tcell_agent 2.1.0 → 2.3.0

data/lib/tcell_agent/rails/auth/devise.rb

@@ -1,127 +1,128 @@
-if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
-  module TCellAgent
-    require 'base64'
-    require 'tcell_agent/agent'
-
-    module DeviseInstrumentation
-      module TCellFailureAppRespond
-        def respond
-          TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
-            if TCellAgent.configuration.should_intercept_requests?
-              tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-              if tcell_data
-                # in the case of http auth, user_id is set in
-                # Devise::Strategies::Authenticatable.valid_for_http_auth?
-                user_id = tcell_data.user_id
-                user_id ||= _get_tcell_username
-
-                # in the case of http auth, password is set in
-                # Devise::Strategies::Authenticatable.valid_for_http_auth?
-                password = tcell_data.password
-                password ||= _get_tcell_password
-
-                user_valid = nil
-                login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-                login_policy.report_login_failure(
-                  user_id,
-                  password,
-                  request.env,
-                  user_valid,
-                  tcell_data
-                )
-              end
+module TCellAgent
+  require 'base64'
+  require 'tcell_agent/agent'
+
+  module DeviseInstrumentation
+    module TCellFailureAppRespond
+      def respond
+        TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
+          if TCellAgent.configuration.should_intercept_requests?
+            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+            if tcell_data
+              # in the case of http auth, user_id is set in
+              # Devise::Strategies::Authenticatable.valid_for_http_auth?
+              user_id = tcell_data.user_id
+              user_id ||= _get_tcell_username
+
+              # in the case of http auth, password is set in
+              # Devise::Strategies::Authenticatable.valid_for_http_auth?
+              password = tcell_data.password
+              password ||= _get_tcell_password
+
+              user_valid = warden_message != :not_found_in_database if defined?(warden_message)
+
+              login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+              login_policy.report_login_failure(
+                user_id,
+                password,
+                request.env,
+                user_valid,
+                tcell_data
+              )
             end
           end
-
-          super if defined?(super)
         end
 
-        def _get_tcell_username
-          tcell_username = nil
-          TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
-            keys = scope_class.authentication_keys.dup
-            user_params = request.POST.fetch('user', {})
-            keys.each do |key|
-              next_usename = user_params.fetch(key, nil)
-              if next_usename
-                tcell_username ||= ''
-                tcell_username += next_usename
-              end
+        super if defined?(super)
+      end
+
+      def _get_tcell_username
+        tcell_username = nil
+        TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
+          keys = scope_class.authentication_keys.dup
+          user_params = request.POST.fetch('user', {})
+          keys.each do |key|
+            next_usename = user_params.fetch(key, nil)
+            if next_usename
+              tcell_username ||= ''
+              tcell_username += next_usename
             end
           end
-          tcell_username
         end
+        tcell_username
+      end
 
-        def _get_tcell_password
-          tcell_password = nil
-          TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
-            user_params = request.POST.fetch('user', {})
-            tcell_password = user_params['password']
-          end
-          tcell_password
+      def _get_tcell_password
+        tcell_password = nil
+        TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
+          user_params = request.POST.fetch('user', {})
+          tcell_password = user_params['password']
         end
+        tcell_password
       end
     end
+  end
 
-    # prepend is ruby 2+ feature
-    Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
+  # prepend is ruby 2+ feature
+  Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
+
+  Devise::Strategies::Authenticatable.class_eval do
+    alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
+    def valid_for_http_auth?
+      is_valid = tcell_valid_for_http_auth?
+
+      TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
+        tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+        if http_auth_hash && tcell_data
+          username = http_auth_hash[http_authentication_key]
+          password = http_auth_hash[:password]
+          tcell_data.user_id = username if username && !tcell_data.user_id
+          tcell_data.password = password if password && !tcell_data.password
+        end
+      end
 
-    Devise::Strategies::Authenticatable.class_eval do
-      alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
-      def valid_for_http_auth?
-        is_valid = tcell_valid_for_http_auth?
+      is_valid
+    end
 
-        TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
-          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-          if http_auth_hash && tcell_data
-            username = http_auth_hash[http_authentication_key]
-            password = http_auth_hash[:password]
-            tcell_data.user_id = username if username && !tcell_data.user_id
-            tcell_data.password = password if password && !tcell_data.password
-          end
-        end
+    alias_method :tcell_validate, :validate
+    def validate(resource, &block)
+      is_valid = tcell_validate(resource, &block)
+      send_event = is_valid
 
-        is_valid
+      # gets the first entry in the current backtrace
+      # syntax suggested by rubocop to improve performance
+      if caller(1..1).first.include? 'two_factor_authenticatable'
+        TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
+        send_event = false
       end
 
-      alias_method :tcell_validate, :validate
-      def validate(resource, &block)
-        is_valid = tcell_validate(resource, &block)
-        send_event = is_valid
-
-        # gets the first entry in the current backtrace
-        # syntax suggested by rubocop to improve performance
-        if caller(1..1).first.include? 'two_factor_authenticatable'
-          TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
-          send_event = false
-        end
+      TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
+        if send_event && TCellAgent.configuration.should_intercept_requests?
+          username = nil
+          (authentication_keys || []).each do |auth_key|
+            attr = authentication_hash[auth_key] unless authentication_hash.nil?
 
-        TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
-          if send_event && TCellAgent.configuration.enabled &&
-             TCellAgent.configuration.should_intercept_requests?
-            username = nil
-            (authentication_keys || []).each do |auth_key|
-              attr = authentication_hash[auth_key]
-              if attr
-                username ||= ''
-                username += attr
-              end
+            if attr
+              username ||= ''
+              username += attr
             end
-
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-            return is_valid unless tcell_data
-
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            login_policy.report_login_success(
-              username,
-              request.env,
-              tcell_data
-            )
           end
-        end
 
-        is_valid
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+          return is_valid unless tcell_data
+
+          tcell_data.user_id = username if username && tcell_data.user_id.nil?
+
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          login_policy.report_login_success(
+            username,
+            request.env,
+            tcell_data
+          )
+        end
       end
+
+      is_valid
     end
   end
 end

data/lib/tcell_agent/rails/auth/devise_helper.rb

@@ -0,0 +1,29 @@
+require 'devise'
+require 'devise/rails'
+require 'devise/strategies/database_authenticatable'
+require 'tcell_agent/rails/auth/userinfo'
+
+module TCellAgent
+  TCellAgent::UserInformation.class_eval do
+    class << self
+      alias_method :original_get_user_from_request, :get_user_from_request
+      def get_user_from_request(request)
+        orig_user_id = original_get_user_from_request(request)
+        begin
+          if request.session && request.session.key?('warden.user.user.key')
+            userkey = request.session['warden.user.user.key']
+            user_id = if userkey.length == 2
+                        userkey[0][0]
+                      else
+                        userkey[1][0]
+                      end
+            return user_id.to_s if user_id.is_a? Integer
+          end
+        rescue StandardError
+          return orig_user_id
+        end
+        orig_user_id
+      end
+    end
+  end
+end

data/lib/tcell_agent/rails/auth/doorkeeper.rb

@@ -1,65 +1,31 @@
-if TCellAgent.configuration.should_instrument_doorkeeper? && defined?(Doorkeeper)
+require 'tcell_agent/agent'
 
-  require 'tcell_agent/agent'
-  require 'tcell_agent/sensor_events/login_fraud'
+module TCellAgent
+  module DoorkeeperInstrumentation
+    Doorkeeper::TokensController.class_eval do
+      alias_method :tcell_authorize_response, :authorize_response
+      def authorize_response
+        result = tcell_authorize_response
 
-  module TCellAgent
-    module DoorkeeperInstrumentation
-      Doorkeeper::TokensController.class_eval do
-        alias_method :tcell_authorize_response, :authorize_response
-        def authorize_response
-          result = tcell_authorize_response
+        TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
+          return result unless TCellAgent.configuration.should_intercept_requests?
 
-          TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
-            return result unless TCellAgent.configuration.should_intercept_requests?
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
 
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+          return unless tcell_data
+          headers = request.env
 
-            return unless tcell_data
-            headers = request.env
-
-            if result.is_a?(Doorkeeper::OAuth::TokenResponse)
-              user_id = result.token.resource_owner_id
-              login_policy.report_login_success(
-                user_id,
-                headers,
-                tcell_data
-              )
-            elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
-              user_id = request.POST['client_id']
-              password = nil
-              user_valid = nil
-              login_policy.report_login_failure(
-                user_id,
-                password,
-                headers,
-                user_valid,
-                tcell_data
-              )
-            end
-          end
-
-          result
-        end
-      end
-
-      module TCellAuthorizationsNew
-        def new
-          super if defined?(super)
-
-          TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
-            return unless TCellAgent.configuration.should_intercept_requests?
-            return unless pre_auth.error
-
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-
-            return unless tcell_data
-
-            user_id = current_resource_owner.id
+          if result.is_a?(Doorkeeper::OAuth::TokenResponse)
+            user_id = result.token.resource_owner_id
+            login_policy.report_login_success(
+              user_id,
+              headers,
+              tcell_data
+            )
+          elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
+            user_id = request.POST['client_id']
             password = nil
-            headers = request.env
             user_valid = nil
             login_policy.report_login_failure(
               user_id,
@@ -70,10 +36,40 @@ if TCellAgent.configuration.should_instrument_doorkeeper? && defined?(Doorkeeper
             )
           end
         end
+
+        result
       end
+    end
+
+    module TCellAuthorizationsNew
+      def new
+        super if defined?(super)
+
+        TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
+          return unless TCellAgent.configuration.should_intercept_requests?
+          return unless pre_auth.error
 
-      # prepend is ruby 2+ feature
-      Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+
+          return unless tcell_data
+
+          user_id = current_resource_owner.id
+          password = nil
+          headers = request.env
+          user_valid = nil
+          login_policy.report_login_failure(
+            user_id,
+            password,
+            headers,
+            user_valid,
+            tcell_data
+          )
+        end
+      end
     end
+
+    # prepend is ruby 2+ feature
+    Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
   end
 end

data/lib/tcell_agent/rails/csrf_exception.rb

@@ -16,12 +16,4 @@ module TCellAgent
       super if defined?(super)
     end
   end
-
-  class MyRailtie < Rails::Railtie
-    initializer 'tcell.sensors' do |_app|
-      ActiveSupport.on_load :action_controller do
-        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
-      end
-    end
-  end
 end

data/lib/tcell_agent/rails/dlp.rb

@@ -1,8 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
-require 'tcell_agent/authlogic' if defined?(Authlogic)
-require 'tcell_agent/devise' if defined?(Devise)
-
 require 'rails'
 require 'uri'
 require 'tcell_agent/agent'
@@ -21,7 +18,6 @@ require 'tcell_agent/rails/settings_reporter'
 
 require 'tcell_agent/instrumentation'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 

data/lib/tcell_agent/rails/middleware/global_middleware.rb

@@ -7,7 +7,7 @@ require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 
-require 'tcell_agent/userinfo'
+require 'tcell_agent/rails/auth/userinfo'
 require 'cgi'
 
 require 'tcell_agent/instrumentation'
@@ -24,6 +24,9 @@ module TCellAgent
           def call(env)
             if TCellAgent.configuration.should_intercept_requests?
               request = Rack::Request.new(env)
+
+              request['init'] = true
+
               TCellAgent::Instrumentation.safe_block('Setting session_id & user_id') do
                 if request.session
                   env[TCellAgent::Instrumentation::TCELL_ID].session_id =

data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb}

@@ -2,36 +2,21 @@
 
 require 'rails'
 
-require 'tcell_agent/rails/routes'
-
 require 'tcell_agent/rails/middleware/global_middleware'
 require 'tcell_agent/rails/middleware/body_filter_middleware'
 require 'tcell_agent/rails/middleware/headers_middleware'
 require 'tcell_agent/rails/middleware/context_middleware'
 
+require 'tcell_agent/rails/routes'
 require 'tcell_agent/rails/settings_reporter'
 require 'tcell_agent/rails/dlp'
 require 'tcell_agent/rails/csrf_exception'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
 module TCellAgent
   class TCellAgentStartupRailtie < Rails::Railtie
-    # TCellAgent config can be specified thru
-    # Rails initializer's (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
-    # so those need to run first since this relies on configuration
-    initializer :tcell_instrument_auth_frameworks, :after => :load_config_initializers do |_app|
-      next unless TCellAgent.configuration.should_instrument?
-
-      require 'tcell_agent/devise'
-      require 'tcell_agent/rails/auth/devise'
-      require 'tcell_agent/authlogic'
-      require 'tcell_agent/rails/auth/authlogic'
-      require 'tcell_agent/rails/auth/doorkeeper'
-    end
-
     initializer :tcell_insert_middleware, :before => :build_middleware_stack do |app|
       app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
       app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
@@ -39,4 +24,12 @@ module TCellAgent
       app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
     end
   end
+
+  class TCellAgentCSRFRailtie < Rails::Railtie
+    initializer 'tcell.sensors' do |_app|
+      ActiveSupport.on_load :action_controller do
+        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
+      end
+    end
+  end
 end