Log activity when modifying account details
This commit is contained in:
DaneEveritt
parent
0b2c0db170
commit
287fd60891
15 changed files with 85 additions and 57 deletions
|
|
@ -6,6 +6,7 @@ use Illuminate\Http\Request;
|
||||||
use Illuminate\Http\Response;
|
use Illuminate\Http\Response;
|
||||||
use Illuminate\Auth\AuthManager;
|
use Illuminate\Auth\AuthManager;
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
|
use Pterodactyl\Facades\Activity;
|
||||||
use Pterodactyl\Services\Users\UserUpdateService;
|
use Pterodactyl\Services\Users\UserUpdateService;
|
||||||
use Pterodactyl\Transformers\Api\Client\AccountTransformer;
|
use Pterodactyl\Transformers\Api\Client\AccountTransformer;
|
||||||
use Pterodactyl\Http\Requests\Api\Client\Account\UpdateEmailRequest;
|
use Pterodactyl\Http\Requests\Api\Client\Account\UpdateEmailRequest;
|
||||||
|
|
@ -43,14 +44,16 @@ class AccountController extends ClientApiController
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Update the authenticated user's email address.
|
* Update the authenticated user's email address.
|
||||||
*
|
|
||||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
|
||||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
|
||||||
*/
|
*/
|
||||||
public function updateEmail(UpdateEmailRequest $request): JsonResponse
|
public function updateEmail(UpdateEmailRequest $request): JsonResponse
|
||||||
{
|
{
|
||||||
|
$original = $request->user()->email;
|
||||||
$this->updateService->handle($request->user(), $request->validated());
|
$this->updateService->handle($request->user(), $request->validated());
|
||||||
|
|
||||||
|
Activity::event('user:account.email-changed')
|
||||||
|
->property(['old' => $original, 'new' => $request->input('email')])
|
||||||
|
->log();
|
||||||
|
|
||||||
return new JsonResponse([], Response::HTTP_NO_CONTENT);
|
return new JsonResponse([], Response::HTTP_NO_CONTENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -76,6 +79,8 @@ class AccountController extends ClientApiController
|
||||||
$guard->logoutOtherDevices($request->input('password'));
|
$guard->logoutOtherDevices($request->input('password'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Activity::event('user:account.password-changed')->log();
|
||||||
|
|
||||||
return new JsonResponse([], Response::HTTP_NO_CONTENT);
|
return new JsonResponse([], Response::HTTP_NO_CONTENT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,47 +4,14 @@ namespace Pterodactyl\Http\Controllers\Api\Client;
|
||||||
|
|
||||||
use Pterodactyl\Models\ApiKey;
|
use Pterodactyl\Models\ApiKey;
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
|
use Pterodactyl\Facades\Activity;
|
||||||
use Pterodactyl\Exceptions\DisplayException;
|
use Pterodactyl\Exceptions\DisplayException;
|
||||||
use Illuminate\Contracts\Encryption\Encrypter;
|
|
||||||
use Pterodactyl\Services\Api\KeyCreationService;
|
|
||||||
use Pterodactyl\Repositories\Eloquent\ApiKeyRepository;
|
|
||||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||||
use Pterodactyl\Transformers\Api\Client\ApiKeyTransformer;
|
use Pterodactyl\Transformers\Api\Client\ApiKeyTransformer;
|
||||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
||||||
use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest;
|
use Pterodactyl\Http\Requests\Api\Client\Account\StoreApiKeyRequest;
|
||||||
|
|
||||||
class ApiKeyController extends ClientApiController
|
class ApiKeyController extends ClientApiController
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var \Pterodactyl\Services\Api\KeyCreationService
|
|
||||||
*/
|
|
||||||
private $keyCreationService;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \Illuminate\Contracts\Encryption\Encrypter
|
|
||||||
*/
|
|
||||||
private $encrypter;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \Pterodactyl\Repositories\Eloquent\ApiKeyRepository
|
|
||||||
*/
|
|
||||||
private $repository;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* ApiKeyController constructor.
|
|
||||||
*/
|
|
||||||
public function __construct(
|
|
||||||
Encrypter $encrypter,
|
|
||||||
KeyCreationService $keyCreationService,
|
|
||||||
ApiKeyRepository $repository
|
|
||||||
) {
|
|
||||||
parent::__construct();
|
|
||||||
|
|
||||||
$this->encrypter = $encrypter;
|
|
||||||
$this->keyCreationService = $keyCreationService;
|
|
||||||
$this->repository = $repository;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns all of the API keys that exist for the given client.
|
* Returns all of the API keys that exist for the given client.
|
||||||
*
|
*
|
||||||
|
|
@ -75,6 +42,11 @@ class ApiKeyController extends ClientApiController
|
||||||
$request->input('allowed_ips')
|
$request->input('allowed_ips')
|
||||||
);
|
);
|
||||||
|
|
||||||
|
Activity::event('user:api-key.create')
|
||||||
|
->subject($token->accessToken)
|
||||||
|
->property('identifier', $token->accessToken->identifier)
|
||||||
|
->log();
|
||||||
|
|
||||||
return $this->fractal->item($token->accessToken)
|
return $this->fractal->item($token->accessToken)
|
||||||
->transformWith($this->getTransformer(ApiKeyTransformer::class))
|
->transformWith($this->getTransformer(ApiKeyTransformer::class))
|
||||||
->addMeta(['secret_token' => $token->plainTextToken])
|
->addMeta(['secret_token' => $token->plainTextToken])
|
||||||
|
|
@ -88,15 +60,16 @@ class ApiKeyController extends ClientApiController
|
||||||
*/
|
*/
|
||||||
public function delete(ClientApiRequest $request, string $identifier)
|
public function delete(ClientApiRequest $request, string $identifier)
|
||||||
{
|
{
|
||||||
$response = $this->repository->deleteWhere([
|
$key = $request->user()->apiKeys()
|
||||||
'key_type' => ApiKey::TYPE_ACCOUNT,
|
->where('key_type', ApiKey::TYPE_ACCOUNT)
|
||||||
'user_id' => $request->user()->id,
|
->where('identifier', $identifier)
|
||||||
'identifier' => $identifier,
|
->first();
|
||||||
]);
|
|
||||||
|
|
||||||
if (!$response) {
|
Activity::event('user:api-key.delete')
|
||||||
throw new NotFoundHttpException();
|
->property('identifer', $key->identifer)
|
||||||
}
|
->log();
|
||||||
|
|
||||||
|
$key->delete();
|
||||||
|
|
||||||
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
|
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
namespace Pterodactyl\Http\Controllers\Api\Client;
|
namespace Pterodactyl\Http\Controllers\Api\Client;
|
||||||
|
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
|
use Pterodactyl\Facades\Activity;
|
||||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||||
use Pterodactyl\Transformers\Api\Client\UserSSHKeyTransformer;
|
use Pterodactyl\Transformers\Api\Client\UserSSHKeyTransformer;
|
||||||
use Pterodactyl\Http\Requests\Api\Client\Account\StoreSSHKeyRequest;
|
use Pterodactyl\Http\Requests\Api\Client\Account\StoreSSHKeyRequest;
|
||||||
|
|
@ -31,6 +32,11 @@ class SSHKeyController extends ClientApiController
|
||||||
'fingerprint' => $request->getKeyFingerprint(),
|
'fingerprint' => $request->getKeyFingerprint(),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
Activity::event('user:ssh-key.create')
|
||||||
|
->subject($model)
|
||||||
|
->property('fingerprint', $request->getKeyFingerprint())
|
||||||
|
->log();
|
||||||
|
|
||||||
return $this->fractal->item($model)
|
return $this->fractal->item($model)
|
||||||
->transformWith($this->getTransformer(UserSSHKeyTransformer::class))
|
->transformWith($this->getTransformer(UserSSHKeyTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
|
|
@ -41,7 +47,14 @@ class SSHKeyController extends ClientApiController
|
||||||
*/
|
*/
|
||||||
public function delete(ClientApiRequest $request, string $identifier): JsonResponse
|
public function delete(ClientApiRequest $request, string $identifier): JsonResponse
|
||||||
{
|
{
|
||||||
$request->user()->sshKeys()->where('fingerprint', $identifier)->delete();
|
$key = $request->user()->sshKeys()->where('fingerprint', $identifier)->firstOrFail();
|
||||||
|
|
||||||
|
$key->delete();
|
||||||
|
|
||||||
|
Activity::event('user:ssh-key.delete')
|
||||||
|
->subject($key)
|
||||||
|
->property('fingerprint', $key->fingerprint)
|
||||||
|
->log();
|
||||||
|
|
||||||
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
|
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ use Carbon\Carbon;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Http\Response;
|
use Illuminate\Http\Response;
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
|
use Pterodactyl\Facades\Activity;
|
||||||
use Illuminate\Contracts\Validation\Factory;
|
use Illuminate\Contracts\Validation\Factory;
|
||||||
use Illuminate\Validation\ValidationException;
|
use Illuminate\Validation\ValidationException;
|
||||||
use Pterodactyl\Services\Users\TwoFactorSetupService;
|
use Pterodactyl\Services\Users\TwoFactorSetupService;
|
||||||
|
|
@ -89,6 +90,8 @@ class TwoFactorController extends ClientApiController
|
||||||
|
|
||||||
$tokens = $this->toggleTwoFactorService->handle($request->user(), $request->input('code'), true);
|
$tokens = $this->toggleTwoFactorService->handle($request->user(), $request->input('code'), true);
|
||||||
|
|
||||||
|
Activity::event('user:two-factor.create')->log();
|
||||||
|
|
||||||
return new JsonResponse([
|
return new JsonResponse([
|
||||||
'object' => 'recovery_tokens',
|
'object' => 'recovery_tokens',
|
||||||
'attributes' => [
|
'attributes' => [
|
||||||
|
|
@ -117,6 +120,8 @@ class TwoFactorController extends ClientApiController
|
||||||
'use_totp' => false,
|
'use_totp' => false,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
Activity::event('user:two-factor.delete')->log();
|
||||||
|
|
||||||
return new JsonResponse([], Response::HTTP_NO_CONTENT);
|
return new JsonResponse([], Response::HTTP_NO_CONTENT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ class BackupStatusController extends Controller
|
||||||
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
|
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$action = $request->boolean('successful') ? 'server:backup.complete' : 'server:backup.failed';
|
$action = $request->boolean('successful') ? 'server:backup.complete' : 'server:backup.fail';
|
||||||
$log = Activity::event($action)->subject($model, $model->server)->property('name', $model->name);
|
$log = Activity::event($action)->subject($model, $model->server)->property('name', $model->name);
|
||||||
|
|
||||||
$log->transaction(function () use ($model, $request) {
|
$log->transaction(function () use ($model, $request) {
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,7 @@ class LoginController extends AbstractLoginController
|
||||||
return $this->sendLoginResponse($user, $request);
|
return $this->sendLoginResponse($user, $request);
|
||||||
}
|
}
|
||||||
|
|
||||||
Activity::event('login.checkpoint')->withRequestMetadata()->subject($user)->log();
|
Activity::event('auth:checkpoint')->withRequestMetadata()->subject($user)->log();
|
||||||
|
|
||||||
$request->session()->put('auth_confirmation_token', [
|
$request->session()->put('auth_confirmation_token', [
|
||||||
'user_id' => $user->id,
|
'user_id' => $user->id,
|
||||||
|
|
|
||||||
22
app/Http/Middleware/AccountActivitySubject.php
Normal file
22
app/Http/Middleware/AccountActivitySubject.php
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Http\Middleware;
|
||||||
|
|
||||||
|
use Closure;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
use Pterodactyl\Facades\LogTarget;
|
||||||
|
|
||||||
|
class AccountActivitySubject
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Sets the actor and default subject for all requests passing through this
|
||||||
|
* middleware to be the currently logged in user.
|
||||||
|
*/
|
||||||
|
public function handle(Request $request, Closure $next)
|
||||||
|
{
|
||||||
|
LogTarget::setActor($request->user());
|
||||||
|
LogTarget::setSubject($request->user());
|
||||||
|
|
||||||
|
return $next($request);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -7,7 +7,7 @@ use Illuminate\Http\Request;
|
||||||
use Pterodactyl\Models\Server;
|
use Pterodactyl\Models\Server;
|
||||||
use Pterodactyl\Facades\LogTarget;
|
use Pterodactyl\Facades\LogTarget;
|
||||||
|
|
||||||
class ServerActivityLogs
|
class ServerActivitySubject
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Attempts to automatically scope all of the activity log events registered
|
* Attempts to automatically scope all of the activity log events registered
|
||||||
|
|
@ -29,7 +29,7 @@ class AuthenticationListener implements SubscribesToEvents
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$activity->event($event instanceof Failed ? 'login.failed' : 'login.success')->log();
|
$activity->event($event instanceof Failed ? 'auth:fail' : 'auth:success')->log();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function subscribe(Dispatcher $events): void
|
public function subscribe(Dispatcher $events): void
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ class PasswordResetListener
|
||||||
|
|
||||||
public function handle(PasswordReset $event)
|
public function handle(PasswordReset $event)
|
||||||
{
|
{
|
||||||
Activity::event('login.password-reset')
|
Activity::event('event:password-reset')
|
||||||
->withRequestMetadata()
|
->withRequestMetadata()
|
||||||
->subject($event->user)
|
->subject($event->user)
|
||||||
->log();
|
->log();
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ class TwoFactorListener
|
||||||
{
|
{
|
||||||
public function handle(ProvidedAuthenticationToken $event)
|
public function handle(ProvidedAuthenticationToken $event)
|
||||||
{
|
{
|
||||||
Activity::event($event->recovery ? 'login.recovery-token' : 'login.token')
|
Activity::event($event->recovery ? 'auth:recovery-token' : 'auth:token')
|
||||||
->withRequestMetadata()
|
->withRequestMetadata()
|
||||||
->subject($event->user)
|
->subject($event->user)
|
||||||
->log();
|
->log();
|
||||||
|
|
|
||||||
|
|
@ -216,7 +216,7 @@ class User extends Model implements
|
||||||
*/
|
*/
|
||||||
public function sendPasswordResetNotification($token)
|
public function sendPasswordResetNotification($token)
|
||||||
{
|
{
|
||||||
Activity::event('login.reset-password')
|
Activity::event('auth:reset-password')
|
||||||
->withRequestMetadata()
|
->withRequestMetadata()
|
||||||
->subject($this)
|
->subject($this)
|
||||||
->log('sending password reset email');
|
->log('sending password reset email');
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@ use Illuminate\Support\Str;
|
||||||
use Pterodactyl\Models\User;
|
use Pterodactyl\Models\User;
|
||||||
use Pterodactyl\Models\Server;
|
use Pterodactyl\Models\Server;
|
||||||
use Pterodactyl\Models\Backup;
|
use Pterodactyl\Models\Backup;
|
||||||
|
use Pterodactyl\Models\ApiKey;
|
||||||
|
use Pterodactyl\Models\UserSSHKey;
|
||||||
use Illuminate\Support\Facades\URL;
|
use Illuminate\Support\Facades\URL;
|
||||||
use Illuminate\Pagination\Paginator;
|
use Illuminate\Pagination\Paginator;
|
||||||
use Illuminate\Support\Facades\Schema;
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
|
@ -39,8 +41,10 @@ class AppServiceProvider extends ServiceProvider
|
||||||
}
|
}
|
||||||
|
|
||||||
Relation::enforceMorphMap([
|
Relation::enforceMorphMap([
|
||||||
|
'api_key' => ApiKey::class,
|
||||||
'backup' => Backup::class,
|
'backup' => Backup::class,
|
||||||
'server' => Server::class,
|
'server' => Server::class,
|
||||||
|
'ssh_key' => UserSSHKey::class,
|
||||||
'user' => User::class,
|
'user' => User::class,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,8 @@ namespace Pterodactyl\Services\Activity;
|
||||||
use Illuminate\Support\Arr;
|
use Illuminate\Support\Arr;
|
||||||
use Webmozart\Assert\Assert;
|
use Webmozart\Assert\Assert;
|
||||||
use Illuminate\Support\Collection;
|
use Illuminate\Support\Collection;
|
||||||
use Pterodactyl\Models\ActivityLog;
|
|
||||||
use Illuminate\Support\Facades\Log;
|
use Illuminate\Support\Facades\Log;
|
||||||
|
use Pterodactyl\Models\ActivityLog;
|
||||||
use Illuminate\Contracts\Auth\Factory;
|
use Illuminate\Contracts\Auth\Factory;
|
||||||
use Illuminate\Database\Eloquent\Model;
|
use Illuminate\Database\Eloquent\Model;
|
||||||
use Illuminate\Support\Facades\Request;
|
use Illuminate\Support\Facades\Request;
|
||||||
|
|
@ -148,6 +148,11 @@ class ActivityLogService
|
||||||
try {
|
try {
|
||||||
return $this->save();
|
return $this->save();
|
||||||
} catch (\Throwable|\Exception $exception) {
|
} catch (\Throwable|\Exception $exception) {
|
||||||
|
if (config('app.env') !== 'production') {
|
||||||
|
/* @noinspection PhpUnhandledExceptionInspection */
|
||||||
|
throw $exception;
|
||||||
|
}
|
||||||
|
|
||||||
Log::error($exception);
|
Log::error($exception);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,8 @@
|
||||||
|
|
||||||
use Illuminate\Support\Facades\Route;
|
use Illuminate\Support\Facades\Route;
|
||||||
use Pterodactyl\Http\Controllers\Api\Client;
|
use Pterodactyl\Http\Controllers\Api\Client;
|
||||||
use Pterodactyl\Http\Middleware\ServerActivityLogs;
|
use Pterodactyl\Http\Middleware\ServerActivitySubject;
|
||||||
|
use Pterodactyl\Http\Middleware\AccountActivitySubject;
|
||||||
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
||||||
use Pterodactyl\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;
|
use Pterodactyl\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;
|
||||||
use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
|
use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
|
||||||
|
|
@ -18,7 +19,7 @@ use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
|
||||||
Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');
|
Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');
|
||||||
Route::get('/permissions', [Client\ClientController::class, 'permissions']);
|
Route::get('/permissions', [Client\ClientController::class, 'permissions']);
|
||||||
|
|
||||||
Route::group(['prefix' => '/account'], function () {
|
Route::prefix('/account')->middleware(AccountActivitySubject::class)->group(function () {
|
||||||
Route::prefix('/')->withoutMiddleware(RequireTwoFactorAuthentication::class)->group(function () {
|
Route::prefix('/')->withoutMiddleware(RequireTwoFactorAuthentication::class)->group(function () {
|
||||||
Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account');
|
Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account');
|
||||||
Route::get('/two-factor', [Client\TwoFactorController::class, 'index']);
|
Route::get('/two-factor', [Client\TwoFactorController::class, 'index']);
|
||||||
|
|
@ -51,7 +52,7 @@ Route::group(['prefix' => '/account'], function () {
|
||||||
Route::group([
|
Route::group([
|
||||||
'prefix' => '/servers/{server}',
|
'prefix' => '/servers/{server}',
|
||||||
'middleware' => [
|
'middleware' => [
|
||||||
ServerActivityLogs::class,
|
ServerActivitySubject::class,
|
||||||
AuthenticateServerAccess::class,
|
AuthenticateServerAccess::class,
|
||||||
ResourceBelongsToServer::class,
|
ResourceBelongsToServer::class,
|
||||||
],
|
],
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue