Commit 3c9d75e0 authored by manojmj's avatar manojmj

CE Port: Log impersonation actions in audit log

This change adds audit logs for user impersonation
when an admin starts/stops impersonating
another user.
parent 3a55ba7d
...@@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController
warden.set_user(user, scope: :user) warden.set_user(user, scope: :user)
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username }) log_impersonation_event
flash[:alert] = _("You are now impersonating %{username}") % { username: user.username } flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }
...@@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController
def check_impersonation_availability def check_impersonation_availability
access_denied! unless Gitlab.config.gitlab.impersonation_enabled access_denied! unless Gitlab.config.gitlab.impersonation_enabled
end end
def log_impersonation_event
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
end
end end
...@@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base ...@@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base
end end
def stop_impersonation def stop_impersonation
impersonated_user = current_user log_impersonation_event
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
warden.set_user(impersonator, scope: :user) warden.set_user(impersonator, scope: :user)
session[:impersonator_id] = nil session[:impersonator_id] = nil
...@@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base ...@@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base
impersonated_user impersonated_user
end end
def impersonated_user
current_user
end
def log_impersonation_event
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
end
def impersonator def impersonator
@impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id] @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
end end
......
...@@ -94,6 +94,7 @@ recorded: ...@@ -94,6 +94,7 @@ recorded:
- Changed password - Changed password
- Ask for password reset - Ask for password reset
- Grant OAuth access - Grant OAuth access
- Started/stopped user impersonation
It is possible to filter particular actions by choosing an audit data type from It is possible to filter particular actions by choosing an audit data type from
the filter drop-down. You can further filter by specific group, project or user the filter drop-down. You can further filter by specific group, project or user
......
...@@ -279,6 +279,12 @@ describe Admin::UsersController do ...@@ -279,6 +279,12 @@ describe Admin::UsersController do
expect(warden.user).to eq(user) expect(warden.user).to eq(user)
end end
it 'logs the beginning of the impersonation event' do
expect(Gitlab::AppLogger).to receive(:info).with("User #{admin.username} has started impersonating #{user.username}").and_call_original
post :impersonate, params: { id: user.username }
end
it "redirects to root" do it "redirects to root" do
post :impersonate, params: { id: user.username } post :impersonate, params: { id: user.username }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment