Kobe/docupulse
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

logging auth, conversations, and contacts

Browse Source
This commit is contained in:
Kobe
2025-05-30 13:48:07 +02:00
parent 9159817947
commit 7723cd0d70
6 changed files with 309 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
routes/__pycache__/auth.cpython-313.pyc
View File

Binary file not shown.

BIN
routes/__pycache__/contacts.cpython-313.pyc
View File

Binary file not shown.

BIN
routes/__pycache__/conversations.cpython-313.pyc
View File

Binary file not shown.

96
routes/auth.py
View File

@@ -2,8 +2,8 @@ from flask import render_template, request, flash, redirect, url_for
from flask_login import login_user, logout_user, login_required, current_user from flask_login import login_user, logout_user, login_required, current_user
from models import db, User from models import db, User
from functools import wraps from functools import wraps
from utils import log_event
from datetime import datetime from datetime import datetime
from utils import log_event
def require_password_change(f): def require_password_change(f):
@wraps(f) @wraps(f)
@@ -29,24 +29,32 @@ def init_routes(auth_bp):
if not user or not user.check_password(password): if not user or not user.check_password(password):
# Log failed login attempt # Log failed login attempt
log_event('user_login', { log_event(
event_type='user_login',
details={
'email': email, 'email': email,
'success': False, 'success': False,
'reason': 'invalid_credentials' 'reason': 'invalid_credentials'
}) }
)
db.session.commit()
flash('Please check your login details and try again.', 'danger') flash('Please check your login details and try again.', 'danger')
return redirect(url_for('auth.login')) return redirect(url_for('auth.login'))
login_user(user, remember=remember) login_user(user, remember=remember)
# Log successful login # Log successful login
log_event('user_login', { log_event(
event_type='user_login',
details={
'user_id': user.id, 'user_id': user.id,
'email': email, 'user_name': f"{user.username} {user.last_name}",
'email': user.email,
'success': True, 'success': True,
'remember': remember, 'remember': remember
'using_default_password': password == 'changeme' }
}, user.id) )
db.session.commit()
# Check if user is using default password # Check if user is using default password
if password == 'changeme': if password == 'changeme':
@@ -86,15 +94,17 @@ def init_routes(auth_bp):
db.session.add(new_user) db.session.add(new_user)
db.session.commit() db.session.commit()
# Log user registration # Log successful registration
log_event('user_register', { log_event(
'email': email, event_type='user_create',
'username': username, details={
'timestamp': datetime.utcnow().isoformat(), 'user_id': new_user.id,
'ip_address': request.remote_addr, 'user_name': f"{new_user.username} {new_user.last_name}",
'user_agent': request.user_agent.string, 'email': new_user.email,
'registration_method': 'web_form' 'method': 'web_form'
}, new_user.id) }
)
db.session.commit()
login_user(new_user) login_user(new_user)
return redirect(url_for('main.dashboard')) return redirect(url_for('main.dashboard'))
@@ -104,12 +114,16 @@ def init_routes(auth_bp):
@auth_bp.route('/logout') @auth_bp.route('/logout')
@login_required @login_required
def logout(): def logout():
# Log logout event # Log logout event before logging out
log_event('user_logout', { log_event(
event_type='user_logout',
details={
'user_id': current_user.id, 'user_id': current_user.id,
'user_name': f"{current_user.username} {current_user.last_name}",
'email': current_user.email 'email': current_user.email
}, current_user.id) }
)
db.session.commit()
logout_user() logout_user()
return redirect(url_for('auth.login')) return redirect(url_for('auth.login'))
@@ -122,22 +136,50 @@ def init_routes(auth_bp):
confirm_password = request.form.get('confirm_password') confirm_password = request.form.get('confirm_password')
if not current_user.check_password(current_password): if not current_user.check_password(current_password):
# Log failed password change attempt
log_event(
event_type='user_update',
details={
'user_id': current_user.id,
'user_name': f"{current_user.username} {current_user.last_name}",
'update_type': 'password_change',
'success': False,
'reason': 'invalid_current_password'
}
)
db.session.commit()
flash('Current password is incorrect.', 'danger') flash('Current password is incorrect.', 'danger')
return redirect(url_for('auth.change_password')) return redirect(url_for('auth.change_password'))
if new_password != confirm_password: if new_password != confirm_password:
# Log failed password change attempt
log_event(
event_type='user_update',
details={
'user_id': current_user.id,
'user_name': f"{current_user.username} {current_user.last_name}",
'update_type': 'password_change',
'success': False,
'reason': 'passwords_dont_match'
}
)
db.session.commit()
flash('New passwords do not match.', 'danger') flash('New passwords do not match.', 'danger')
return redirect(url_for('auth.change_password')) return redirect(url_for('auth.change_password'))
current_user.set_password(new_password) current_user.set_password(new_password)
db.session.commit()
# Log password change # Log successful password change
log_event('user_update', { log_event(
event_type='user_update',
details={
'user_id': current_user.id, 'user_id': current_user.id,
'email': current_user.email, 'user_name': f"{current_user.username} {current_user.last_name}",
'update_type': 'password_change' 'update_type': 'password_change',
}, current_user.id) 'success': True
}
)
db.session.commit()
flash('Password changed successfully!', 'success') flash('Password changed successfully!', 'success')
return redirect(url_for('main.dashboard')) return redirect(url_for('main.dashboard'))

128
routes/contacts.py
View File

@@ -5,6 +5,7 @@ from forms import UserForm
from flask import abort from flask import abort
from sqlalchemy import or_ from sqlalchemy import or_
from routes.auth import require_password_change from routes.auth import require_password_change
from utils import log_event
import json import json
import os import os
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
@@ -120,6 +121,22 @@ def new_contact():
user.set_password('changeme') # Set default password user.set_password('changeme') # Set default password
db.session.add(user) db.session.add(user)
db.session.commit() db.session.commit()
# Log user creation event
log_event(
event_type='user_create',
details={
'created_by': current_user.id,
'created_by_name': f"{current_user.username} {current_user.last_name}",
'user_id': user.id,
'user_name': f"{user.username} {user.last_name}",
'email': user.email,
'is_admin': user.is_admin,
'method': 'admin_creation'
}
)
db.session.commit()
flash('User created successfully! They will need to change their password on first login.', 'success') flash('User created successfully! They will need to change their password on first login.', 'success')
return redirect(url_for('contacts.contacts_list')) return redirect(url_for('contacts.contacts_list'))
return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins) return render_template('contacts/form.html', form=form, title='New User', total_admins=total_admins)
@@ -138,6 +155,16 @@ def edit_profile():
flash('There must be at least one admin user in the system.', 'error') flash('There must be at least one admin user in the system.', 'error')
return render_template('contacts/form.html', form=form, title='Edit Profile', total_admins=total_admins) return render_template('contacts/form.html', form=form, title='Edit Profile', total_admins=total_admins)
# Store old values for comparison
old_values = {
'user_name': f"{current_user.username} {current_user.last_name}",
'email': current_user.email,
'phone': current_user.phone,
'company': current_user.company,
'position': current_user.position,
'is_admin': current_user.is_admin
}
current_user.username = form.first_name.data current_user.username = form.first_name.data
current_user.last_name = form.last_name.data current_user.last_name = form.last_name.data
current_user.email = form.email.data current_user.email = form.email.data
@@ -146,10 +173,39 @@ def edit_profile():
current_user.position = form.position.data current_user.position = form.position.data
current_user.notes = form.notes.data current_user.notes = form.notes.data
current_user.is_admin = form.is_admin.data current_user.is_admin = form.is_admin.data
# Set password if provided # Set password if provided
password_changed = False
if form.new_password.data: if form.new_password.data:
current_user.set_password(form.new_password.data) current_user.set_password(form.new_password.data)
password_changed = True
db.session.commit() db.session.commit()
# Log profile update event
log_event(
event_type='user_update',
details={
'user_id': current_user.id,
'user_name': f"{current_user.username} {current_user.last_name}",
'updated_by': current_user.id,
'updated_by_name': f"{current_user.username} {current_user.last_name}",
'old_values': old_values,
'new_values': {
'username': current_user.username,
'last_name': current_user.last_name,
'email': current_user.email,
'phone': current_user.phone,
'company': current_user.company,
'position': current_user.position,
'is_admin': current_user.is_admin
},
'password_changed': password_changed,
'method': 'self_update'
}
)
db.session.commit()
flash('Profile updated successfully!', 'success') flash('Profile updated successfully!', 'success')
return redirect(url_for('contacts.contacts_list')) return redirect(url_for('contacts.contacts_list'))
@@ -220,6 +276,17 @@ def edit_contact(id):
if existing_user: if existing_user:
flash('A user with this email already exists.', 'error') flash('A user with this email already exists.', 'error')
return render_template('contacts/form.html', form=form, title='Edit User', total_admins=total_admins, user=user) return render_template('contacts/form.html', form=form, title='Edit User', total_admins=total_admins, user=user)
# Store old values for comparison
old_values = {
'user_name': f"{user.username} {user.last_name}",
'email': user.email,
'phone': user.phone,
'company': user.company,
'position': user.position,
'is_admin': user.is_admin
}
user.username = form.first_name.data user.username = form.first_name.data
user.last_name = form.last_name.data user.last_name = form.last_name.data
user.email = form.email.data user.email = form.email.data
@@ -228,10 +295,38 @@ def edit_contact(id):
user.position = form.position.data user.position = form.position.data
user.notes = form.notes.data user.notes = form.notes.data
user.is_admin = form.is_admin.data user.is_admin = form.is_admin.data
# Set password if provided # Set password if provided
password_changed = False
if form.new_password.data: if form.new_password.data:
user.set_password(form.new_password.data) user.set_password(form.new_password.data)
password_changed = True
db.session.commit() db.session.commit()
# Log user update event
log_event(
event_type='user_update',
details={
'user_id': user.id,
'user_name': f"{user.username} {user.last_name}",
'updated_by': current_user.id,
'updated_by_name': f"{current_user.username} {current_user.last_name}",
'old_values': old_values,
'new_values': {
'user_name': f"{user.username} {user.last_name}",
'email': user.email,
'phone': user.phone,
'company': user.company,
'position': user.position,
'is_admin': user.is_admin
},
'password_changed': password_changed,
'method': 'admin_update'
}
)
db.session.commit()
flash('User updated successfully!', 'success') flash('User updated successfully!', 'success')
return redirect(url_for('contacts.contacts_list')) return redirect(url_for('contacts.contacts_list'))
return render_template('contacts/form.html', form=form, title='Edit User', total_admins=total_admins, user=user) return render_template('contacts/form.html', form=form, title='Edit User', total_admins=total_admins, user=user)
@@ -246,6 +341,21 @@ def delete_contact(id):
if user.email == current_user.email: if user.email == current_user.email:
flash('You cannot delete your own account.', 'error') flash('You cannot delete your own account.', 'error')
return redirect(url_for('contacts.contacts_list')) return redirect(url_for('contacts.contacts_list'))
# Log user deletion event
log_event(
event_type='user_delete',
details={
'user_id': user.id,
'user_name': f"{user.username} {user.last_name}",
'deleted_by': current_user.id,
'deleted_by_name': f"{current_user.username} {current_user.last_name}",
'email': user.email,
'is_admin': user.is_admin
}
)
db.session.commit()
db.session.delete(user) db.session.delete(user)
db.session.commit() db.session.commit()
flash('User deleted successfully!', 'success') flash('User deleted successfully!', 'success')
@@ -261,7 +371,25 @@ def toggle_active(id):
if user.email == current_user.email: if user.email == current_user.email:
flash('You cannot deactivate your own account.', 'error') flash('You cannot deactivate your own account.', 'error')
return redirect(url_for('contacts.contacts_list')) return redirect(url_for('contacts.contacts_list'))
old_status = user.is_active
user.is_active = not user.is_active user.is_active = not user.is_active
# Log status change event
log_event(
event_type='user_update',
details={
'user_id': user.id,
'user_name': f"{user.username} {user.last_name}",
'updated_by': current_user.id,
'updated_by_name': f"{current_user.username} {current_user.last_name}",
'update_type': 'status_change',
'old_status': old_status,
'new_status': user.is_active,
'email': user.email
}
)
db.session.commit() db.session.commit()
flash(f'User marked as {"active" if user.is_active else "inactive"}!', 'success') flash(f'User marked as {"active" if user.is_active else "inactive"}!', 'success')
return redirect(url_for('contacts.contacts_list')) return redirect(url_for('contacts.contacts_list'))

105
routes/conversations.py
View File

@@ -3,6 +3,7 @@ from flask_login import login_required, current_user
from models import db, Conversation, User, Message, MessageAttachment from models import db, Conversation, User, Message, MessageAttachment
from forms import ConversationForm from forms import ConversationForm
from routes.auth import require_password_change from routes.auth import require_password_change
from utils import log_event
import os import os
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
from datetime import datetime from datetime import datetime
@@ -84,6 +85,21 @@ def create_conversation():
db.session.add(conversation) db.session.add(conversation)
db.session.commit() db.session.commit()
# Log conversation creation
log_event(
event_type='conversation_create',
details={
'conversation_id': conversation.id,
'created_by': current_user.id,
'created_by_name': f"{current_user.username} {current_user.last_name}",
'name': conversation.name,
'description': conversation.description,
'member_count': len(conversation.members),
'member_ids': [member.id for member in conversation.members]
}
)
db.session.commit()
flash('Conversation created successfully!', 'success') flash('Conversation created successfully!', 'success')
return redirect(url_for('conversations.conversations')) return redirect(url_for('conversations.conversations'))
return render_template('conversations/create_conversation.html', form=form) return render_template('conversations/create_conversation.html', form=form)
@@ -147,6 +163,22 @@ def add_member(conversation_id):
else: else:
conversation.members.append(user) conversation.members.append(user)
db.session.commit() db.session.commit()
# Log member addition
log_event(
event_type='conversation_member_add',
details={
'conversation_id': conversation.id,
'conversation_name': conversation.name,
'added_by': current_user.id,
'added_by_name': f"{current_user.username} {current_user.last_name}",
'added_user_id': user.id,
'added_by_name': f"{current_user.username} {current_user.last_name}",
'added_user_email': user.email
}
)
db.session.commit()
flash(f'{user.username} has been added to the conversation.', 'success') flash(f'{user.username} has been added to the conversation.', 'success')
return redirect(url_for('conversations.conversation_members', conversation_id=conversation_id)) return redirect(url_for('conversations.conversation_members', conversation_id=conversation_id))
@@ -169,6 +201,22 @@ def remove_member(conversation_id, user_id):
else: else:
conversation.members.remove(user) conversation.members.remove(user)
db.session.commit() db.session.commit()
# Log member removal
log_event(
event_type='conversation_member_remove',
details={
'conversation_id': conversation.id,
'conversation_name': conversation.name,
'removed_by': current_user.id,
'removed_by_name': f"{current_user.username} {current_user.last_name}",
'removed_user_id': user.id,
'removed_user_name': f"{user.username} {user.last_name}",
'removed_user_email': user.email
}
)
db.session.commit()
flash('User has been removed from the conversation.', 'success') flash('User has been removed from the conversation.', 'success')
return redirect(url_for('conversations.conversation_members', conversation_id=conversation_id)) return redirect(url_for('conversations.conversation_members', conversation_id=conversation_id))
@@ -184,6 +232,13 @@ def edit_conversation(conversation_id):
form = ConversationForm(obj=conversation) form = ConversationForm(obj=conversation)
if request.method == 'POST': if request.method == 'POST':
# Store old values for comparison
old_values = {
'name': conversation.name,
'description': conversation.description,
'member_ids': [member.id for member in conversation.members]
}
# Get members from the form data # Get members from the form data
member_ids = request.form.getlist('members') member_ids = request.form.getlist('members')
@@ -205,6 +260,25 @@ def edit_conversation(conversation_id):
conversation.members.append(user) conversation.members.append(user)
db.session.commit() db.session.commit()
# Log conversation update
log_event(
event_type='conversation_update',
details={
'conversation_id': conversation.id,
'updated_by': current_user.id,
'updated_by_name': f"{current_user.username} {current_user.last_name}",
'old_values': old_values,
'new_values': {
'name': conversation.name,
'description': conversation.description,
'member_ids': [member.id for member in conversation.members],
'member_names': [f"{member.username} {member.last_name}" for member in conversation.members]
}
}
)
db.session.commit()
flash('Conversation members updated successfully!', 'success') flash('Conversation members updated successfully!', 'success')
# Check if redirect parameter is provided # Check if redirect parameter is provided
@@ -227,6 +301,20 @@ def delete_conversation(conversation_id):
conversation = Conversation.query.get_or_404(conversation_id) conversation = Conversation.query.get_or_404(conversation_id)
# Log conversation deletion
log_event(
event_type='conversation_delete',
details={
'conversation_id': conversation.id,
'conversation_name': conversation.name,
'deleted_by': current_user.id,
'deleted_by_name': f"{current_user.username} {current_user.last_name}",
'member_count': len(conversation.members),
'message_count': Message.query.filter_by(conversation_id=conversation_id).count()
}
)
db.session.commit()
# Delete all messages in the conversation # Delete all messages in the conversation
Message.query.filter_by(conversation_id=conversation_id).delete() Message.query.filter_by(conversation_id=conversation_id).delete()
@@ -264,7 +352,6 @@ def get_messages(conversation_id):
'created_at': message.created_at.strftime('%b %d, %Y %H:%M'), 'created_at': message.created_at.strftime('%b %d, %Y %H:%M'),
'sender_id': str(message.user_id), 'sender_id': str(message.user_id),
'sender_name': f"{message.user.username} {message.user.last_name}", 'sender_name': f"{message.user.username} {message.user.last_name}",
'sender_avatar': url_for('profile_pic', filename=message.user.profile_picture) if message.user.profile_picture else url_for('static', filename='default-avatar.png'),
'attachments': [{ 'attachments': [{
'name': attachment.name, 'name': attachment.name,
'size': attachment.size, 'size': attachment.size,
@@ -324,6 +411,22 @@ def send_message(conversation_id):
db.session.commit() db.session.commit()
# Log message creation
log_event(
event_type='message_create',
details={
'message_id': message.id,
'conversation_id': conversation_id,
'conversation_name': conversation.name,
'sender_id': current_user.id,
'sender_name': f"{current_user.username} {current_user.last_name}",
'has_attachments': len(attachments) > 0,
'attachment_count': len(attachments),
'attachment_types': [get_file_extension(att.name) for att in attachments] if attachments else []
}
)
db.session.commit()
# Prepare message data for response # Prepare message data for response
message_data = { message_data = {
'id': message.id, 'id': message.id,