Skip to content

/osTicket

Permalink
Browse files

Audit Extra Configurations 

- Make sure all audits contain the following data
	{"name":"object name","person":"thisstaff name"}
- Audit configurations that do not pertain to specific objects. These configurations are found in the config table
- Audit individual configurations that can be set per object for the following:
	- Help Topics
	- Departments
	- SLAs
	- Pages
	- Agents
	   - Account
	   - Permissions
	   - Profile
	- Teams
	- Roles
	   - Definition
	   - Permissions
	- Ticket Filters
	- Email Templates
	- Emails

Note: In class.auth.php, the extra lookup has to be done because the staff/user that were looked up are using the StaffSession/ClientSession classes
  • Loading branch information...
@aydreeihn
aydreeihn committed Jun 4, 2019
1 parent 27cfd65 commit 69da6455f965667a7cda45ed48f89ad05ba5bf6c
34 include/class.auth.php
View file
@@ -488,8 +488,9 @@ function login($staff, $bk) {
sprintf(_S("%s logged in [%s], via %s"), $staff->getUserName(),
$_SERVER['REMOTE_ADDR'], get_class($bk))); //Debug.
$type = array('type' => 'login', 'data' => array('id' => $staff->getId(), 'name' => $staff->getName()->name));
Signal::send('staff.login', Staff::lookup($staff->getId()), $type);
$agent = Staff::lookup($staff->getId());
$type = array('type' => 'login', 'data' => array('person' => $agent->getName()->name));
Signal::send('staff.login', $agent, $type);
// Tag the authkey.
$authkey = $bk::$id.':'.$authkey;
@@ -531,8 +532,9 @@ static function signOut($staff) {
$staff->getUserName(),
$_SERVER['REMOTE_ADDR'])); //Debug.
$type = array('type' => 'logout', 'data' => array('id' => $staff->getId(), 'name' => $staff->getName()->name));
Signal::send('staff.logout', Staff::lookup($staff->getId()), $type);
$agent = Staff::lookup($staff->getId());
$type = array('type' => 'logout', 'data' => array('person' => $agent->getName()->name));
Signal::send('staff.logout', $agent, $type);
Signal::send('auth.logout', $staff);
}
@@ -682,8 +684,9 @@ function login($user, $bk) {
$user->getUserName(), $user->getId(), $_SERVER['REMOTE_ADDR']);
$ost->logDebug(_S('User login'), $msg);
$type = array('type' => 'login', 'data' => array('id' => $user->getId(), 'name' => $user->getName()->name));
Signal::send('user.login', User::lookup($user->getId()), $type);
$u = User::lookup($user->getId());
$type = array('type' => 'login', 'data' => array('person' => $u->getName()->name));
Signal::send('staff.login', $u, $type);
if ($bk->supportsInteractiveAuthentication() && ($acct=$user->getAccount()))
$acct->cancelResetTokens();
@@ -721,8 +724,9 @@ static function signOut($user) {
sprintf(_S("%s logged out [%s]" /* Tokens are <username> and <ip> */),
$user->getUserName(), $_SERVER['REMOTE_ADDR']));
$type = array('type' => 'logout', 'data' => array('id' => $user->getId(), 'name' => $user->getName()->name));
Signal::send('user.logout', User::lookup($user->getId()), $type);
$u = User::lookup($user->getId());
$type = array('type' => 'logout', 'data' => array('person' => $u->getName()->name));
Signal::send('staff.logout', $u, $type);
}
protected function getAuthKey($user) {
@@ -907,10 +911,10 @@ function authstrike($credentials) {
if ($staffId)
$staff = Staff::lookup($staffId[0]);
if ($staff) {
$type = array('type' => 'login',
'data' => array('id' => $staff->getId(), 'name' => $staff->getName()->name,
'msg' => 'Excessive login attempts (' . $authsession['strikes'] . ')'));
Signal::send('staff.login', Staff::lookup($staff->getId()), $type);
$agent = Staff::lookup($staff->getId());
$type = array('type' => 'login',
'data' => array('msg' => sprintf('Excessive login attempts (%s)', $authsession['strikes']), 'person' => $agent->getName()->name));
Signal::send('staff.login', $agent, $type);
}
}
@@ -984,10 +988,10 @@ function authstrike($credentials) {
$user = User::lookup($id);
if ($user) {
$u = User::lookup($user->getId());
$type = array('type' => 'login',
'data' => array('id' => $user->getId(), 'name' => $user->getName()->name,
'msg' => 'Excessive login attempts (' . $authsession['strikes'] . ')'));
Signal::send('user.login', User::lookup($user->getId()), $type);
'data' => array('msg' => sprintf('Excessive login attempts (%s)', $authsession['strikes']), 'person' => $u->getName()->name));
Signal::send('user.login', $u, $type);
}
}
9 include/class.config.php
View file
@@ -110,13 +110,22 @@ function create($key, $value) {
}
function update($key, $value) {
global $thisstaff;
if (!$key)
return false;
elseif (!isset($this->config[$key]))
return $this->create($key, $value);
$item = $this->config[$key];
$before = $item->value;
$item->value = $value;
if ($before != $item->value) {
$type = array('type' => 'edited', 'data' => array('person' => $thisstaff->getName()->name, 'key' => $item->ht['key']));
Signal::send('object.edited', $item, $type);
}
return $item->save();
}
18 include/class.dept.php
View file
@@ -761,7 +761,7 @@ function save($refetch=false) {
}
function update($vars, &$errors) {
global $cfg;
global $cfg, $thisstaff;
$id = $this->id;
if ($id && $id != $vars['id'])
@@ -813,6 +813,18 @@ function update($vars, &$errors) {
if ($errors)
return false;
foreach ($vars as $key => $value) {
if ($key == 'status' && $this->getStatus() && strtolower($this->getStatus()) != $value) {
$loggedUpdate = true;
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'type' => ucfirst($value)));
Signal::send('object.edited', $this, $type);
} elseif (isset($this->$key) && ($this->$key != $value)) {
$loggedUpdate = true;
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $key));
Signal::send('object.edited', $this, $type);
}
}
$this->pid = $vars['pid'] ?: null;
$this->ispublic = isset($vars['ispublic']) ? (int) $vars['ispublic'] : 0;
$this->email_id = isset($vars['email_id']) ? (int) $vars['email_id'] : 0;
@@ -879,8 +891,8 @@ function update($vars, &$errors) {
// The ID wasn't available until after the commit
$this->path = $this->getFullPath();
$this->save();
} else {
$type = array('type' => 'edited');
} elseif (!$loggedUpdate) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name));
Signal::send('object.edited', $this, $type);
}
return true;
9 include/class.email.php
View file
@@ -241,7 +241,7 @@ function save($refetch=false) {
}
function update($vars, &$errors=false) {
global $cfg;
global $cfg, $thisstaff;
// very basic checks
$vars['cpasswd']=$this->getPasswd(); //Current decrypted password.
@@ -386,6 +386,13 @@ function update($vars, &$errors=false) {
if($errors) return false;
foreach ($vars as $key => $value) {
if (isset($this->$key) && ($this->$key != $value)) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $key));
Signal::send('object.edited', $this, $type);
}
}
$this->mail_errors = 0;
$this->mail_lastfetch = null;
$this->email = $vars['email'];
9 include/class.filter.php
View file
@@ -327,6 +327,8 @@ static function getSupportedMatchFields() {
}
function update($vars,&$errors) {
global $thisstaff;
//validate filter actions before moving on
if (!self::validate_actions($vars, $errors))
return false;
@@ -360,6 +362,13 @@ function update($vars,&$errors) {
$vars['target'] = 'Email';
}
foreach ($vars as $key => $value) {
if (isset($this->$key) && ($this->$key != $value) && $key != 'rules' && $key != 'actions') {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $key));
Signal::send('object.edited', $this, $type);
}
}
//Note: this will be set when validating filters
if ($vars['email_id'])
$emailId = $vars['email_id'];
11 include/class.list.php
View file
@@ -398,6 +398,7 @@ function getLocal($subtag) {
}
function update($vars, &$errors) {
global $thisstaff;
$required = array();
if ($this->isEditable())
@@ -406,8 +407,14 @@ function update($vars, &$errors) {
foreach (static::$fields as $f) {
if (in_array($f, $required) && !$vars[$f])
$errors[$f] = sprintf(__('%s is required'), mb_convert_case($f, MB_CASE_TITLE));
elseif (isset($vars[$f]))
$this->set($f, $vars[$f]);
elseif (isset($vars[$f])) {
if ($vars[$f] != $this->get($f)) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $f));
Signal::send('object.edited', $this, $type);
$this->set($f, $vars[$f]);
}
}
}
if ($errors)
23 include/class.organization.php
View file
@@ -373,7 +373,23 @@ static function supportsCustomData() {
return true;
}
function updateProfile($vars, &$errors) {
function update($vars, &$errors) {
global $thisstaff;
$valid = true;
$forms = $this->getForms($vars);
foreach ($forms as $entry) {
if (!$entry->isValid())
$valid = false;
if ($entry->getDynamicForm()->get('type') == 'O'
&& ($f = $entry->getField('name'))
&& $f->getClean()
&& ($o=Organization::lookup(array('name'=>$f->getClean())))
&& $o->id != $this->getId()) {
$valid = false;
$f->addError(__('Organization with the same name already exists'));
}
}
if ($vars['domain']) {
foreach (explode(',', $vars['domain']) as $d) {
@@ -443,7 +459,7 @@ function updateProfile($vars, &$errors) {
));
}
$type = array('type' => 'edited');
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name));
Signal::send('object.edited', $this, $type);
return $this->save();
@@ -512,6 +528,7 @@ static function getLink($id) {
}
static function fromVars($vars) {
global $thisstaff;
$vars['name'] = Format::striptags($vars['name']);
if (!($org = static::lookup(array('name' => $vars['name'])))) {
@@ -524,7 +541,7 @@ static function fromVars($vars) {
}
Signal::send('organization.created', $org);
$type = array('type' => 'created');
$type = array('type' => 'created', 'data' => array('name' => $org->getName(), 'person' => $thisstaff->getName()->name));
Signal::send('object.created', $org, $type);
return $org;
}
8 include/class.page.php
View file
@@ -243,6 +243,7 @@ static function lookupByType($type, $lang=false) {
}
function update($vars, &$errors, $allowempty=false) {
global $thisstaff;
//Cleanup.
$vars['name']=Format::striptags(trim($vars['name']));
@@ -269,6 +270,13 @@ function update($vars, &$errors, $allowempty=false) {
if($errors) return false;
foreach ($vars as $key => $value) {
if (isset($this->$key) && ($this->$key != $value)) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $key));
Signal::send('object.edited', $this, $type);
}
}
$this->type = $vars['type'];
$this->name = $vars['name'];
$this->body = Format::sanitize($vars['body']);
21 include/class.role.php
View file
@@ -133,18 +133,32 @@ function __call($what, $args) {
}
private function updatePerms($vars, &$errors=array()) {
global $thisstaff;
$config = array();
$permissions = $this->getPermission();
foreach ($vars as $k => $val) {
if (!array_key_exists($val, $permissions->perms)) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $val));
Signal::send('object.edited', $this, $type);
}
}
foreach (RolePermission::allPermissions() as $g => $perms) {
foreach($perms as $k => $v) {
if (!in_array($k, $vars) && array_key_exists($k, $permissions->perms)) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $k));
Signal::send('object.edited', $this, $type);
}
$permissions->set($k, in_array($k, $vars) ? 1 : 0);
}
}
$this->permissions = $permissions->toJson();
}
function update($vars, &$errors) {
global $thisstaff;
if (!$vars['name'])
$errors['name'] = __('Name required');
@@ -157,6 +171,13 @@ function update($vars, &$errors) {
if ($errors)
return false;
foreach ($vars as $key => $value) {
if (isset($this->$key) && ($this->$key != $value) && ($key != 'perms')) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $key));
Signal::send('object.edited', $this, $type);
}
}
$this->name = $vars['name'];
$this->notes = $vars['notes'];
16 include/class.sla.php
View file
@@ -143,6 +143,7 @@ static function getVarScope() {
}
function update($vars, &$errors) {
global $thisstaff;
if (!$vars['grace_period'])
$errors['grace_period'] = __('Grace period required');
@@ -157,6 +158,14 @@ function update($vars, &$errors) {
if ($errors)
return false;
foreach ($vars as $key => $value) {
if (isset($this->$key) && ($this->$key != $value)) {
$loggedUpdate = true;
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name, 'key' => $key));
Signal::send('object.edited', $this, $type);
}
}
$this->name = $vars['name'];
$this->schedule_id = $vars['schedule_id'];
$this->grace_period = $vars['grace_period'];
@@ -167,8 +176,13 @@ function update($vars, &$errors) {
| (isset($vars['enable_priority_escalation']) ? self::FLAG_ESCALATE : 0)
| (isset($vars['transient']) ? self::FLAG_TRANSIENT : 0);
if ($this->save())
if ($this->save()) {
if (!$loggedUpdate) {
$type = array('type' => 'edited', 'data' => array('name' => $this->getName(), 'person' => $thisstaff->getName()->name));
Signal::send('object.edited', $this, $type);
}
return true;
}
if (isset($this->id)) {
$errors['err']=sprintf(__('Unable to update %s.'), __('this SLA plan'))

0 comments on commit 69da645

Please sign in to comment.
You can’t perform that action at this time.