linotp.controllers.auditlog module

class linotp.controllers.auditlog.AuditlogController(name, install_name='', **kwargs)

Bases: BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The AuditLogController is used for querying audit log entries.

The following is the type definition of an AuditEntry:

{
    "id": number
    "timestamp": date,
    "serial": string,
    "action": string,
    "actionDetail": string,
    "success": boolean,
    "tokenType": string,
    "user": string,
    "realm": string,
    "administrator": string,
    "info": string,
    "linotpServer": string,
    "client": string,
    "logLevel": string,
    "clearanceLevel": number,
    "signatureCheck": boolean
}
get_audit_entries()

Method: GET /api/v2/auditLog

Return a paginated list of the audit log entries.

The audit log visibility is determined as follows:

  • If no audit policy is defined, all audit log entries are visible to every admin.

  • Otherwise, only the admins with the policy scope=audit, action=view can view audit log entries.

Parameters

  • pageSize (int, optional) – limit the number of returned entries, defaults to 15 (unless another value is specified in the configuration). Setting it to 0 returns all entries.

  • page (string, optional) – request a certain page, defaults to 0

  • sortOrder – ascending (asc) or descending (desc) order of entries, defaults to desc

  • id (int, optional) – filter for a specific id. Leading or closing * can be used as a wildcard operator

  • timestamp (str, optional) – filter for a specific timestamp. Leading or closing * can be used as a wildcard operator

  • action (str, optional) – filter for a specific action. Leading or closing * can be used as a wildcard operator

  • actionDetail (str, optional) – filter for a specific actionDetail. Leading or closing * can be used as a wildcard operator

  • success (boolean, optional) – filter for a specific success.

  • serial (str, optional) – filter for a specific serial. Leading or closing * can be used as a wildcard operator

  • tokenType (str, optional) – filter for a specific tokenType. Leading or closing * can be used as a wildcard operator

  • user (str, optional) – filter for a specific username. Leading or closing * can be used as a wildcard operator

  • realm (str, optional) – filter for a specific realm. Leading or closing * can be used as a wildcard operator

  • administrator (str, optional) – filter for a specific administrator username. Leading or closing * can be used as a wildcard operator

  • info (str, optional) – filter for a specific info. Leading or closing * can be used as a wildcard operator

  • linotpServer (str, optional) – filter for a specific linotpServer. Leading or closing * can be used as a wildcard operator

  • client (str, optional) – filter for a specific client. Leading or closing * can be used as a wildcard operator

  • logLevel (str, optional) – filter for a specific logLevel. Leading or closing * can be used as a wildcard operator

  • clearanceLevel (str, optional) – filter for a specific clearanceLevel. Leading or closing * can be used as a wildcard operator

Returns

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": {
        "page": number,
        "pageSize": number,
        "totalPages": number,
        "totalRecords": number,
        "pageRecords": [ AuditEntry ]
    }
}

Raises

  • PolicyException – if the logged-in admin does not have the correct permissions to list audit log entries, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.

exception linotp.controllers.auditlog.UserNotFoundException

Bases: Exception