tcell_agent 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +4 -0
- data/README.md +43 -0
- data/Rakefile +7 -0
- data/bin/tcell_agent +171 -0
- data/config/initializers/authlogic_auth.rb +51 -0
- data/config/initializers/devise_auth.rb +167 -0
- data/config/initializers/init.rb +8 -0
- data/lib/tcell_agent.rb +33 -0
- data/lib/tcell_agent/agent.rb +79 -0
- data/lib/tcell_agent/agent/event_processor.rb +133 -0
- data/lib/tcell_agent/agent/policy_manager.rb +138 -0
- data/lib/tcell_agent/agent/policy_types.rb +42 -0
- data/lib/tcell_agent/agent/static_agent.rb +22 -0
- data/lib/tcell_agent/api.rb +101 -0
- data/lib/tcell_agent/appsensor.rb +42 -0
- data/lib/tcell_agent/appsensor/cmdi.rb +32 -0
- data/lib/tcell_agent/appsensor/path_traversal.rb +33 -0
- data/lib/tcell_agent/appsensor/sqli.rb +55 -0
- data/lib/tcell_agent/appsensor/xss.rb +40 -0
- data/lib/tcell_agent/authlogic.rb +26 -0
- data/lib/tcell_agent/configuration.rb +148 -0
- data/lib/tcell_agent/dataloss.rb +0 -0
- data/lib/tcell_agent/devise.rb +83 -0
- data/lib/tcell_agent/instrumentation.rb +44 -0
- data/lib/tcell_agent/logger.rb +46 -0
- data/lib/tcell_agent/policies/add_script_tag_policy.rb +47 -0
- data/lib/tcell_agent/policies/appsensor_policy.rb +76 -0
- data/lib/tcell_agent/policies/clickjacking_policy.rb +113 -0
- data/lib/tcell_agent/policies/content_security_policy.rb +119 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +175 -0
- data/lib/tcell_agent/policies/honeytokens_policy.rb +67 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +84 -0
- data/lib/tcell_agent/policies/http_tx_policy.rb +60 -0
- data/lib/tcell_agent/policies/login_fraud_policy.rb +42 -0
- data/lib/tcell_agent/policies/secure_headers_policy.rb +64 -0
- data/lib/tcell_agent/rails.rb +146 -0
- data/lib/tcell_agent/rails/devise.rb +0 -0
- data/lib/tcell_agent/rails/dlp.rb +204 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +69 -0
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +50 -0
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +53 -0
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +176 -0
- data/lib/tcell_agent/rails/routes.rb +130 -0
- data/lib/tcell_agent/rails/settings_reporter.rb +40 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +16 -0
- data/lib/tcell_agent/sensor_events/app_sensor.rb +240 -0
- data/lib/tcell_agent/sensor_events/dlp.rb +58 -0
- data/lib/tcell_agent/sensor_events/honeytokens.rb +16 -0
- data/lib/tcell_agent/sensor_events/login_fraud.rb +43 -0
- data/lib/tcell_agent/sensor_events/metrics.rb +24 -0
- data/lib/tcell_agent/sensor_events/sensor.rb +85 -0
- data/lib/tcell_agent/sensor_events/server_agent.rb +101 -0
- data/lib/tcell_agent/sensor_events/util/redirect_utils.rb +22 -0
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +153 -0
- data/lib/tcell_agent/sensor_events/util/utils.rb +21 -0
- data/lib/tcell_agent/sinatra.rb +41 -0
- data/lib/tcell_agent/start_background_thread.rb +63 -0
- data/lib/tcell_agent/userinfo.rb +8 -0
- data/lib/tcell_agent/utils/queue_with_timeout.rb +60 -0
- data/lib/tcell_agent/version.rb +5 -0
- data/spec/controllers/application_controller.rb +12 -0
- data/spec/lib/tcell_agent/api/api_spec.rb +36 -0
- data/spec/lib/tcell_agent/appsensor_spec.rb +66 -0
- data/spec/lib/tcell_agent/policies/add_script_tag_policy_spec.rb +37 -0
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +40 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +71 -0
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +71 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +88 -0
- data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +22 -0
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +62 -0
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +22 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +42 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +67 -0
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +187 -0
- data/spec/lib/tcell_agent/rails_spec.rb +57 -0
- data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +14 -0
- data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +25 -0
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +57 -0
- data/spec/lib/tcell_agent_spec.rb +22 -0
- data/spec/resources/normal_config.json +13 -0
- data/spec/spec_helper.rb +4 -0
- data/tcell_agent.gemspec +29 -0
- metadata +249 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 89400e737468ee73780a481cccf4e21c684f0749
|
4
|
+
data.tar.gz: 61f6bdb301b0b0586f955183401b7004aaaa5c84
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 22bc24714bf4f233b7b338b9f48e9abad27e78982d6730f75f8774f49bb9a16dbbd54266f21e7762309e878de6f6093845992d1ca3e76f6725d633062b826b03
|
7
|
+
data.tar.gz: 4becf0b297b2dc0bda7199525d0973cc737009b8fac7ebd7e18dd6277e445b6dd11e42f17a0f73ca6de73eed46c074de4fc96267708b50a199beac9e49b07495
|
data/LICENSE
ADDED
data/README.md
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
# TCellAgent [![Build Status](https://magnum.travis-ci.com/tcellio/rubyagent-tcell.svg?token=j7YU3iPt38CqCoDeM83P)](https://magnum.travis-ci.com/tcellio/rubyagent-tcell)
|
2
|
+
|
3
|
+
TCell Agent - Instruments Rails & Sinatra
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Download the GEM file and unpack it:
|
8
|
+
|
9
|
+
$ curl -O https://s3-us-west-2.amazonaws.com/tcell-agent-download/duvm4dj/tcell_agent-0.2.0.gem
|
10
|
+
|
11
|
+
In your rails directory
|
12
|
+
|
13
|
+
$ mv tcell_agent-0.2.0.gem vendor/cache/
|
14
|
+
$ bundle install
|
15
|
+
|
16
|
+
Add this line to your application's Gemfile:
|
17
|
+
|
18
|
+
|
19
|
+
```ruby
|
20
|
+
gem 'tcell_agent', '0.2.0'
|
21
|
+
```
|
22
|
+
or if you're using the repository directly.
|
23
|
+
```ruby
|
24
|
+
gem "tcell_agent", :path => "<path to your tcell_agent repo>"
|
25
|
+
```
|
26
|
+
|
27
|
+
And then execute:
|
28
|
+
|
29
|
+
$ bundle
|
30
|
+
|
31
|
+
## Usage
|
32
|
+
|
33
|
+
You can download the config file from the Agents section of the application then move it to the config directory
|
34
|
+
|
35
|
+
$ cp ~/Downloads/tcell_agent.config config/
|
36
|
+
|
37
|
+
Or run the helper command
|
38
|
+
|
39
|
+
$ bundle exec tcell_agent setup
|
40
|
+
|
41
|
+
Or if running from the repo:
|
42
|
+
|
43
|
+
$ bundle exec <path to repo>/rubyagent-tcell/bin/tcell_agent
|
data/Rakefile
ADDED
data/bin/tcell_agent
ADDED
@@ -0,0 +1,171 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
#todo: so a small bit becames something, larger, rewrite as a real cmdline script
|
4
|
+
|
5
|
+
require 'fileutils'
|
6
|
+
require 'json'
|
7
|
+
|
8
|
+
def yesno(default=true)
|
9
|
+
begin
|
10
|
+
system("stty raw -echo")
|
11
|
+
str = STDIN.getc
|
12
|
+
ensure
|
13
|
+
system("stty -raw echo")
|
14
|
+
end
|
15
|
+
if str == "Y" || str == "y"
|
16
|
+
return true
|
17
|
+
elsif str == "N" || str == "n"
|
18
|
+
return false
|
19
|
+
else
|
20
|
+
return default
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
CONFIG_DIR = 'config'
|
25
|
+
CONFIG_FILE = 'config/tcell_agent.config'
|
26
|
+
|
27
|
+
if (ARGV.length == 0)
|
28
|
+
puts "Usage: tcell_agent command [options]"
|
29
|
+
puts " setup Setup new config file"
|
30
|
+
puts " test Test classes and config"
|
31
|
+
puts " preload (filename|rm) Set the preload file, 'rm' removes it"
|
32
|
+
|
33
|
+
Kernel.exit(1)
|
34
|
+
end
|
35
|
+
|
36
|
+
if (ARGV[0] == 'setup')
|
37
|
+
if !File.directory?(CONFIG_DIR)
|
38
|
+
print "Directory 'config' not found, create? [Y/n]"
|
39
|
+
answer = yesno()
|
40
|
+
print "\n"
|
41
|
+
if !answer
|
42
|
+
puts "ERROR: Could not create config"
|
43
|
+
Kernel.exit(1)
|
44
|
+
end
|
45
|
+
FileUtils::mkdir_p CONFIG_DIR
|
46
|
+
end
|
47
|
+
if File.exists?(CONFIG_FILE)
|
48
|
+
print "Config file already exists, overwrite? [y/N]"
|
49
|
+
answer = yesno(false)
|
50
|
+
print "\n"
|
51
|
+
if !answer
|
52
|
+
puts "Keeping existing config"
|
53
|
+
Kernel.exit(1)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
print "Enter your API Key (ie gAABAAAA...): "
|
57
|
+
api_key = STDIN.gets.chomp
|
58
|
+
print "Enter your App ID (ie MyApp-Fdk4j): "
|
59
|
+
app_id = STDIN.gets.chomp
|
60
|
+
config_hash = {
|
61
|
+
"version"=>1,
|
62
|
+
"applications"=>[
|
63
|
+
{
|
64
|
+
"app_id"=>app_id,
|
65
|
+
"api_key"=>api_key
|
66
|
+
}
|
67
|
+
]
|
68
|
+
}
|
69
|
+
File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
|
70
|
+
puts "done."
|
71
|
+
|
72
|
+
elsif (ARGV[0] == 'loglevel')
|
73
|
+
if (ARGV.length != 2)
|
74
|
+
puts "Usage: tcell_agent loglevel ERROR|INFO|DEBUG|OFF"
|
75
|
+
Kernel.exit(1)
|
76
|
+
end
|
77
|
+
file = File.read(CONFIG_FILE)
|
78
|
+
config_hash = JSON.parse(file)
|
79
|
+
loglevel = ARGV[1].upcase
|
80
|
+
logging_options = config_hash["applications"][0].fetch("logging_options",{})
|
81
|
+
if loglevel == "OFF"
|
82
|
+
logging_options["enabled"] = false
|
83
|
+
elsif loglevel == "ERROR" || loglevel == "INFO" || loglevel == "DEBUG"
|
84
|
+
logging_options["enabled"] = true
|
85
|
+
logging_options["level"] = loglevel
|
86
|
+
else
|
87
|
+
puts "Usage: tcell_agent loglevel ERROR|INFO|DEBUG|OFF"
|
88
|
+
Kernel.exit(1)
|
89
|
+
end
|
90
|
+
config_hash["applications"][0]["logging_options"] = logging_options
|
91
|
+
File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
|
92
|
+
puts "done."
|
93
|
+
|
94
|
+
elsif (ARGV[0] == 'preload')
|
95
|
+
if (ARGV.length != 2)
|
96
|
+
puts "Usage tcell_agent preload <filename>|rm"
|
97
|
+
Kernel.exit(1)
|
98
|
+
end
|
99
|
+
if !File.exists?(CONFIG_FILE)
|
100
|
+
puts "Config file not found, run 'tcell_agent setup' first"
|
101
|
+
Kernel.exit(1)
|
102
|
+
end
|
103
|
+
file = File.read(CONFIG_FILE)
|
104
|
+
config_hash = JSON.parse(file)
|
105
|
+
preload_policy_filename = ARGV[1]
|
106
|
+
if preload_policy_filename == "rm"
|
107
|
+
config_hash["applications"][0].delete("preload_policy_filename")
|
108
|
+
else
|
109
|
+
config_hash["applications"][0]["preload_policy_filename"] = ARGV[1]
|
110
|
+
end
|
111
|
+
File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
|
112
|
+
puts "done."
