Merge branch 'services-usage-3' into 'master'

Record Audit event when a user adds a new SSH Key for themselves via the API See merge request gitlab-org/gitlab!34645

Merge branch 'services-usage-3' into 'master'
Record Audit event when a user adds a new SSH Key for themselves via the API See merge request gitlab-org/gitlab!34645
23d12a39 · Sean McGivern · 67e094f3 · 8f56d7b1 · 23d12a39 · 23d12a39
Commit 23d12a39 authored Jun 17, 2020 by Sean McGivern
Showing with 31 additions and 6 deletions

changelogs/unreleased/services-usage-3.yml changelogs/unreleased/services-usage-3.yml +5 -0

ee/spec/requests/api/users_spec.rb ee/spec/requests/api/users_spec.rb +24 -4

lib/api/users.rb lib/api/users.rb +2 -2

No files found.
--- a/changelogs/unreleased/services-usage-3.yml
+++ b/changelogs/unreleased/services-usage-3.yml
+---
+title: Record audit event when a user creates a new SSH Key for themselves via the API
+merge_request: 34645
+author: Rajendra Kadam
+type: fixed
--- a/ee/spec/requests/api/users_spec.rb
+++ b/ee/spec/requests/api/users_spec.rb
@@ -62,10 +62,12 @@ RSpec.describe API::Users do
  end

  context 'extended audit events' do
+    before do
+      stub_licensed_features(extended_audit_events: true)
+    end
+
    describe "PUT /users/:id" do
      it "creates audit event when updating user with new password" do
-        stub_licensed_features(extended_audit_events: true)
-
        put api("/users/#{user.id}", admin), params: { password: '12345678' }

        expect(AuditEvent.count).to eq(1)
@@ -74,13 +76,31 @@ RSpec.describe API::Users do

    describe 'POST /users/:id/block' do
      it 'creates audit event when blocking user' do
-        stub_licensed_features(extended_audit_events: true)
-
        expect do
          post api("/users/#{user.id}/block", admin)
        end.to change { AuditEvent.count }.by(1)
      end
    end
+
+    describe 'POST /user/keys' do
+      it 'creates audit event when user adds a new SSH key' do
+        key = attributes_for(:key)
+
+        expect do
+          post api('/user/keys', user), params: key
+        end.to change { AuditEvent.count }.by(1)
+      end
+    end
+
+    describe 'POST /users/:id/keys' do
+      it 'creates audit event when admin adds a new key for a user' do
+        key = attributes_for(:key)
+
+        expect do
+          post api("/users/#{user.id}/keys", admin), params: key
+        end.to change { AuditEvent.count }.by(1)
+      end
+    end
  end

  context 'shared_runners_minutes_limit' do

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -730,9 +730,9 @@ module API
        optional :expires_at, type: DateTime, desc: 'The expiration date of the SSH key in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ)'
      end
      post "keys" do
-        key = current_user.keys.new(declared_params)
+        key = ::Keys::CreateService.new(current_user, declared_params(include_missing: false)).execute

-        if key.save
+        if key.persisted?
          present key, with: Entities::SSHKey
        else
          render_validation_error!(key)