tcell_agent 2.0.0 → 2.5.0

data/lib/tcell_agent/rails/auth/authlogic.rb

@@ -1,56 +1,61 @@
-if TCellAgent.configuration.should_instrument_authlogic? && defined?(Authlogic)
+# frozen_string_literal: true
 
-  require 'tcell_agent/configuration'
-  require 'tcell_agent/instrumentation'
+require 'tcell_agent/configuration'
+require 'tcell_agent/instrumentation'
 
-  module TCellAgent
-    require 'tcell_agent/agent'
+module TCellAgent
+  require 'tcell_agent/agent'
 
-    Authlogic::Session::Base.class_eval do
-      alias_method :tcell_save, :save
-      def save(&block)
-        return tcell_save(&block) unless TCellAgent.configuration.should_intercept_requests?
+  Authlogic::Session::Base.class_eval do
+    alias_method :tcell_save, :save
+    def save(&block)
+      return tcell_save(&block) unless TCellAgent.configuration.should_intercept_requests?
 
-        user_logged_in_before = !user.nil?
-        success = tcell_save(&block)
-        user_logged_in_after = !user.nil?
+      user_logged_in_before = !user.nil?
+      success = tcell_save(&block)
+      user_logged_in_after = !user.nil?
 
-        TCellAgent::Instrumentation.safe_block('Authlogic login info') do
-          user_id = nil
-          password = nil
-          user_valid = nil
-          TCellAgent::Instrumentation.safe_block('getting userid for login form') do
-            user_id = send(self.class.login_field.to_sym)
-          end
+      TCellAgent::Instrumentation.safe_block('Authlogic login info') do
+        user_id = nil
+        password = nil
+        user_valid = nil
+        TCellAgent::Instrumentation.safe_block('getting userid for login form') do
+          user_id = send(self.class.login_field.to_sym)
+        end
+
+        request = Authlogic::Session::Base.controller.request
+        tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+
+        return success unless tcell_data
+
+        login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+        if user_logged_in_before && user_logged_in_after
+        # password changed or logged in as another user
+        elsif !user_logged_in_before && !user_logged_in_after
+          TCellAgent::Instrumentation.safe_block('checking if user is valid') do
+            error_messages = errors.messages[login_field]
 
-          request = Authlogic::Session::Base.controller.request
-          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-
-          return success unless tcell_data
-
-          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-          if user_logged_in_before && user_logged_in_after
-            # password changed or logged in as another user
-          elsif !user_logged_in_before && !user_logged_in_after
-            login_policy.report_login_failure(
-              user_id,
-              password,
-              request.env,
-              user_valid,
-              tcell_data
-            )
-          elsif !user_logged_in_before && user_logged_in_after
-            login_policy.report_login_success(
-              user_id,
-              request.env,
-              tcell_data
-            )
+            user_valid = error_messages.empty?
           end
-        end
 
-        success
+          login_policy.report_login_failure(
+            user_id,
+            password,
+            request.env,
+            user_valid,
+            tcell_data
+          )
+        elsif !user_logged_in_before && user_logged_in_after
+          tcell_data.user_id = user_id if user_id && tcell_data.user_id.nil?
+          login_policy.report_login_success(
+            user_id,
+            request.env,
+            tcell_data
+          )
+        end
       end
+
+      success
     end
   end
-
 end

data/lib/tcell_agent/rails/auth/authlogic_helper.rb

@@ -0,0 +1,20 @@
+require 'tcell_agent/rails/auth/userinfo'
+
+module TCellAgent
+  TCellAgent::UserInformation.class_eval do
+    class << self
+      alias_method :original_get_user_from_request, :get_user_from_request
+      def get_user_from_request(request)
+        orig_user_id = original_get_user_from_request(request)
+        begin
+          if request.session && request.session.key?('user_credentials_id')
+            return request.session['user_credentials_id'].to_s
+          end
+        rescue StandardError
+          return orig_user_id
+        end
+        orig_user_id
+      end
+    end
+  end
+end

