Merge pull request #1579 from mozilla/update_auth0_cron

Fixup auth0 cron
mozilla · Mar 24, 2020 · af9dc31 · af9dc31
2 parents 65658a7 + 358d211
commit af9dc31
Showing 1 changed file with 92 additions and 43 deletions.
diff --git a/cron/auth02mozdef.py b/cron/auth02mozdef.py
@@ -37,58 +37,104 @@ def fatal(msg):
 #     4 = Critical
 log_types = DotDict(
     {
-        "s": {"event": "Success Login", "level": 1},
-        "slo": {"event": "Success Logout", "level": 1},
-        "flo": {"event": "Failed Logout", "level": 3},
-        "seacft": {"event": "Success Exchange (Authorization Code for Access Token)", "level": 1},
-        "feacft": {"event": "Failed Exchange (Authorization Code for Access Token)", "level": 3},
-        "f": {"event": "Failed Login", "level": 3},
-        "w": {"event": "Warnings During Login", "level": 2},
+        "admin_update_launch": {"event": "Auth0 Update Launched", "level": 1},
+        "api_limit": {"event": "Rate Limit On API", "level": 4},
+        "cls": {"event": "Code/Link Sent", "level": 0},
+        "coff": {"event": "Connector Offline", "level": 3},
+        "con": {"event": "Connector Online", "level": 1},
+        "cs": {"event": "Code Sent", "level": 0},
+        "depnote": {"event": "Deprecation Note", "level": 1},
         "du": {"event": "Deleted User", "level": 1},
-        "fu": {"event": "Failed Login (invalid email/username)", "level": 3},
-        "fp": {"event": "Failed Login (wrong password)", "level": 3},
+        "f": {"event": "Failed Login", "level": 3},
+        "fapi": {"event": "Failed API Operation", "level": 3},
         "fc": {"event": "Failed by Connector", "level": 3},
+        "fce": {"event": "Failed Change Email", "level": 3},
         "fco": {"event": "Failed by CORS", "level": 3},
-        "con": {"event": "Connector Online", "level": 1},
-        "coff": {"event": "Connector Offline", "level": 3},
+        "fcoa": {"event": "Failed Cross Origin Authentication", "level": 3},
+        "fcp": {"event": "Failed Change Password", "level": 3},
+        "fcph": {"event": "Failed Post Change Password Hook", "level": 3},
+        "fcpn": {"event": "Failed Change Phone Number", "level": 3},
+        "fcpr": {"event": "Failed Change Password Request", "level": 3},
         "fcpro": {"event": "Failed Connector Provisioning", "level": 4},
-        "ss": {"event": "Success Signup", "level": 1},
+        "fcu": {"event": "Failed Change Username", "level": 3},
+        "fd": {"event": "Failed Delegation", "level": 3},
+        "fdeac": {"event": "Failed Device Activation", "level": 3},
+        "fdeaz": {"event": "Failed Device Authorization Request", "level": 3},
+        "fdecc": {"event": "User Canceled Device Confirmation", "level": 2},
+        "fdu": {"event": "Failed User Deletion", "level": 3},
+        "feacft": {"event": "Failed Exchange (Authorization Code for Access Token)", "level": 3},
+        "feccft": {"event": "Failed Exchange (Client Credentials for Access Token)", "level": 1},
+        "fede": {"event": "Failed Exchange (Device Code for Access Token)", "level": 3},
+        "fens": {"event": "Failed Exchange (Native Social Login)", "level": 3},
+        "feoobft": {"event": "Failed Exchange (Password and OOB Challenge for Access Token)", "level": 3},
+        "feotpft": {"event": "Failed Exchange (Password and OTP Challenge for Access Token)", "level": 3},
+        "fepft": {"event": "Failed Exchange (Password for Access Token)", "level": 3},
+        "fercft": {"event": "Failed Exchange (Password and MFA Recovery code for Access Token)", "level": 3},
+        "fertft": {"event": "Failed Exchange (Refresh Token for Access Token)", "level": 3},
+        "flo": {"event": "Failed Logout", "level": 3},
+        "fn": {"event": "Failed Sending Notification", "level": 3},
