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
} }

View File

@ -3,6 +3,7 @@
namespace Pterodactyl\Http\Controllers\Api\Client; namespace Pterodactyl\Http\Controllers\Api\Client;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Facades\Activity;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest; use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
use Pterodactyl\Transformers\Api\Client\UserSSHKeyTransformer; use Pterodactyl\Transformers\Api\Client\UserSSHKeyTransformer;
use Pterodactyl\Http\Requests\Api\Client\Account\StoreSSHKeyRequest; use Pterodactyl\Http\Requests\Api\Client\Account\StoreSSHKeyRequest;
@ -31,6 +32,11 @@ class SSHKeyController extends ClientApiController
'fingerprint' => $request->getKeyFingerprint(), 'fingerprint' => $request->getKeyFingerprint(),
]); ]);
Activity::event('user:ssh-key.create')
->subject($model)
->property('fingerprint', $request->getKeyFingerprint())
->log();
return $this->fractal->item($model) return $this->fractal->item($model)
->transformWith($this->getTransformer(UserSSHKeyTransformer::class)) ->transformWith($this->getTransformer(UserSSHKeyTransformer::class))
->toArray(); ->toArray();
@ -41,7 +47,14 @@ class SSHKeyController extends ClientApiController
*/ */
public function delete(ClientApiRequest $request, string $identifier): JsonResponse public function delete(ClientApiRequest $request, string $identifier): JsonResponse
{ {
$request->user()->sshKeys()->where('fingerprint', $identifier)->delete(); $key = $request->user()->sshKeys()->where('fingerprint', $identifier)->firstOrFail();
$key->delete();
Activity::event('user:ssh-key.delete')
->subject($key)
->property('fingerprint', $key->fingerprint)
->log();
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
} }

View File

@ -6,6 +6,7 @@ use Carbon\Carbon;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Facades\Activity;
use Illuminate\Contracts\Validation\Factory; use Illuminate\Contracts\Validation\Factory;
use Illuminate\Validation\ValidationException; use Illuminate\Validation\ValidationException;
use Pterodactyl\Services\Users\TwoFactorSetupService; use Pterodactyl\Services\Users\TwoFactorSetupService;
@ -89,6 +90,8 @@ class TwoFactorController extends ClientApiController
$tokens = $this->toggleTwoFactorService->handle($request->user(), $request->input('code'), true); $tokens = $this->toggleTwoFactorService->handle($request->user(), $request->input('code'), true);
Activity::event('user:two-factor.create')->log();
return new JsonResponse([ return new JsonResponse([
'object' => 'recovery_tokens', 'object' => 'recovery_tokens',
'attributes' => [ 'attributes' => [
@ -117,6 +120,8 @@ class TwoFactorController extends ClientApiController
'use_totp' => false, 'use_totp' => false,
]); ]);
Activity::event('user:two-factor.delete')->log();
return new JsonResponse([], Response::HTTP_NO_CONTENT); return new JsonResponse([], Response::HTTP_NO_CONTENT);
} }
} }

View File

@ -45,7 +45,7 @@ class BackupStatusController extends Controller
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.'); throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
} }
$action = $request->boolean('successful') ? 'server:backup.complete' : 'server:backup.failed'; $action = $request->boolean('successful') ? 'server:backup.complete' : 'server:backup.fail';
$log = Activity::event($action)->subject($model, $model->server)->property('name', $model->name); $log = Activity::event($action)->subject($model, $model->server)->property('name', $model->name);
$log->transaction(function () use ($model, $request) { $log->transaction(function () use ($model, $request) {

View File

@ -72,7 +72,7 @@ class LoginController extends AbstractLoginController
return $this->sendLoginResponse($user, $request); return $this->sendLoginResponse($user, $request);
} }
Activity::event('login.checkpoint')->withRequestMetadata()->subject($user)->log(); Activity::event('auth:checkpoint')->withRequestMetadata()->subject($user)->log();
$request->session()->put('auth_confirmation_token', [ $request->session()->put('auth_confirmation_token', [
'user_id' => $user->id, 'user_id' => $user->id,

View File

@ -0,0 +1,22 @@
<?php
namespace Pterodactyl\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Facades\LogTarget;
class AccountActivitySubject
{
/**
* Sets the actor and default subject for all requests passing through this
* middleware to be the currently logged in user.
*/
public function handle(Request $request, Closure $next)
{
LogTarget::setActor($request->user());
LogTarget::setSubject($request->user());
return $next($request);
}
}

View File

@ -7,7 +7,7 @@ use Illuminate\Http\Request;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Facades\LogTarget; use Pterodactyl\Facades\LogTarget;
class ServerActivityLogs class ServerActivitySubject
{ {
/** /**
* Attempts to automatically scope all of the activity log events registered * Attempts to automatically scope all of the activity log events registered

View File

@ -29,7 +29,7 @@ class AuthenticationListener implements SubscribesToEvents
} }
} }
$activity->event($event instanceof Failed ? 'login.failed' : 'login.success')->log(); $activity->event($event instanceof Failed ? 'auth:fail' : 'auth:success')->log();
} }
public function subscribe(Dispatcher $events): void public function subscribe(Dispatcher $events): void

View File

@ -17,7 +17,7 @@ class PasswordResetListener
public function handle(PasswordReset $event) public function handle(PasswordReset $event)
{ {
Activity::event('login.password-reset') Activity::event('event:password-reset')
->withRequestMetadata() ->withRequestMetadata()
->subject($event->user) ->subject($event->user)
->log(); ->log();

View File

@ -9,7 +9,7 @@ class TwoFactorListener
{ {
public function handle(ProvidedAuthenticationToken $event) public function handle(ProvidedAuthenticationToken $event)
{ {
Activity::event($event->recovery ? 'login.recovery-token' : 'login.token') Activity::event($event->recovery ? 'auth:recovery-token' : 'auth:token')
->withRequestMetadata() ->withRequestMetadata()
->subject($event->user) ->subject($event->user)
->log(); ->log();

View File

@ -216,7 +216,7 @@ class User extends Model implements
*/ */
public function sendPasswordResetNotification($token) public function sendPasswordResetNotification($token)
{ {
Activity::event('login.reset-password') Activity::event('auth:reset-password')
->withRequestMetadata() ->withRequestMetadata()
->subject($this) ->subject($this)
->log('sending password reset email'); ->log('sending password reset email');

View File

@ -8,6 +8,8 @@ use Illuminate\Support\Str;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Models\Backup; use Pterodactyl\Models\Backup;
use Pterodactyl\Models\ApiKey;
use Pterodactyl\Models\UserSSHKey;
use Illuminate\Support\Facades\URL; use Illuminate\Support\Facades\URL;
use Illuminate\Pagination\Paginator; use Illuminate\Pagination\Paginator;
use Illuminate\Support\Facades\Schema; use Illuminate\Support\Facades\Schema;
@ -39,8 +41,10 @@ class AppServiceProvider extends ServiceProvider
} }
Relation::enforceMorphMap([ Relation::enforceMorphMap([
'api_key' => ApiKey::class,
'backup' => Backup::class, 'backup' => Backup::class,
'server' => Server::class, 'server' => Server::class,
'ssh_key' => UserSSHKey::class,
'user' => User::class, 'user' => User::class,
]); ]);
} }

View File

@ -5,8 +5,8 @@ namespace Pterodactyl\Services\Activity;
use Illuminate\Support\Arr; use Illuminate\Support\Arr;
use Webmozart\Assert\Assert; use Webmozart\Assert\Assert;
use Illuminate\Support\Collection; use Illuminate\Support\Collection;
use Pterodactyl\Models\ActivityLog;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Pterodactyl\Models\ActivityLog;
use Illuminate\Contracts\Auth\Factory; use Illuminate\Contracts\Auth\Factory;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\Request; use Illuminate\Support\Facades\Request;
@ -148,6 +148,11 @@ class ActivityLogService
try { try {
return $this->save(); return $this->save();
} catch (\Throwable|\Exception $exception) { } catch (\Throwable|\Exception $exception) {
if (config('app.env') !== 'production') {
/* @noinspection PhpUnhandledExceptionInspection */
throw $exception;
}
Log::error($exception); Log::error($exception);
} }

View File

@ -2,7 +2,8 @@
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
use Pterodactyl\Http\Controllers\Api\Client; use Pterodactyl\Http\Controllers\Api\Client;
use Pterodactyl\Http\Middleware\ServerActivityLogs; use Pterodactyl\Http\Middleware\ServerActivitySubject;
use Pterodactyl\Http\Middleware\AccountActivitySubject;
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication; use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
use Pterodactyl\Http\Middleware\Api\Client\Server\ResourceBelongsToServer; use Pterodactyl\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;
use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess; use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
@ -18,7 +19,7 @@ use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index'); Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');
Route::get('/permissions', [Client\ClientController::class, 'permissions']); Route::get('/permissions', [Client\ClientController::class, 'permissions']);
Route::group(['prefix' => '/account'], function () { Route::prefix('/account')->middleware(AccountActivitySubject::class)->group(function () {
Route::prefix('/')->withoutMiddleware(RequireTwoFactorAuthentication::class)->group(function () { Route::prefix('/')->withoutMiddleware(RequireTwoFactorAuthentication::class)->group(function () {
Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account'); Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account');
Route::get('/two-factor', [Client\TwoFactorController::class, 'index']); Route::get('/two-factor', [Client\TwoFactorController::class, 'index']);
@ -51,7 +52,7 @@ Route::group(['prefix' => '/account'], function () {
Route::group([ Route::group([
'prefix' => '/servers/{server}', 'prefix' => '/servers/{server}',
'middleware' => [ 'middleware' => [
ServerActivityLogs::class, ServerActivitySubject::class,
AuthenticateServerAccess::class, AuthenticateServerAccess::class,
ResourceBelongsToServer::class, ResourceBelongsToServer::class,
], ],