From afcba1a707ba237c3a61ef749675dcd4b38a62ad Mon Sep 17 00:00:00 2001
From: Ramya Ravi <72739416+ramyaravi-opsmx@users.noreply.github.com>
Date: Fri, 12 Aug 2022 23:51:26 +0530
Subject: [PATCH] Op 17001 audit tail exec v4.0 phase2 (#239)

* OP-15420: filterBy in gate v4.0

* OP-14834: invalidate session and throw SAMLAuthenticationException (#209) (#216)

* OP-14834: Check and update the token.

* OP-14834: Updated logs and packages.

* OP-14834: Only validates ExpiringUsernameAuthenticationToken.

* OP-14834: Only validates ExpiringUsernameAuthenticationToken.

* OP-14834: Added SamlAuthTokenUpdateFilter to the filter chain.

* OP-14834: Added SamlAuthTokenUpdateFilter to the filter chain after basic auth filter.

* OP-14834: redirect to logout

* OP-14834: throw AccessDeniedException

* OP-14834:redirect to /saml/login.

* OP-14834:redirect to /saml/sso.

* OP-14834: send html response

* OP-14834: clear context

* OP-14834: invalidate session

* OP-14834: and then logout

* OP-14834: clear context, invalidate session and redirect to log out url.

* OP-14834: invalidate session and throw SAMLAuthenticationException

* OP-14834: removed commented code.

* OP-14834: Updated the log message.

* OP-14834: Updated the certificate

* OP-16308: OP-16308: Wait and retry if connection fails. Also, css file missing fix. (#217) (#218)

* op-16538 op-16537 - Added autocomplete off in login page

* OP-16545: jquery upgraded to 3.6.0. (#224)

* OP-16992 : Added parameter for PipelineAndPolicy summarycount (#229) (#230)

* OP-16541: Added contentSecurityPolicy header.

* OP-16541: config change contentSecurityPolicy.

* OP-17106: Added SamlSsoEventPublishConfig to update ApplicationEventPublisher.

* OP-17106: get FilterChainProxy and then go for SAMLProcessingFilter to update ApplicationEventPublisher.

* OP-17106: code correction.

* OP-17106: added logs.

* OP-17106: Handling InteractiveAuthenticationSuccessEvent events also.

* OP-17106: Handling serialization issues.

* OP-17106: set details to null to remove some json serialization issues.

* OP-17106: Added AuditData.

* OP-17106: Setting name.

* OP-17106: Setting name via source.

* OP-17106: Refactored code.

* OP-17106: Added some comments.

* OP-17106: Refactored configs.

* OP-17106: Appending roles configs.

* OP-17106: Logs and comments.

* OP-17001: audit trail execution (#237)

* OP-17001: audit trail execution

* OP-17001: audit trail execution phase 2

* OP-17001: audit trail execution phase 3

Co-authored-by: arunkumaropsmx <arun.kumar@opsmx.io>
Co-authored-by: Rahul Chekuri <89373036+rahul-chekuri@users.noreply.github.com>
Co-authored-by: Sahiti Tarigoppula <sahiti.tarigoppula@opsmx.io>
Co-authored-by: Luthan95 <66585454+Luthan95@users.noreply.github.com>
Co-authored-by: Sudhakar Guvvalapall <sudhakar@opsmx.io>
Co-authored-by: rahul-chekuri <rahulgandhi.chekuri@opsmx.io>
Co-authored-by: Sri Harsha Kancharla <harsha.kancharla@opsmx.io>
---
 .../gate/audit/AuthenticationAuditListener.java  | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java
index 3bf753bed6..26f3b02649 100644
--- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java
+++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java
@@ -49,7 +49,7 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
       if (event.getAuthentication().isAuthenticated()
           && event instanceof InteractiveAuthenticationSuccessEvent) {
         log.debug("publishEvent InteractiveAuthenticationSuccessEvent");
-        handleAuthenticationEvent(event, AuditEventType.AUTHENTICATION_SUCCESSFUL_AUDIT);
+        handleInteractiveAuthenticationSuccessEvent(event);
         return;
       }
 
@@ -62,15 +62,6 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
         log.debug("publishEvent AbstractAuthenticationFailureEvent");
         auditHandler.publishEvent(AuditEventType.AUTHENTICATION_FAILURE_AUDIT, event);
       } else if (event instanceof LogoutSuccessEvent) {
-        if (event
-            .getAuthentication()
-            .getClass()
-            .getName()
-            .equals("org.springframework.security.providers.ExpiringUsernameAuthenticationToken")) {
-          log.debug("publishEvent LogoutSuccessEvent with ExpiringUsernameAuthenticationToken");
-          handleAuthenticationEvent(event, AuditEventType.SUCCESSFUL_USER_LOGOUT_AUDIT);
-          return;
-        }
         log.debug("publishEvent LogoutSuccessEvent");
         auditHandler.publishEvent(AuditEventType.SUCCESSFUL_USER_LOGOUT_AUDIT, event);
       }
@@ -80,8 +71,7 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
     }
   }
 
-  private void handleAuthenticationEvent(
-      AbstractAuthenticationEvent event, AuditEventType eventType) {
+  private void handleInteractiveAuthenticationSuccessEvent(AbstractAuthenticationEvent event) {
     AbstractAuthenticationToken auth = (AbstractAuthenticationToken) event.getAuthentication();
     String name = auth.getName();
     List<String> roles =
@@ -89,6 +79,6 @@ private void handleAuthenticationEvent(
             .map(GrantedAuthority::getAuthority)
             .collect(Collectors.toList());
     AuditData data = new AuditData(name, roles);
-    auditHandler.publishEvent(eventType, data);
+    auditHandler.publishEvent(AuditEventType.AUTHENTICATION_SUCCESSFUL_AUDIT, data);
   }
 }