+        "fp": {"event": "Failed Login (wrong password)", "level": 3},
         "fs": {"event": "Failed Signup", "level": 3},
-        "cs": {"event": "Code Sent", "level": 0},
-        "cls": {"event": "Code/Link Sent", "level": 0},
-        "sv": {"event": "Success Verification Email", "level": 0},
+        "fsa": {"event": "Failed Silent Auth", "level": 3},
+        "fu": {"event": "Failed Login (invalid email/username)", "level": 3},
+        "fui": {"event": "Failed users import", "level": 4},
         "fv": {"event": "Failed Verification Email", "level": 0},
-        "scp": {"event": "Success Change Password", "level": 1},
-        "fcp": {"event": "Failed Change Password", "level": 3},
+        "fvr": {"event": "Failed Verification Email Request", "level": 3},
+        "gd_auth_failed": {"event": "OTP Auth failed", "level": 3},
+        "gd_auth_rejected": {"event": "OTP Auth rejected", "level": 3},
+        "gd_auth_succeed": {"event": "OTP Auth success", "level": 1},
+        "gd_enrollment_complete": {"event": "Guardian enrollment complete", "level": 1},
+        "gd_module_switch": {"event": "Module switch", "level": 1},
+        "gd_otp_rate_limit_exceed": {"event": "Too many OTP failures", "level": 4},
+        "gd_recovery_failed": {"event": "Multi-factor recovery code failed.", "level": 3},
+        "gd_recovery_rate_limit_exceed": {"event": "Multi-factor recovery code has failed too many times", "level": 4},
+        "gd_recovery_succeed": {"event": "Multi-factor recovery code succeeded authorization", "level": 1},
+        "gd_send_pn": {"event": "Push notification for MFA sent successfully sent", "level": 1},
+        "gd_send_sms": {"event": "SMS for MFA sent successfully", "level": 1},
+        "gd_send_sms_failure": {"event": "SMS for MFA sent failed", "level": 3},
+        "gd_start_auth": {"event": "Second factor authentication event started for MFA", "level": 1},
+        "gd_start_enroll": {"event": "Multi-factor authentication enroll has started", "level": 1},
+        "gd_tenant_update": {"event": "Guardian tenant update", "level": 3},
+        "gd_unenroll": {"event": "Device used for second factor authentication has been unenrolled", "level": 2},
+        "gd_update_device_account": {"event": "Device used for second factor authentication has been updated", "level": 2},
+        "gd_user_delete": {"event": "Deleted multi-factor user account", "level": 1},
+        "limit_delegation": {"event": "Rate limit exceeded to /delegation endpoint", "level": 4},
+        "limit_mu": {"event": "Blocked IP Address", "level": 3},
+        "limit_ui": {"event": "Too Many Calls to /userinfo", "level": 4},
+        "limit_wc": {"event": "Blocked Account", "level": 4},
+        "pwd_leak": {"event": "User attempted to login with a leaked password", "level": 4},
+        "s": {"event": "Success Login", "level": 1},
+        "sapi": {"event": "API Operation", "level": 1},
         "sce": {"event": "Success Change Email", "level": 1},
-        "fce": {"event": "Failed Change Email", "level": 3},
-        "scu": {"event": "Success Change Username", "level": 1},
-        "fcu": {"event": "Failed Change Username", "level": 3},
+        "scoa": {"event": "Success cross-origin authentication", "level": 1},
+        "scp": {"event": "Success Change Password", "level": 1},
+        "scph": {"event": "Success Post Change Password Hook", "level": 1},
         "scpn": {"event": "Success Change Phone Number", "level": 1},
-        "fcpn": {"event": "Failed Change Phone Number", "level": 3},
-        "svr": {"event": "Success Verification Email Request", "level": 0},
-        "fvr": {"event": "Failed Verification Email Request", "level": 3},
         "scpr": {"event": "Success Change Password Request", "level": 0},