data/lib/tcell_agent/rails/auth/devise.rb

@@ -1,127 +1,128 @@
-if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
-  module TCellAgent
-    require 'base64'
-    require 'tcell_agent/agent'
-
-    module DeviseInstrumentation
-      module TCellFailureAppRespond
-        def respond
-          TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
-            if TCellAgent.configuration.should_intercept_requests?
-              tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-              if tcell_data
-                # in the case of http auth, user_id is set in
-                # Devise::Strategies::Authenticatable.valid_for_http_auth?
-                user_id = tcell_data.user_id
-                user_id ||= _get_tcell_username
-
-                # in the case of http auth, password is set in
-                # Devise::Strategies::Authenticatable.valid_for_http_auth?
-                password = tcell_data.password
-                password ||= _get_tcell_password
-
-                user_valid = nil
-                login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-                login_policy.report_login_failure(
-                  user_id,
-                  password,
-                  request.env,
-                  user_valid,
-                  tcell_data
-                )
-              end
+module TCellAgent
+  require 'base64'
+  require 'tcell_agent/agent'
+
+  module DeviseInstrumentation
+    module TCellFailureAppRespond
+      def respond
+        TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
+          if TCellAgent.configuration.should_intercept_requests?
+            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+            if tcell_data
+              # in the case of http auth, user_id is set in
+              # Devise::Strategies::Authenticatable.valid_for_http_auth?
+              user_id = tcell_data.user_id
+              user_id ||= _get_tcell_username
+
+              # in the case of http auth, password is set in
+              # Devise::Strategies::Authenticatable.valid_for_http_auth?
+              password = tcell_data.password
+              password ||= _get_tcell_password
+
+              user_valid = warden_message != :not_found_in_database if defined?(warden_message)
+
+              login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+              login_policy.report_login_failure(
+                user_id,
+                password,
+                request.env,
+                user_valid,
+                tcell_data
+              )
             end
           end
-
-          super if defined?(super)
         end
 
-        def _get_tcell_username
-          tcell_username = nil
-          TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
-            keys = scope_class.authentication_keys.dup
-            user_params = request.POST.fetch('user', {})
-            keys.each do |key|
-              next_usename = user_params.fetch(key, nil)
-              if next_usename
-                tcell_username ||= ''
-                tcell_username += next_usename
-              end
+        super if defined?(super)
+      end
+
+      def _get_tcell_username
+        tcell_username = nil
+        TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
+          keys = scope_class.authentication_keys.dup
+          user_params = request.POST.fetch('user', {})
+          keys.each do |key|
+            next_usename = user_params.fetch(key, nil)
+            if next_usename
+              tcell_username ||= ''
+              tcell_username += next_usename
             end
           end
-          tcell_username
         end
+        tcell_username
+      end
 
-        def _get_tcell_password
-          tcell_password = nil
-          TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
-            user_params = request.POST.fetch('user', {})
-            tcell_password = user_params['password']
-          end
-          tcell_password
+      def _get_tcell_password
+        tcell_password = nil
+        TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
+          user_params = request.POST.fetch('user', {})
+          tcell_password = user_params['password']
         end
+        tcell_password
       end
     end
+  end
 
-    # prepend is ruby 2+ feature
-    Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
+  # prepend is ruby 2+ feature
+  Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
+
+  Devise::Strategies::Authenticatable.class_eval do
+    alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
+    def valid_for_http_auth?
+      is_valid = tcell_valid_for_http_auth?
+
+      TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
+        tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+        if http_auth_hash && tcell_data
+          username = http_auth_hash[http_authentication_key]
+          password = http_auth_hash[:password]
+          tcell_data.user_id = username if username && !tcell_data.user_id
+          tcell_data.password = password if password && !tcell_data.password
+        end
+      end
 
-    Devise::Strategies::Authenticatable.class_eval do
-      alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
-      def valid_for_http_auth?
-        is_valid = tcell_valid_for_http_auth?
+      is_valid
+    end
 
-        TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
-          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-          if http_auth_hash && tcell_data
-            username = http_auth_hash[http_authentication_key]
-            password = http_auth_hash[:password]
-            tcell_data.user_id = username if username && !tcell_data.user_id
-            tcell_data.password = password if password && !tcell_data.password
-          end
-        end
+    alias_method :tcell_validate, :validate
+    def validate(resource, &block)
+      is_valid = tcell_validate(resource, &block)
+      send_event = is_valid
 
-        is_valid
+      # gets the first entry in the current backtrace
+      # syntax suggested by rubocop to improve performance
+      if caller(1..1).first.include? 'two_factor_authenticatable'
+        TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
+        send_event = false
       end
 
-      alias_method :tcell_validate, :validate
-      def validate(resource, &block)
-        is_valid = tcell_validate(resource, &block)
-        send_event = is_valid
-
-        # gets the first entry in the current backtrace
-        # syntax suggested by rubocop to improve performance
-        if caller(1..1).first.include? 'two_factor_authenticatable'
-          TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
-          send_event = false
-        end
+      TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
+        if send_event && TCellAgent.configuration.should_intercept_requests?
+          username = nil
+          (authentication_keys || []).each do |auth_key|
+            attr = authentication_hash[auth_key] unless authentication_hash.nil?
 
-        TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
-          if send_event && TCellAgent.configuration.enabled &&
-             TCellAgent.configuration.should_intercept_requests?
-            username = nil
-            (authentication_keys || []).each do |auth_key|
-              attr = authentication_hash[auth_key]
-              if attr
-                username ||= ''
-                username += attr
-              end
+            if attr
+              username ||= ''
+              username += attr
             end
-
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-            return is_valid unless tcell_data
-
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            login_policy.report_login_success(
-              username,
-              request.env,
-              tcell_data
-            )
           end
-        end
 
-        is_valid
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+          return is_valid unless tcell_data
+
+          tcell_data.user_id = username if username && tcell_data.user_id.nil?
+
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          login_policy.report_login_success(
+            username,
+            request.env,
+            tcell_data
+          )
+        end
       end
+
+      is_valid
     end
   end
 end

data/lib/tcell_agent/rails/auth/devise_helper.rb

@@ -0,0 +1,29 @@
+require 'devise'
+require 'devise/rails'
+require 'devise/strategies/database_authenticatable'
+require 'tcell_agent/rails/auth/userinfo'
+
+module TCellAgent
+  TCellAgent::UserInformation.class_eval do
+    class << self
+      alias_method :original_get_user_from_request, :get_user_from_request
+      def get_user_from_request(request)
+        orig_user_id = original_get_user_from_request(request)
+        begin
+          if request.session && request.session.key?('warden.user.user.key')
+            userkey = request.session['warden.user.user.key']
+            user_id = if userkey.length == 2
+                        userkey[0][0]
+                      else
+                        userkey[1][0]
+                      end
+            return user_id.to_s if user_id.is_a? Integer
+          end
+        rescue StandardError
+          return orig_user_id
+        end
+        orig_user_id
+      end
+    end
+  end
+end

data/lib/tcell_agent/rails/auth/doorkeeper.rb

@@ -1,65 +1,32 @@
-if TCellAgent.configuration.should_instrument_doorkeeper? && defined?(Doorkeeper)
+require 'tcell_agent/agent'
 
-  require 'tcell_agent/agent'
-  require 'tcell_agent/sensor_events/login_fraud'
+module TCellAgent
+  module DoorkeeperInstrumentation
+    Doorkeeper::TokensController.class_eval do
+      alias_method :tcell_authorize_response, :authorize_response
+      def authorize_response
+        result = tcell_authorize_response
 
-  module TCellAgent
-    module DoorkeeperInstrumentation
-      Doorkeeper::TokensController.class_eval do
-        alias_method :tcell_authorize_response, :authorize_response
-        def authorize_response
-          result = tcell_authorize_response
+        TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
+          return result unless TCellAgent.configuration.should_intercept_requests?
 
-          TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
-            return result unless TCellAgent.configuration.should_intercept_requests?
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
 
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+          return unless tcell_data
 
-            return unless tcell_data
-            headers = request.env
+          headers = request.env
 
-            if result.is_a?(Doorkeeper::OAuth::TokenResponse)
-              user_id = result.token.resource_owner_id
-              login_policy.report_login_success(
-                user_id,
-                headers,
-                tcell_data
-              )
-            elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
-              user_id = request.POST['client_id']
-              password = nil
-              user_valid = nil
-              login_policy.report_login_failure(
-                user_id,
-                password,
-                headers,
-                user_valid,
-                tcell_data
-              )
-            end
-          end
-
-          result
-        end
-      end
-
-      module TCellAuthorizationsNew
-        def new
-          super if defined?(super)
-
-          TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
-            return unless TCellAgent.configuration.should_intercept_requests?
-            return unless pre_auth.error
-
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-
-            return unless tcell_data
-
-            user_id = current_resource_owner.id
+          if result.is_a?(Doorkeeper::OAuth::TokenResponse)
+            user_id = result.token.resource_owner_id
+            login_policy.report_login_success(
+              user_id,
+              headers,
+              tcell_data
+            )
+          elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
+            user_id = request.POST['client_id']
             password = nil
-            headers = request.env
             user_valid = nil
             login_policy.report_login_failure(
               user_id,
@@ -70,10 +37,40 @@ if TCellAgent.configuration.should_instrument_doorkeeper? && defined?(Doorkeeper
             )
           end
         end
+
+        result
       end
+    end
+
+    module TCellAuthorizationsNew
+      def new
+        super if defined?(super)
+
+        TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
+          return unless TCellAgent.configuration.should_intercept_requests?
+          return unless pre_auth.error
 
-      # prepend is ruby 2+ feature
-      Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+
+          return unless tcell_data
+
+          user_id = current_resource_owner.id
+          password = nil
+          headers = request.env
+          user_valid = nil
+          login_policy.report_login_failure(
+            user_id,
+            password,
+            headers,
+            user_valid,
+            tcell_data
+          )
+        end
+      end
     end
+
+    # prepend is ruby 2+ feature
+    Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
   end
 end

data/lib/tcell_agent/rails/better_ip.rb

@@ -4,28 +4,16 @@ require 'tcell_agent/instrumentation'
 module TCellAgent
   module Utils
     module Rails
-      def self.better_ip(request)
-        if TCellAgent.configuration.reverse_proxy
-          TCellAgent::Instrumentation.safe_block('Extracting reverse proxy IP') do
-            reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
-            reverse_proxy_header = if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
-                                     'HTTP_' + reverse_proxy_header.upcase.tr('-', '_')
-                                   else
-                                     'HTTP_X_FORWARDED_FOR'
-                                   end
+      def self.reverse_proxy_header(request)
+        return unless TCellAgent.configuration.reverse_proxy
 
-            x_forwarded_for = request.env[reverse_proxy_header]
-            ip = if TCellAgent::Utils::Strings.present?(x_forwarded_for)
-                   x_forwarded_for.split(',')[0].strip
-                 else
-                   request.ip
-                 end
+        TCellAgent::Instrumentation.safe_block('Extracting reverse proxy header') do
+          reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
 
-            return ip
-          end
-        end
+          return if reverse_proxy_header.nil? || reverse_proxy_header.empty?
 
-        request.ip
+          return request.env["HTTP_#{reverse_proxy_header.upcase.tr('-', '_')}"]
+        end
       end
     end
   end

data/lib/tcell_agent/rails/csrf_exception.rb

@@ -16,12 +16,4 @@ module TCellAgent
       super if defined?(super)
     end
   end
-
-  class MyRailtie < Rails::Railtie
-    initializer 'tcell.sensors' do |_app|
-      ActiveSupport.on_load :action_controller do
-        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
-      end
-    end
-  end
 end

data/lib/tcell_agent/rails/dlp/process_request.rb

@@ -37,6 +37,7 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_form_parameter?
+
       for_params(request) do |_method, param_name, param_value|
         actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
         if actions
@@ -51,11 +52,13 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_headers?
+
       headers = request.env.select { |k, _v| k.start_with? 'HTTP_' }
       headers.each do |header_name, header_value|
         header_name = header_name.sub(/^HTTP_/, '').tr('_', '-')
         actions = dataex_policy.get_actions_for_header(header_name)
         next unless actions
+
         actions.each do |action|
           tcell_context.add_filter_for_header_value(header_value, action, header_name)
         end
@@ -66,9 +69,11 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_cookie?
+
       request.cookies.each do |cookie_name, cookie_value|
         actions = dataex_policy.get_actions_for_cookie(cookie_name)
         next unless actions
+
         actions.each do |action|
           tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
         end