Merge branch 'log_last_api' into develop

2022-08-11 09:36:30 +02:00 · 2022-08-11 09:36:30 +02:00 · c764bb0e8f
parent d3d042cf2a 64d508b4e3
commit c764bb0e8f
8 changed files with 5271 additions and 5247 deletions
--- a/app/Config/config.default.php
+++ b/app/Config/config.default.php
@ -71,6 +71,7 @@ $config = array(
        'enableOrgBlocklisting'          => true,
        'log_client_ip'                  => false,
        'log_auth'                       => false,
+        'store_api_access_time'          => false,
        'disableUserSelfManagement'      => false,
        'disable_user_login_change'      => false,
        'disable_user_password_change'   => false,
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -435,6 +435,10 @@ class AppController extends Controller
                        );
                        $this->Log->save($log);
                    }
+                    $storeAPITime = Configure::read('MISP.store_api_access_time');
+                    if (!empty($storeAPITime) && $storeAPITime) {
+                        $this->User->updateAPIAccessTime($user);
+                    }
                    $this->Session->renew();
                    $this->Session->write(AuthComponent::$sessionKey, $user);
                    $this->isApiAuthed = true;
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@ -445,6 +445,7 @@ class UsersController extends AppController
            'expiration',
            'current_login',
            'last_login',
+            'last_api_access',
            'force_logout',
            'date_created',
            'date_modified'
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@ -82,7 +82,7 @@ class AppModel extends Model
        69 => false, 70 => false, 71 => true, 72 => true, 73 => false, 74 => false,
        75 => false, 76 => true, 77 => false, 78 => false, 79 => false, 80 => false,
        81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false,
-        87 => false, 88 => false, 89 => false, 90 => false, 91 => false
+        87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false
    );

    const ADVANCED_UPDATES_DESCRIPTION = array(
@ -1831,6 +1831,9 @@ class AppModel extends Model
                      INDEX `timestamp` (`timestamp`)
                    ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;";
                    break;
+            case 92:
+                $sqlArray[] = "ALTER TABLE users ADD `last_api_access` INT(11) DEFAULT 0;";
+                break;
            case 'fixNonEmptySharingGroupID':
                $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
                $sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -5442,6 +5442,13 @@ class Server extends AppModel
                    'type' => 'string',
                    'null' => true,
                ),
+                'store_api_access_time' => array(
+                    'level' => 1,
+                    'description' => __('If enabled, MISP will capture the last API access time following a successful authentication using API keys, stored against a user under the last_api_access field.'),
+                    'value' => false,
+                    'test' => 'testBool',
+                    'type' => 'boolean',
+                ),
                'log_auth' => array(
                    'level' => 1,
                    'description' => __('If enabled, MISP will log all successful authentications using API keys. The requested URLs are also logged.'),
--- a/app/Model/User.php
+++ b/app/Model/User.php
@ -1404,6 +1404,22 @@ class User extends AppModel
        return $this->save($user, true, array('id', 'last_login', 'current_login'));
    }

+    /**
+     * Updates `last_api_access` time in database.
+     *
+     * @param array $user
+     * @return array|bool
+     * @throws Exception
+     */
+    public function updateAPIAccessTime(array $user)
+    {
+        if (!isset($user['id'])) {
+            throw new InvalidArgumentException("Invalid user object provided.");
+        }
+        $user['last_api_access'] = time();
+        return $this->save($user, true, array('id', 'last_api_access'));
+    }
+
    /**
     * Update field in user model and also set `date_modified`
     *
--- a/app/View/Users/admin_index.ctp
+++ b/app/View/Users/admin_index.ctp
@ -199,6 +199,14 @@
                        'class' => 'short',
                        'data_path' => 'User.date_created'
                    ),
+                    array(
+                        'name' => __('Last API Access'),
+                        'sort' => 'User.last_api_access',
+                        'element' => 'datetime',
+                        'class' => 'short',
+                        'data_path' => 'User.last_api_access',
+                        'requirement' => !empty(Configure::read('MISP.store_api_access_time')) && Configure::read('MISP.store_api_access_time', false)
+                    ),
                    array(
                        'name' => (Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : __('External Auth')),
                        'sort' => 'User.external_auth_required',
--- a/db_schema.json
+++ b/db_schema.json