-        "fcpr": {"event": "Failed Change Password Request", "level": 3},
-        "fn": {"event": "Failed Sending Notification", "level": 3},
-        "sapi": {"event": "API Operation", "level": 1},
-        "fapi": {"event": "Failed API Operation", "level": 3},
-        "limit_wc": {"event": "Blocked Account", "level": 4},
-        "limit_ui": {"event": "Too Many Calls to /userinfo", "level": 4},
-        "api_limit": {"event": "Rate Limit On API", "level": 4},
-        "sdu": {"event": "Successful User Deletion", "level": 1},
-        "fdu": {"event": "Failed User Deletion", "level": 3},
+        "scu": {"event": "Success Change Username", "level": 1},
         "sd": {"event": "Success Delegation", "level": 3},
-        "fd": {"event": "Failed Delegation", "level": 3},
+        "sdu": {"event": "Successful User Deletion", "level": 1},
+        "seacft": {"event": "Success Exchange (Authorization Code for Access Token)", "level": 1},
         "seccft": {"event": "Success Exchange (Client Credentials for Access Token)", "level": 1},
-        "feccft": {"event": "Failed Exchange (Client Credentials for Access Token)", "level": 1},
-        "fsa": {"event": "Failed Silent Auth", "level": 3},
-        "ssa": {"event": "Success Silent Auth", "level": 1},
-        "fepft": {"event": "Failed Exchange (Password for Access Token)", "level": 3},
-        "limit_mu": {"event": "Blocked IP Address", "level": 3},
+        "sede": {"event": "Successful Exchange (Device Code for Access Token)", "level": 1},
+        "sens": {"event": "Success Exchange (Native Social Login)", "level": 1},
+        "seoobft": {"event": "Success Exchange (Password and OOB Challenge for Access Token)", "level": 1},
+        "seotpft": {"event": "Success Exchange (Password and OTP Challenge for Access Token)", "level": 1},
         "sepft": {"event": "Success Exchange (Password for Access Token)", "level": 1},
-        "fcoa": {"event": "Failed Cross Origin Authentication", "level": 3},
-        "depnote": {"event": "Deprecation Note", "level": 1},
+        "sercft": {"event": "Success Exchange (Password and MFA Recovery code for Access Token)", "level": 1},
+        "sertft": {"event": "Success Exchange (Refresh Token for Access Token)", "level": 1},
+        "slo": {"event": "Success Logout", "level": 1},
+        "ss": {"event": "Success Signup", "level": 1},
+        "ssa": {"event": "Success Silent Auth", "level": 1},
+        "sui": {"event": "Successfully imported users", "level": 1},
+        "sv": {"event": "Success Verification Email", "level": 0},
+        "svr": {"event": "Success Verification Email Request", "level": 0},
+        "sys_os_update_end": {"event": "Auth0 OS Update Ended", "level": 1},
+        "sys_os_update_start": {"event": "Auth0 OS Update Started", "level": 1},
+        "sys_update_end": {"event": "Auth0 Update Ended", "level": 1},
+        "sys_update_start": {"event": "Auth0 Update Started", "level": 1},
+        "ublkdu": {"event": "User block setup by anomaly detection has been released", "level": 3},
+        "w": {"event": "Warnings During Login", "level": 2},
     }
 )
 
@@ -218,7 +264,6 @@ def process_msg(mozmsg, msg):
         pass
 
     mozmsg.details = details
-    mozmsg.details["raw"] = str(msg)
 
     return mozmsg
 
@@ -305,8 +350,12 @@ def fetch_auth0_logs(config, headers, fromid):
             mozmsg.details["error"] = "true"
             mozmsg.details["errormsg"] = '"' + str(e) + '"'
             mozmsg.summary = "Failed to parse auth0 message"
-            if config.DEBUG == "True":
-                traceback.print_exc()
+            traceback.print_exc()
+
+        # Save raw initial message in final message
+        # in case we ran into parsing errors
+        mozmsg.details["raw"] = str(msg)
+
         mozmsg.send()
 
     if have_totals: