Merge branch 'main' into docs/user-guide

Author: sumedha-bhatt

.gitignore

@@ -12,9 +12,15 @@ db.sqlite3
 # Coverage files from pytest-cov plugin for pytest
 .coverage
 
+# Logger files
+enigma.log
+
 # Dependency directories
 node_modules/
 
+#Access Modules
+Access/access_modules
+
 # Folders created by Docker Compose
 mounts/
 public/

Access/accessrequest_helper.py

@@ -405,15 +405,17 @@ def create_request(auth_user, access_request_form):
         }
 
         access_module = helper.get_available_access_modules()[access_tag]
+        module_access_labels = access_module.validate_request(
+            access_labels, auth_user, is_group=False
+        )
+
         extra_field_labels = get_extra_field_labels(access_module)
+
         if extra_fields and extra_field_labels:
             for field in extra_field_labels:
-                access_labels[0][field] = extra_fields[0]
+                module_access_labels[0][field] = extra_fields[0]
                 extra_fields = extra_fields[1:]
 
-        module_access_labels = access_module.validate_request(
-            access_labels, auth_user, is_group=False
-        )
 
         for index2, access_label in enumerate(module_access_labels):
             request_id = request_id + "_" + str(index2)
@@ -516,10 +518,7 @@ def get_extra_field_labels(access_module):
 def get_extra_fields(access_request):
     if "extraFields" in access_request:
         return access_request["extraFields"]
-    elif "extraFields[]" in access_request:
-        return [access_request["extraFields[]"]]
-    else:
-        return []
+    return []
 
 
 def _validate_access_request(access_request_form, user):

Access/admin.py

@@ -1,3 +1,7 @@
+'''
+Models to configure diplay, search and filtering for models on admin panel
+'''
+
 from django.contrib import admin
 
 from Access.models import (
@@ -14,17 +18,61 @@
 
 
 class UserAdmin(admin.ModelAdmin):
+    '''Class to describe how to display User model on admin panel'''
     ordering = ("name", "email")
     search_fields = ("name", "email")
     list_display = ("name", "email")
 
 
+class MembershipV2AdminPanel(admin.ModelAdmin):
+    '''Class to describe how to display MembershipV2 on admin panel'''
+    ordering = ("membership_id", "user__name", "group__name")
+    search_fields = ("membership_id", "user__name", "group__name")
+    list_display = ("membership_id", "user", "group")
+
+
+class AccessV2AdminPanel(admin.ModelAdmin):
+    '''Class to describe how to display AccessV2 model on admin panel'''
+    search_fields = ("access_tag", "access_label")
+    list_display = ("access_tag", "access_label")
+    sortable_by = ("access_tag",)
+
+
+class UserIdentityAdminPanel(admin.ModelAdmin):
+    '''Class to describe how to display User Identity on admin panel'''
+    search_fields = ("access_tag", "user__name", "status")
+    list_display = ("access_tag", "user", "identity", "status")
+
+
+class UserAccessMappingAdminPanel(admin.ModelAdmin):
+    '''Class to describe how to display UserAccessMapping on admin panel'''
+    search_fields = (
+        "request_id",
+        "user_identity__user__name",
+        "access__access_tag",
+        "access__access_label",
+        "status"
+    )
+    list_display = (
+        "request_id",
+        "get_user_name",
+        "access",
+        "status",
+    )
+    ordering = (
+        "request_id",
+        "user_identity__user__name",
+        "access",
+        "status"
+    )
+
+
 admin.site.register(User, UserAdmin)
 admin.site.register(Permission)
-admin.site.register(UserAccessMapping)
+admin.site.register(UserAccessMapping, UserAccessMappingAdminPanel)
 admin.site.register(Role)
-admin.site.register(AccessV2)
+admin.site.register(AccessV2, AccessV2AdminPanel)
 admin.site.register(GroupV2)
-admin.site.register(MembershipV2)
+admin.site.register(MembershipV2, MembershipV2AdminPanel)
 admin.site.register(GroupAccessMapping)
-admin.site.register(UserIdentity)
+admin.site.register(UserIdentity, UserIdentityAdminPanel)

Access/background_task_manager.py

@@ -7,9 +7,7 @@
 from celery.signals import task_success, task_failure
 
 from Access import helpers
-from bootprocess import general
-from EnigmaAutomation.settings import AUTOMATED_EXEC_IDENTIFIER
-from Access.models import UserAccessMapping, ApprovalType
+from Access.models import UserAccessMapping
 from Access import notifications
 
 logger = logging.getLogger(__name__)
@@ -166,70 +164,76 @@ def run_access_grant(request_id):
 def run_access_revoke(request_id):
     access_mapping = UserAccessMapping.get_access_request(request_id=request_id)
     if not access_mapping:
-        # TODO: Have to add the email targets for failure
-        targets = []
-        message = "Request not found"
-        notifications.send_revoke_failure_mail(
-            targets, request_id, access_mapping.revoker.email, 0, message
-        )
+        logger.debug(f"Cannot find access mapping with id: {request_id}")
         return False
     elif access_mapping.status == "Revoked":
+        logger.debug(f"The request with id {request_id} is already revoked.")
         return True
     access = access_mapping.access
     user_identity = access_mapping.user_identity
 
     revoker = access_mapping.revoker
-    if not revoker:
-        # TODO: Have to add the email targets for failure
-        targets = []
-        message = "Revoker not found"
-        notifications.send_revoke_failure_mail(
-            targets,
-            request_id,
-            access_mapping.revoker.email,
-            0,
-            message,
-            access.access_tag,
-        )
-        user_identity.mark_revoke_failed_for_approved_access_mapping(access)
-        return False
-
     access_modules = helpers.get_available_access_modules()
-
     access_module = access_modules[access.access_tag]
+    if not revoker:
+        logger.debug(f"The revoker is not set for the request with id {request_id}")
+        access_mapping.revoke_failed("Revoker was not set.")
+        return False
 
-    response = access_module.revoke(
-        user_identity.user, user_identity, access.access_label, access_mapping
-    )
-    logger.debug("Response from the revoke function: " + str(response))
-    if type(response) is bool:
-        revoke_success = response
-        message = None
-    else:
-        revoke_success = response[0]
-        message = str(response[1])
+    try:
+        response = access_module.revoke(
+            user_identity.user, user_identity, access.access_label, access_mapping
+        )
+        if type(response) is bool:
+            revoke_success = response
+            message = None
+        else:
+            revoke_success = response[0]
+            message = str(response[1])
+    except Exception as e:
+        logger.exception(
+            "Error while running revoke function: " + str(traceback.format_exc())
+        )
+        revoke_success = False
+        message = str(traceback.format_exc())
+    
 
     if revoke_success:
-        if AUTOMATED_EXEC_IDENTIFIER in access_module.revoke_owner():
-            user_identity.revoke_approved_access_mapping(access)
+        access_mapping.revoke()
+        logger.debug(
+            {
+                "requestId": request_id,
+                "status": "revoked",
+                "by": revoker,
+                "response": message,
+            }
+        )
     else:
+        access_mapping.revoke_failed(
+            fail_reason="Error while running revoke in module"
+        )
         logger.debug(
-            "Failed to revoke the request: {} due to exception: {}".format(
-                access_mapping.request_id, message
-            )
+            {
+                "requestId": request_id,
+                "status": "RevokeFailed",
+                "by": revoker,
+                "response": message,
+                "retry_count": run_access_revoke.request.retries
+            }
         )
-        logger.debug("Retry count: {}".format(run_access_revoke.request.retries))
         if run_access_revoke.request.retries == 3:
             logger.info("Sending the notification for failure")
-            notifications.send_revoke_failure_mail(
-                access_module.access_mark_revoke_permission(access_mapping.access_type),
-                access_mapping.request_id,
-                revoker.email,
-                run_access_revoke.request.retries,
-                message,
-                access.access_tag,
-            )
-            user_identity.mark_revoke_failed_for_approved_access_mapping(access)
+            try:
+                notifications.send_revoke_failure_mail(
+                    access_module.access_mark_revoke_permission(access_mapping.access_type),
+                    access_mapping.request_id,
+                    revoker.email,
+                    run_access_revoke.request.retries,
+                    message,
+                    access.access_tag,
+                )
+            except Exception as e:
+                logger.debug(f"Failed to send Revoke failed mail due to exception: {str(e)}")
         raise Exception("Failed to revoke the access due to: " + str(message))
 
     return True

Access/group_helper.py

@@ -664,17 +664,19 @@ def save_group_access_request(form_data, auth_user):
             access_labels_json=access_request["accessLabel"][accessIndex],
             access_tag=access_tag,
         )
+
+        module_access_labels = access_module.validate_request(
+            access_labels, auth_user, is_group=False
+        )
+
         extra_fields = accessrequest_helper.get_extra_fields(access_request)
         extra_field_labels = accessrequest_helper.get_extra_field_labels(access_module)
 
         if extra_fields and extra_field_labels:
             for field in extra_field_labels:
-                access_labels[0][field] = extra_fields[0]
+                module_access_labels[0][field] = extra_fields[0]
                 extra_fields = extra_fields[1:]
 
-        module_access_labels = access_module.validate_request(
-            access_labels, auth_user, is_group=False
-        )
 
         request_id = (
             group.name

Access/models.py

@@ -827,18 +827,16 @@ def getAccessRequestDetails(self, access_module):
 
         return access_request_data
 
-    def updateMetaData(self, key, data):
+    def update_meta_data(self, key, data):
         with transaction.atomic():
-            mapping = UserAccessMapping.objects.select_for_update().get(
-                request_id=self.request_id
-            )
-            mapping.meta_data[key] = data
-            mapping.save()
+            self.meta_data[key] = data
+            self.save()
         return True
 
-    def revoke(self, revoker):
+    def revoke(self, revoker=None):
         self.status = "Revoked"
-        self.revoker = revoker
+        if revoker:
+            self.revoker = revoker
         self.save()
 
     @staticmethod
@@ -942,6 +940,9 @@ def create(
         mapping.save()
         return mapping
 
+    def get_user_name(self):
+        return self.user_identity.user.name
+
 
 class GroupAccessMapping(models.Model):
     """

Access/userlist_helper.py

@@ -97,6 +97,9 @@ def create_identity(user_identity_form, auth_user):
         new_module_identity_json = selected_access_module.verify_identity(
             user_identity_form, user.email
         )
+        if not new_module_identity_json:
+            raise Exception("Failed to verify identity")
+
         existing_user_identity = user.get_active_identity(
             access_tag=selected_access_module.tag()
         )
@@ -152,7 +155,7 @@ def __change_identity_and_transfer_access_mapping(
         if existing_user_access_mapping:
             new_user_access_mapping = (
                 new_user_identity.replicate_active_access_membership_for_module(
-                    existing_access=existing_user_access_mapping
+                    existing_user_access_mapping=existing_user_access_mapping
                 )
             )
         system_user = User.get_system_user()

Access/views.py

@@ -43,6 +43,7 @@
 INVALID_REQUEST_MESSAGE = "Error in request not found OR Invalid request type"
 
 logger = logging.getLogger(__name__)
+logger.info("Server Started")
 
 
 @login_required

EnigmaAutomation/settings.py

@@ -250,7 +250,7 @@
         'file': {
             'level': current_log_level,
             'class': 'logging.FileHandler',
-            'filename': './enigma.log',
+            'filename': 'enigma.log',
             'formatter': 'verbose',
         },
         "console": {
@@ -259,7 +259,7 @@
             "formatter": "verbose",
         },
     },
-    "loggers": { },
+    "loggers": {},
 }
 for each_app in logging_apps:
     LOGGING["loggers"][each_app] = {
@@ -268,3 +268,13 @@
         "propagate": True,
         "formatter": "verbose",
     }
+
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+
+EMAIL_HOST = data["emails"]["EMAIL_HOST"]
+EMAIL_PORT = data["emails"]["EMAIL_PORT"]
+EMAIL_HOST_USER = data["emails"]["EMAIL_HOST_USER"]
+EMAIL_HOST_PASSWORD = data["emails"]["EMAIL_HOST_PASSWORD"]
+EMAIL_USE_TLS = data["emails"]["EMAIL_USE_TLS"]
+EMAIL_USE_SSL = data["emails"]["EMAIL_USE_SSL"]
+DEFAULT_FROM_EMAIL = data["emails"]["DEFAULT_FROM_EMAIL"]