send clientagent and clientversion

skadefro · skadefro · commit 19c90e40a3df · 2020-01-05T18:25:20.000+01:00
diff --git a/OpenFlow/src/Audit.ts b/OpenFlow/src/Audit.ts
@@ -1,22 +1,27 @@
-import { Base } from "./base";
+import { Base, Rights } from "./base";
 import { Config } from "./Config";
 import { TokenUser } from "./TokenUser";
 
 export class Audit {
-    public static LoginSuccess(user: TokenUser, type: string, provider: string, remoteip: string) {
+    public static LoginSuccess(user: TokenUser, type: string, provider: string, remoteip: string, clientagent: string, clientversion: string) {
         var log: Singin = new Singin();
+        log.addRight(user._id, user.name, [Rights.read]);
         log.remoteip = remoteip;
         log.success = true;
         log.type = type;
         log.provider = provider;
         log.userid = user._id;
         log.name = user.name;
         log.username = user.username;
+        log.clientagent = clientagent;
+        log.clientversion = clientversion;
         Config.db.InsertOne(log, "audit", 0, false, TokenUser.rootToken())
             .catch((error) => console.error("failed InsertOne in LoginSuccess: " + error));
     }
-    public static ImpersonateSuccess(user: TokenUser, impostor: TokenUser) {
+    public static ImpersonateSuccess(user: TokenUser, impostor: TokenUser, clientagent: string, clientversion: string) {
         var log: Singin = new Singin();
+        log.addRight(user._id, user.name, [Rights.read]);
+        log.addRight(impostor._id, impostor.name, [Rights.read]);
         log.success = true;
         log.type = "impersonate";
         log.userid = user._id;
@@ -25,27 +30,35 @@ export class Audit {
         log.impostoruserid = impostor._id;
         log.impostorname = impostor.name;
         log.impostorusername = impostor.username;
+        log.clientagent = clientagent;
+        log.clientversion = clientversion;
         Config.db.InsertOne(log, "audit", 0, false, TokenUser.rootToken())
             .catch((error) => console.error("failed InsertOne in ImpersonateSuccess: " + error));
     }
-    public static ImpersonateFailed(user: TokenUser, impostor_id: string) {
+    public static ImpersonateFailed(user: TokenUser, impostor_id: string, clientagent: string, clientversion: string) {
         var log: Singin = new Singin();
+        log.addRight(user._id, user.name, [Rights.read]);
         log.success = false;
         log.type = "impersonate";
         log.userid = user._id;
         log.name = user.name;
         log.username = user.username;
         log.impostoruserid = impostor_id;
+        log.clientagent = clientagent;
+        log.clientversion = clientversion;
         Config.db.InsertOne(log, "audit", 0, false, TokenUser.rootToken())
             .catch((error) => console.error("failed InsertOne in ImpersonateFailed: " + error));
     }
-    public static LoginFailed(username: string, type: string, provider: string, remoteip: string) {
+    public static LoginFailed(username: string, type: string, provider: string, remoteip: string, clientagent: string, clientversion: string) {
         var log: Singin = new Singin();
+        log._acl
         log.remoteip = remoteip;
         log.success = false;
         log.type = type;
         log.provider = provider;
         log.username = username;
+        log.clientagent = clientagent;
+        log.clientversion = clientversion;
         Config.db.InsertOne(log, "audit", 0, false, TokenUser.rootToken())
             .catch((error) => console.error("failed InsertOne in LoginFailed: " + error));
     }
@@ -60,6 +73,8 @@ export class Singin extends Base {
     public impostoruserid: string;
     public impostorname: string;
     public impostorusername: string;
+    public clientagent: string;
+    public clientversion: string;
     constructor() {
         super();
         this._type = "signin";
diff --git a/OpenFlow/src/LoginProvider.ts b/OpenFlow/src/LoginProvider.ts
@@ -557,11 +557,11 @@ export class LoginProvider {
                         await admins.Save(TokenUser.rootToken())
                     } else {
                         if (!(await user.ValidatePassword(password))) {
-                            Audit.LoginFailed(username, "weblogin", "local", "");
+                            Audit.LoginFailed(username, "weblogin", "local", "", "browser", "unknown");
                             return done(null, false);
                         }
                     }
-                    Audit.LoginSuccess(new TokenUser(user), "weblogin", "local", "");
+                    Audit.LoginSuccess(new TokenUser(user), "weblogin", "local", "", "browser", "unknown");
                     var provider: Provider = new Provider(); provider.provider = "local"; provider.name = "Local";
                     provider = await Config.db.InsertOne(provider, "config", 0, false, TokenUser.rootToken());
                     LoginProvider.login_providers.push(provider);
@@ -576,12 +576,12 @@ export class LoginProvider {
                     user = await User.ensureUser(TokenUser.rootToken(), username, username, null, password);
                 } else {
                     if (!(await user.ValidatePassword(password))) {
-                        Audit.LoginFailed(username, "weblogin", "local", "");
+                        Audit.LoginFailed(username, "weblogin", "local", "", "browser", "unknown");
                         return done(null, false);
                     }
                 }
                 tuser = new TokenUser(user);
-                Audit.LoginSuccess(tuser, "weblogin", "local", "");
+                Audit.LoginSuccess(tuser, "weblogin", "local", "", "browser", "unknown");
                 return done(null, tuser);
             } catch (error) {
                 done(error);
@@ -704,12 +704,12 @@ export class LoginProvider {
         }
 
         if (Util.IsNullUndefinded(_user)) {
-            Audit.LoginFailed(username, "weblogin", "saml", "");
+            Audit.LoginFailed(username, "weblogin", "saml", "", "samlverify", "unknown");
             done("unknown user " + username, null); return;
         }
 
         var tuser: TokenUser = new TokenUser(_user);
-        Audit.LoginSuccess(tuser, "weblogin", "saml", "");
+        Audit.LoginSuccess(tuser, "weblogin", "saml", "", "samlverify", "unknown");
         done(null, tuser);
     }
     static async googleverify(token: string, tokenSecret: string, profile: any, done: IVerifyFunction): Promise<void> {
@@ -738,11 +738,11 @@ export class LoginProvider {
             }
         }
         if (Util.IsNullUndefinded(_user)) {
-            Audit.LoginFailed(username, "weblogin", "google", "");
+            Audit.LoginFailed(username, "weblogin", "google", "", "googleverify", "unknown");
             done("unknown user " + username, null); return;
         }
         var tuser: TokenUser = new TokenUser(_user);
-        Audit.LoginSuccess(tuser, "weblogin", "google", "");
+        Audit.LoginSuccess(tuser, "weblogin", "google", "", "googleverify", "unknown");
         done(null, tuser);
     }
 
diff --git a/OpenFlow/src/Messages/Message.ts b/OpenFlow/src/Messages/Message.ts
@@ -562,19 +562,21 @@ export class Message {
                 user = await Auth.ValidateByPassword(msg.username, msg.password);
                 tuser = new TokenUser(user);
             }
+            cli.clientagent = msg.clientagent;
+            cli.clientversion = msg.clientversion;
             if (user === null || user === undefined || tuser === null || tuser === undefined) {
                 msg.error = "Unknown username or password";
-                Audit.LoginFailed(tuser.username, type, "websocket", cli.remoteip);
+                Audit.LoginFailed(tuser.username, type, "websocket", cli.remoteip, cli.clientagent, cli.clientversion);
                 cli._logger.debug(tuser.username + " failed logging in using " + type);
             } else {
-                Audit.LoginSuccess(tuser, type, "websocket", cli.remoteip);
+                Audit.LoginSuccess(tuser, type, "websocket", cli.remoteip, cli.clientagent, cli.clientversion);
                 var userid: string = user._id;
                 msg.jwt = Crypt.createToken(tuser, "5m");
                 msg.user = tuser;
                 if (msg.impersonate !== undefined && msg.impersonate !== null && msg.impersonate !== "") {
                     var items = await Config.db.query({ _id: msg.impersonate }, null, 1, 0, null, "users", msg.jwt);
                     if (items.length == 0) {
-                        Audit.ImpersonateFailed(tuser, msg.impersonate);
+                        Audit.ImpersonateFailed(tuser, msg.impersonate, cli.clientagent, cli.clientversion);
                         throw new Error("Permission denied, impersonating " + msg.impersonate);
                     }
                     var tuserimpostor = tuser;
@@ -586,7 +588,7 @@ export class Message {
                     tuser.impostor = userid;
                     msg.jwt = Crypt.createToken(tuser, "5m");
                     msg.user = tuser;
-                    Audit.ImpersonateSuccess(tuser, tuserimpostor);
+                    Audit.ImpersonateSuccess(tuser, tuserimpostor, cli.clientagent, cli.clientversion);
                 }
                 if (msg.firebasetoken != null && msg.firebasetoken != undefined && msg.firebasetoken != "") {
                     user.firebasetoken = msg.firebasetoken;
@@ -614,6 +616,8 @@ export class Message {
                 if (msg.impersonate === undefined || msg.impersonate === null || msg.impersonate === "") {
                     user.lastseen = new Date(new Date().toISOString());
                 }
+                user._lastclientagent = cli.clientagent;
+                user._lastclientversion = cli.clientversion;
                 await user.Save(TokenUser.rootToken());
             }
         } catch (error) {
diff --git a/OpenFlow/src/Messages/SigninMessage.ts b/OpenFlow/src/Messages/SigninMessage.ts
@@ -11,6 +11,8 @@ export class SigninMessage implements IReplyMessage {
     public gpslocation: any;
     public device: any;
     public websocket_package_size: number;
+    public clientagent: string;
+    public clientversion: string;
 
     public validate_only: boolean = false;
     public username: string;
diff --git a/OpenFlow/src/SamlProvider.ts b/OpenFlow/src/SamlProvider.ts
@@ -82,7 +82,7 @@ export class SamlProvider {
                 var tuser: TokenUser = new TokenUser(req.user);
                 var remoteip = "";
                 if (req.connection) { remoteip = req.connection.remoteAddress; }
-                Audit.LoginSuccess(tuser, "tokenissued", "saml", remoteip);
+                Audit.LoginSuccess(tuser, "tokenissued", "saml", remoteip, "getUserFromRequest", "unknown");
                 return req.user;
             },
             profileMapper: SamlProvider.profileMapper,
diff --git a/OpenFlow/src/User.ts b/OpenFlow/src/User.ts
@@ -23,6 +23,11 @@ export class User extends Base {
     }
     noderedname: string;
     lastseen: Date;
+    _heartbeat: Date;
+    _rpaheartbeat: Date;
+    _noderedheartbeat: Date;
+    _lastclientagent: string;
+    _lastclientversion: string;
     username: string;
     passwordhash: string;
     sid: string;
diff --git a/OpenFlow/src/WebSocketClient.ts b/OpenFlow/src/WebSocketClient.ts
@@ -39,6 +39,8 @@ export class WebSocketClient {
     private _sendQueue: SocketMessage[];
     public messageQueue: IHashTable<QueuedMessage> = {};
     public remoteip: string;
+    public clientagent: string;
+    public clientversion: string;
 