|
113
|
+
|
114
|
+
elsif (ARGV[0] == 'test')
|
115
|
+
puts
|
116
|
+
printf "%-50s", "Config file exists... "
|
117
|
+
if !File.exists?(CONFIG_FILE)
|
118
|
+
puts "failed"
|
119
|
+
Kernel.exit(1)
|
120
|
+
end
|
121
|
+
puts "passed"
|
122
|
+
|
123
|
+
printf "%-50s", "Config valid json... "
|
124
|
+
file = File.read(CONFIG_FILE)
|
125
|
+
config_hash = JSON.parse(file)
|
126
|
+
puts "passed"
|
127
|
+
|
128
|
+
printf "%-50s", "Config file has valid version... "
|
129
|
+
if config_hash.fetch("version") != 1
|
130
|
+
puts "failed"
|
131
|
+
Kernel.exit(1)
|
132
|
+
end
|
133
|
+
puts "passed"
|
134
|
+
|
135
|
+
printf "%-50s", "Config file has application..."
|
136
|
+
if config_hash.fetch("applications").length == 0
|
137
|
+
puts "failed"
|
138
|
+
Kernel.exit(1)
|
139
|
+
end
|
140
|
+
puts "passed"
|
141
|
+
|
142
|
+
printf "%-50s", "Application has api_key and app_id... "
|
143
|
+
tcell_application = config_hash.fetch("applications")[0]
|
144
|
+
if !tcell_application.key?("app_id") || !tcell_application.key?("api_key")
|
145
|
+
puts "failed"
|
146
|
+
Kernel.exit(1)
|
147
|
+
end
|
148
|
+
puts "passed"
|
149
|
+
|
150
|
+
printf "%-50s", "Requiring configuration library... "
|
151
|
+
require 'tcell_agent/configuration'
|
152
|
+
require 'tcell_agent/api'
|
153
|
+
puts "passed"
|
154
|
+
|
155
|
+
printf "%-50s", "Make test API call for policies... "
|
156
|
+
api = TCellAgent::TCellApi.new
|
157
|
+
api.pollAPI
|
158
|
+
puts "passed"
|
159
|
+
|
160
|
+
printf "%-50s", "Sending a Test event... "
|
161
|
+
send_succeeded = api.sendEventSet([])
|
162
|
+
if !send_succeeded
|
163
|
+
puts "failed"
|
164
|
+
Kernel.exit(1)
|
165
|
+
end
|
166
|
+
puts "passed"
|
167
|
+
puts
|
168
|
+
puts "all tests passed, looks good."
|
169
|
+
puts "done."
|
170
|
+
end
|
171
|
+
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# See the file "LICENSE" for the full license governing this code.
|
2
|
+
|
3
|
+
require 'tcell_agent/logger'
|
4
|
+
require 'tcell_agent/configuration'
|
5
|
+
require 'tcell_agent/instrumentation'
|
6
|
+
|
7
|
+
module TCellAgent
|
8
|
+
if defined?(Authlogic)
|
9
|
+
TCellAgent.logger.debug("Instrumenting Authlogic")
|
10
|
+
if (TCellAgent.configuration.enabled && TCellAgent.configuration.instrument_for_events)
|
11
|
+
require 'tcell_agent/agent'
|
12
|
+
require 'tcell_agent/sensor_events/login_fraud'
|
13
|
+
Authlogic::Session::Base.class_eval do
|
14
|
+
alias_method :original_save, :save
|
15
|
+
def save(&block)
|
16
|
+
user_logged_in_before = (user != nil)
|
17
|
+
success = original_save
|
18
|
+
user_logged_in_after = (user != nil)
|
19
|
+
TCellAgent::Instrumentation.safe_block("Authlogic login info") {
|
20
|
+
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
21
|
+
if (login_fraud_policy && login_fraud_policy.enabled)
|
22
|
+
user_id = nil
|
23
|
+
TCellAgent::Instrumentation.safe_block("getting userid for login form") {
|
24
|
+
user_id = self.send(self.class.login_field.to_sym)
|
25
|
+
}
|
26
|
+
if (user_logged_in_before && user_logged_in_after)
|
27
|
+
#password changed or logged in as another user
|
28
|
+
elsif (!user_logged_in_before && !user_logged_in_after)
|
29
|
+
if (login_fraud_policy.login_failed_enabled)
|
30
|
+
request = Authlogic::Session::Base.controller.request
|
31
|
+
response = Authlogic::Session::Base.controller.response
|
32
|
+
hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
33
|
+
event = TCellAgent::SensorEvents::LoginFailure.new(request, response, user_id, hmac_session_id)
|
34
|
+
TCellAgent.send_event(event)
|
35
|
+
end
|
36
|
+
elsif (!user_logged_in_before && user_logged_in_after)
|
37
|
+
if (login_fraud_policy.login_success_enabled)
|
38
|
+
request = Authlogic::Session::Base.controller.request
|
39
|
+
response = Authlogic::Session::Base.controller.response
|
40
|
+
hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
41
|
+
event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
42
|
+
TCellAgent.send_event(event)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
}
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end # if instrument
|
50
|
+
end # if Authlogic
|
51
|
+
end
|
@@ -0,0 +1,167 @@
|
|
1
|
+
# See the file "LICENSE" for the full license governing this code.
|
2
|
+
|
3
|
+
require 'tcell_agent/logger'
|
4
|
+
require 'tcell_agent/configuration'
|
5
|
+
require 'tcell_agent/userinfo'
|
6
|
+
require 'tcell_agent/instrumentation'
|
7
|
+
|
8
|
+
module TCellAgent
|
9
|
+
if defined?(Devise)
|
10
|
+
|
11
|
+
if (TCellAgent.configuration.enabled && TCellAgent.configuration.instrument_for_events)
|
12
|
+
TCellAgent.logger.debug("Instrumenting Devise")
|
13
|
+
|
14
|
+
require 'tcell_agent/agent'
|
15
|
+
require 'tcell_agent/sensor_events/login_fraud'
|
16
|
+
require 'tcell_agent/sensor_events/app_sensor'
|
17
|
+
require 'tcell_agent/policies/appsensor_policy'
|
18
|
+
|
19
|
+
# Devise::OmniauthCallbacksController.class_eval do
|
20
|
+
# after_filter :log_after_login
|
21
|
+
# alias_method :original_failure, :failure
|
22
|
+
|
23
|
+
# def failure
|
24
|
+
# TCellAgent::Instrumentation.safe_block("Omniauth login failed") {
|
25
|
+
# login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
26
|
+
# if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
|
27
|
+
# hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
28
|
+
# event = TCellAgent::SensorEvents::LoginFailure.new(request, response, nil, hmac_session_id)
|
29
|
+
# TCellAgent.send_event(event)
|
30
|
+
# end
|
31
|
+
# appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
32
|
+
# if (appsensor_policy && appsensor_policy.enabled && appsensor_policy.option_enabled?("login_failure"))
|
33
|
+
# hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
34
|
+
# event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
35
|
+
# request.fullpath,
|
36
|
+
# TCellAgent::Policies::AppSensorPolicy::DP_LOGIN_FAILURE,
|
37
|
+
# request.remote_ip,
|
38
|
+
# nil,
|
39
|
+
# request.env["tcell.request_data"].route_id,
|
40
|
+
# data=nil,
|
41
|
+
# transaction_id=nil,
|
42
|
+
# session_id=hmac_session_id,
|
43
|
+
# user_id=nil)
|
44
|
+
# TCellAgent.send_event(event)
|
45
|
+
# end
|
46
|
+
# }
|
47
|
+
# original_failure
|
48
|
+
# end
|
49
|
+
# private
|
50
|
+
# def log_after_login
|
51
|
+
# TCellAgent::Instrumentation.safe_block("Omniauth login successful") {
|
52
|
+
# login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
53
|
+
# if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
|
54
|
+
# omniauth = env["omniauth.auth"]
|
55
|
+
# if (omniauth)
|
56
|
+
# hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
57
|
+
# user_id = request.env["tcell.request_data"].user_id
|
58
|
+
# event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
59
|
+
# TCellAgent.send_event(event)
|
60
|
+
# end
|
61
|
+
# end
|
62
|
+
# }
|
63
|
+
# end
|
64
|
+
# end
|
65
|
+
|
66
|
+
Devise::SessionsController.class_eval do
|
67
|
+
after_filter :log_failed_login, :only => :new
|
68
|
+
|
69
|
+
alias_method :original_new, :new
|
70
|
+
def new
|
71
|
+
original_new
|
72
|
+
end
|
73
|
+
|
74
|
+
alias_method :original_create, :create
|
75
|
+
def create(&block)
|
76
|
+
results = original_create(&block)
|
77
|
+
TCellAgent::Instrumentation.safe_block("Devise login successful") {
|
78
|
+
tcell_username = _get_tcell_username
