Merge pull request #97 from SentriusLLC/fixup_ztat

Fixup ztat interface

Author: phrocker

.local.env

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.345
+SENTRIUS_VERSION=1.1.369
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42

.local.env.bak

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.345
+SENTRIUS_VERSION=1.1.369
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42

api/src/main/resources/templates/fragments/header.html

@@ -69,6 +69,34 @@
             margin: 0; /* Remove outer margin */
             padding: 5px 10px; /* Adjust padding to desired amount */
         }
+
+        /* Sidebar-specific nav pills */
+        #menu.nav-pills .nav-link {
+            background: transparent;
+            color: #adb5bd;
+            border-radius: 8px;
+            padding: .65rem .9rem;
+            width: 100%;
+            text-align: left;
+        }
+
+        #menu.nav-pills .nav-link.active {
+            background-color: #0d6efd; /* blue highlight */
+            color: #fff;
+        }
+
+        /* Only affect page-content pills, not sidebar */
+        .main-content .nav-pills .nav-link {
+            background: var(--surface-2);
+            color: var(--muted);
+            border-radius: 999px;
+        }
+
+        .main-content .nav-pills .nav-link.active {
+            background: var(--primary);
+            color: #fff;
+        }
+
     </style>
 
     <script th:inline="javascript">

api/src/main/resources/templates/sso/ztats/view_ztats.html

@@ -241,22 +241,24 @@ protected synchronized TriggerAction submit(String command) {
 
           // keep the current trigger
         } else if (ztatService.hasJITRequest(command, user, system)){
-
-            if (!ztatService.isActive(command, user, system)) {
+            var isActive = ztatService.isActive(command, user, system);
+            log.info("on message is approved {} is active ? {}", command, isActive);
+            if (!isActive) {
               ZeroTrustAccessTokenReason reason = ztatService.createReason("need ", " ticket ", " url");
               ZeroTrustAccessTokenRequest request = ztatService.createRequest(command, reason, connectedSystem.getUser(),
                   connectedSystem.getHostSystem()
               );
               request = ztatService.addJITRequest(request);
               return TriggerAction.DENY_ACTION;
             } else {
+                log.info("on message is approved and active {}", command);
               ztatService.incrementUses(command, user, system);
               currentTrigger = Trigger.NO_ACTION;
             }
 
 
       } else {
-
+            log.info("on message is approved, but no jit request {}", command);
             currentTrigger = Trigger.NO_ACTION;
         }
 

dataplane/src/main/java/io/sentrius/sso/automation/auditing/AccessTokenAuditor.java

@@ -80,7 +80,6 @@ public void startListeningToSshServer(String terminalSessionId, DataSession sess
                     // logic for receiving data from SSH server
                     var sshData = sessionTrackingService.getOutput(connectedSystem, 1L, TimeUnit.SECONDS,
                         output -> (!connectedSystem.getSession().getClosed() && (null != activeSessions.get(terminalSessionId) && activeSessions.get(terminalSessionId).isOpen())));
-                    log.info("Received data from SSH server for session: {}", terminalSessionId);
                     // Send data to the specific terminal session
                     if (null != sshData ) {
                         for(Session.TerminalMessage terminalMessage : sshData){

dataplane/src/main/java/io/sentrius/sso/core/services/SshListenerService.java

@@ -202,6 +202,11 @@ public boolean isActive(
         var lastUpdated = null != status.get().getZtatRequest().getLastUpdated() ?
         status.get().getZtatRequest().getLastUpdated().getTime() : System.currentTimeMillis();
         var currentTime = System.currentTimeMillis();
+        log.info("JIT request last updated: " + lastUpdated);
+        log.info("JIT request current time: " + currentTime);
+        log.info("JIT request max duration: " + systemOptions.getMaxJitDurationMs());
+        log.info("JIT request uses: " + status.get().getUses());
+        log.info("JIT request max uses: " + systemOptions.getMaxJitUses());
         if (systemOptions.getMaxJitUses() > 0
             && status.get().getUses() >= systemOptions.getMaxJitUses()) {
           log.info("JIT request has reached max uses: " + request.getId());
@@ -212,6 +217,8 @@ public boolean isActive(
         } else {
           return true;
         }
+      } else {
+          log.info("JIT request not found: " + command);
       }
     }
     log.info("JIT request not found: " + command);

dataplane/src/main/java/io/sentrius/sso/core/services/security/ZeroTrustAccessTokenService.java

@@ -198,11 +198,11 @@ public Optional<OpsApproval> getOpsTokenStatus(String token ) {
 
     public Optional<ZeroTrustAccessTokenApproval> getAccessTokenStatus(ZeroTrustAccessTokenRequest request) {
         var approvals = request.getApprovals();
+        log.info("Approvals for request {}: {}", request.getId(), approvals.size());
         if (!approvals.isEmpty()) {
             return Optional.of(approvals.get(0));
         }
-        // Implement logic to retrieve the JIT status (if applicable).
-        // Example: Retrieve from a specific table or calculate based on data.
+
         return Optional.empty(); // Placeholder for actual implementation.
     }
 
@@ -248,10 +248,13 @@ public void incrementAccessTokenUses(ZeroTrustAccessTokenRequest request) {
                 if (approval.getUses() >= systemOptions.maxJitUses) {
                     throw new RuntimeException("JIT uses exceeded");
                 }
-                ;
+
                 ztatUseRepository.save(ZtatUse.builder().ztatApproval(approval).user(request.getUser()).build());
                 log.info("Incrementing uses for JITRequest: {}", request.getId());
                 ztatApprovalRepository.save(approval);
+
+                approval.setUses(approval.getUses() + 1);
+                ztatApprovalRepository.save(approval);
             });
         }
     }