     user: User;
     public consumers: amqp_consumer[] = [];
diff --git a/OpenFlow/src/WebSocketServer.ts b/OpenFlow/src/WebSocketServer.ts
@@ -69,7 +69,11 @@ export class WebSocketServer {
             var cli = WebSocketServer._clients[i];
             if (cli.user != null) {
                 // Lets assume only robots register queues ( not true )
-                if (cli.consumers != null && cli.consumers.length > 0) {
+                if (cli.clientagent == "openrpa") {
+                    Config.db.db.collection("users").updateOne({ _id: cli.user._id },
+                        { $set: { _rpaheartbeat: new Date(new Date().toISOString()), _heartbeat: new Date(new Date().toISOString()) } });
+                }
+                else if (cli.consumers != null && cli.consumers.length > 0) {
                     // Should proberly turn this a little down, so we dont update all online users every 10th second
                     Config.db.db.collection("users").updateOne({ _id: cli.user._id }, { $set: { _heartbeat: new Date(new Date().toISOString()) } });
                 }
diff --git a/OpenFlow/src/public/CommonControllers.ts b/OpenFlow/src/public/CommonControllers.ts
@@ -119,8 +119,11 @@ module openflow {
             q.jwt = jwt;
             q.rawAssertion = rawAssertion;
             q.realm = "browser";
+            q.clientagent = "webapp";
+            q.clientversion = this.WebSocketClient.version;
             if (this.WebSocketClient.usingCordova) {
                 q.realm = "mobile";
+                q.clientagent = "mobileapp";
             }
             q.impersonate = impersonate;
             q.onesignalid = this.WebSocketClient.oneSignalId;
@@ -138,8 +141,11 @@ module openflow {
             q.username = username;
             q.password = password;
             q.realm = "browser";
+            q.clientagent = "webapp";
+            q.clientversion = this.WebSocketClient.version;
             if (this.WebSocketClient.usingCordova) {
                 q.realm = "mobile";
+                q.clientagent = "mobileapp";
             }
             q.impersonate = impersonate;
             q.onesignalid = this.WebSocketClient.oneSignalId;
diff --git a/OpenFlow/src/public/Message.ts b/OpenFlow/src/public/Message.ts
@@ -42,6 +42,8 @@ module openflow {
     export class SigninMessage {
         public error: string;
 
+        public clientagent: string;
+        public clientversion: string;
         public impersonate: string;
         public realm: string;
         public firebasetoken: string;
diff --git a/OpenFlowNodeRED/src/Config.ts b/OpenFlowNodeRED/src/Config.ts
@@ -1,8 +1,10 @@
 import * as https from "https";
 import * as retry from "async-retry";
+import * as fs from "fs";
 import { fetch, toPassportConfig } from "passport-saml-metadata";
 import { NoderedUtil } from "./nodered/nodes/NoderedUtil";
 export class Config {
+    public static version: string = fs.readFileSync("VERSION", "utf8");;
     public static nodered_id: string = Config.getEnv("nodered_id", "1");
     public static nodered_sa: string = Config.getEnv("nodered_sa", "");
     public static queue_prefix: string = Config.getEnv("queue_prefix", "");
diff --git a/OpenFlowNodeRED/src/Message.ts b/OpenFlowNodeRED/src/Message.ts
@@ -50,9 +50,11 @@ export class SocketMessage {
 export class SigninMessage {
     public error: string;
 
-    public validate_only: boolean = false;
     public username: string;
     public password: string;
+    public validate_only: boolean = false;
+    public clientagent: string;
+    public clientversion: string;
     public user: TokenUser;
     public jwt: string;
     public rawAssertion: string;
diff --git a/OpenFlowNodeRED/src/WebServer.ts b/OpenFlowNodeRED/src/WebServer.ts
@@ -16,7 +16,6 @@ import { nodered_settings } from "./nodered_settings";
 import { Config } from "./Config";
 import { WebSocketClient } from "./WebSocketClient";
 import { noderedcontribopenflowstorage } from "./node-red-contrib-openflow-storage";
-import { SigninMessage, Message } from "./Message";
 import { noderedcontribmiddlewareauth } from "./node-red-contrib-middleware-auth";
 
 import * as passport from "passport";
diff --git a/OpenFlowNodeRED/src/WebSocketClient.ts b/OpenFlowNodeRED/src/WebSocketClient.ts
@@ -1,4 +1,4 @@
-import { SocketMessage, TokenUser, SigninMessage, Message } from "./Message";
+import { SocketMessage, TokenUser, Message } from "./Message";
 import * as events from "events";
 import * as WebSocket from "ws";
 import winston = require("winston");
diff --git a/OpenFlowNodeRED/src/index.ts b/OpenFlowNodeRED/src/index.ts
@@ -34,6 +34,8 @@ function isNumeric(num) {
 
             var c = Config;
             var q: SigninMessage = new SigninMessage();
+            q.clientagent = "nodered";
+            q.clientversion = Config.version;
             if (Config.jwt !== "") {
                 q.jwt = Config.jwt;
             } else if (Crypt.encryption_key() !== "") {
diff --git a/OpenFlowNodeRED/src/node-red-contrib-middleware-auth.ts b/OpenFlowNodeRED/src/node-red-contrib-middleware-auth.ts
@@ -49,6 +49,8 @@ export class noderedcontribmiddlewareauth {
             try {
                 var q: SigninMessage = new SigninMessage();
                 q.username = login; q.password = password; q.validate_only = true;
+                q.clientagent = "nodered";
+                q.clientversion = Config.version;
                 var msg: Message = new Message(); msg.command = "signin"; msg.data = JSON.stringify(q);
                 var result: SigninMessage = await socket.Send<SigninMessage>(msg);
                 if (result.user != null) {
diff --git a/OpenFlowNodeRED/src/nodered/nodes/NoderedUtil.ts b/OpenFlowNodeRED/src/nodered/nodes/NoderedUtil.ts
@@ -189,6 +189,8 @@ export class NoderedUtil {
     }
     public static async GetToken(username: string, password: string): Promise<SigninMessage> {
         var q: SigninMessage = new SigninMessage(); q.validate_only = true;
+        q.clientagent = "nodered";
+        q.clientversion = Config.version;
         if (!NoderedUtil.IsNullEmpty(username) && !NoderedUtil.IsNullEmpty(password)) {
             q.username = username; q.password = password;
         } else {
@@ -218,6 +220,8 @@ export class NoderedUtil {
     }
     public static async GetTokenFromSAML(rawAssertion: string): Promise<SigninMessage> {
         var q: SigninMessage = new SigninMessage(); q.validate_only = true;
+        q.clientagent = "nodered";
+        q.clientversion = Config.version;
         q.rawAssertion = rawAssertion;
         var _msg: Message = new Message();
         _msg.command = "signin"; _msg.data = JSON.stringify(q);
diff --git a/OpenFlowNodeRED/src/nodered/nodes/api_nodes.ts b/OpenFlowNodeRED/src/nodered/nodes/api_nodes.ts
@@ -62,6 +62,8 @@ export class api_get_jwt {
             if (!NoderedUtil.IsNullEmpty(msg.password)) { username = msg.password; }
 
             var q: SigninMessage = new SigninMessage(); q.validate_only = true;
+            q.clientagent = "nodered";
+            q.clientversion = Config.version;
             if (!NoderedUtil.IsNullEmpty(username) && !NoderedUtil.IsNullEmpty(password)) {
                 q.username = username; q.password = password;
             } else {
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.0.434
+0.0.435
diff --git a/gulpfile.js b/gulpfile.js
@@ -22,8 +22,9 @@ gulp.task("copyfiles1", function () {
     console.log("copyfiles1");
     var openflow = gulp.src(OpenFlowFiles).pipe(gulp.dest(destination));
     var nodered = gulp.src(NodeREDHTMLFiles).pipe(gulp.dest("OpenFlowNodeRED/dist/nodered/nodes"));
-    var version = gulp.src('./VERSION').pipe(gulp.dest("./dist"));
-    return merge(openflow, nodered, version);
+    var version1 = gulp.src('./VERSION').pipe(gulp.dest("./dist"));
+    var version2 = gulp.src('./VERSION').pipe(gulp.dest("OpenFlowNodeRED/dist"));
+    return merge(openflow, nodered, version1, version2);
 });
 gulp.task("watch", function () {
     return gulp.watch(NodeREDHTMLFiles.concat(OpenFlowFiles).concat('./VERSION'), gulp.series("copyfiles1"));

Original file line number	Diff line number	Diff line change
`@@ -557,11 +557,11 @@ export class LoginProvider {`
`557`	`557`	`await admins.Save(TokenUser.rootToken())`
`558`	`558`	`} else {`
`559`	`559`	`if (!(await user.ValidatePassword(password))) {`
`560`		`- Audit.LoginFailed(username, "weblogin", "local", "");`
	`560`	`+ Audit.LoginFailed(username, "weblogin", "local", "", "browser", "unknown");`
`561`	`561`	`return done(null, false);`
`562`	`562`	`}`
`563`	`563`	`}`
`564`		`- Audit.LoginSuccess(new TokenUser(user), "weblogin", "local", "");`
	`564`	`+ Audit.LoginSuccess(new TokenUser(user), "weblogin", "local", "", "browser", "unknown");`
`565`	`565`	`var provider: Provider = new Provider(); provider.provider = "local"; provider.name = "Local";`
`566`	`566`	`provider = await Config.db.InsertOne(provider, "config", 0, false, TokenUser.rootToken());`
`567`	`567`	`LoginProvider.login_providers.push(provider);`
`@@ -576,12 +576,12 @@ export class LoginProvider {`
`576`	`576`	`user = await User.ensureUser(TokenUser.rootToken(), username, username, null, password);`
`577`	`577`	`} else {`
`578`	`578`	`if (!(await user.ValidatePassword(password))) {`
`579`		`- Audit.LoginFailed(username, "weblogin", "local", "");`
	`579`	`+ Audit.LoginFailed(username, "weblogin", "local", "", "browser", "unknown");`
`580`	`580`	`return done(null, false);`
`581`	`581`	`}`
`582`	`582`	`}`
`583`	`583`	`tuser = new TokenUser(user);`
`584`		`- Audit.LoginSuccess(tuser, "weblogin", "local", "");`
	`584`	`+ Audit.LoginSuccess(tuser, "weblogin", "local", "", "browser", "unknown");`
`585`	`585`	`return done(null, tuser);`
`586`	`586`	`} catch (error) {`
`587`	`587`	`done(error);`
`@@ -704,12 +704,12 @@ export class LoginProvider {`
`704`	`704`	`}`
`705`	`705`
`706`	`706`	`if (Util.IsNullUndefinded(_user)) {`
`707`		`- Audit.LoginFailed(username, "weblogin", "saml", "");`
	`707`	`+ Audit.LoginFailed(username, "weblogin", "saml", "", "samlverify", "unknown");`
`708`	`708`	`done("unknown user " + username, null); return;`
`709`	`709`	`}`
`710`	`710`
`711`	`711`	`var tuser: TokenUser = new TokenUser(_user);`
`712`		`- Audit.LoginSuccess(tuser, "weblogin", "saml", "");`
	`712`	`+ Audit.LoginSuccess(tuser, "weblogin", "saml", "", "samlverify", "unknown");`
`713`	`713`	`done(null, tuser);`
`714`	`714`	`}`
`715`	`715`	`static async googleverify(token: string, tokenSecret: string, profile: any, done: IVerifyFunction): Promise<void> {`
`@@ -738,11 +738,11 @@ export class LoginProvider {`
`738`	`738`	`}`
`739`	`739`	`}`
`740`	`740`	`if (Util.IsNullUndefinded(_user)) {`
`741`		`- Audit.LoginFailed(username, "weblogin", "google", "");`
	`741`	`+ Audit.LoginFailed(username, "weblogin", "google", "", "googleverify", "unknown");`
`742`	`742`	`done("unknown user " + username, null); return;`
`743`	`743`	`}`
`744`	`744`	`var tuser: TokenUser = new TokenUser(_user);`
`745`		`- Audit.LoginSuccess(tuser, "weblogin", "google", "");`
	`745`	`+ Audit.LoginSuccess(tuser, "weblogin", "google", "", "googleverify", "unknown");`
`746`	`746`	`done(null, tuser);`
`747`	`747`	`}`
`748`	`748`