|
79
|
+
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
80
|
+
if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
|
81
|
+
hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
82
|
+
request.env["tcell.request_data"].user_id = TCellAgent::UserInformation.getUserFromRequest(request)
|
83
|
+
user_id = tcell_username || request.env["tcell.request_data"].user_id
|
84
|
+
event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
85
|
+
TCellAgent.send_event(event)
|
86
|
+
end
|
87
|
+
}
|
88
|
+
results
|
89
|
+
end
|
90
|
+
|
91
|
+
def _get_tcell_username
|
92
|
+
_tcell_username = nil
|
93
|
+
TCellAgent::Instrumentation.safe_block("devise login - get username") {
|
94
|
+
keys = resource_class.authentication_keys.dup
|
95
|
+
user_params = request.POST.fetch("user",{})
|
96
|
+
keys.each do |key|
|
97
|
+
next_usename = user_params.fetch(key, nil)
|
98
|
+
if next_usename
|
99
|
+
_tcell_username ||= ""
|
100
|
+
_tcell_username += next_usename
|
101
|
+
end
|
102
|
+
end
|
103
|
+
}
|
104
|
+
_tcell_username
|
105
|
+
end
|
106
|
+
|
107
|
+
private
|
108
|
+
def log_failed_login
|
109
|
+
TCellAgent::Instrumentation.safe_block("Devise login failed") {
|
110
|
+
tcell_username = _get_tcell_username
|
111
|
+
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
112
|
+
if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
|
113
|
+
if failed_login?
|
114
|
+
hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
115
|
+
event = TCellAgent::SensorEvents::LoginFailure.new(request, response, tcell_username, hmac_session_id)
|
116
|
+
TCellAgent.send_event(event)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
120
|
+
if (appsensor_policy && appsensor_policy.enabled && appsensor_policy.option_enabled?("login_failure"))
|
121
|
+
hmac_session_id = request.env["tcell.request_data"].hmac_session_id
|
122
|
+
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
123
|
+
request.fullpath,
|
124
|
+
TCellAgent::Policies::AppSensorPolicy::DP_LOGIN_FAILURE,
|
125
|
+
request.remote_ip,
|
126
|
+
tcell_username,
|
127
|
+
request.env["tcell.request_data"].route_id,
|
128
|
+
data=nil,
|
129
|
+
transaction_id=nil,
|
130
|
+
session_id=hmac_session_id,
|
131
|
+
user_id=nil)
|
132
|
+
TCellAgent.send_event(event)
|
133
|
+
end
|
134
|
+
}
|
135
|
+
end
|
136
|
+
|
137
|
+
def failed_login?
|
138
|
+
(options = env["warden.options"]) && options[:action] == "unauthenticated"
|
139
|
+
end
|
140
|
+
|
141
|
+
end
|
142
|
+
# Devise::PasswordsController.class_eval do
|
143
|
+
|
144
|
+
# after_filter :send_results
|
145
|
+
# def send_results
|
146
|
+
# puts response
|
147
|
+
# end
|
148
|
+
|
149
|
+
# def new
|
150
|
+
# #::TCellAgent::Sensors::LoginFraud.use_request(request)
|
151
|
+
# self.resource = resource_class.new
|
152
|
+
# end
|
153
|
+
|
154
|
+
# def create
|
155
|
+
# self.resource = resource_class.send_reset_password_instructions(resource_params)
|
156
|
+
# yield resource if block_given?
|
157
|
+
|
158
|
+
# if successfully_sent?(resource)
|
159
|
+
# respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
|
160
|
+
# else
|
161
|
+
# respond_with(resource)
|
162
|
+
# end
|
163
|
+
# end
|
164
|
+
# end
|
165
|
+
end # if instrument
|
166
|
+
end #if defined devise
|
167
|
+
end
|