Commit 752579fb authored by James Lopez's avatar James Lopez

update audit event service to log password reset events

parent 8d5fa833
......@@ -2,6 +2,7 @@ class PasswordsController < Devise::PasswordsController
before_action :resource_from_email, only: [:create]
before_action :prevent_ldap_reset, only: [:create]
before_action :throttle_reset, only: [:create]
before_action :log_audit_event, only: [:create]
def edit
super
......@@ -53,4 +54,15 @@ class PasswordsController < Devise::PasswordsController
redirect_to new_user_session_path,
notice: I18n.t('devise.passwords.send_paranoid_instructions')
end
private
def log_audit_event
AuditEventService.new(current_user,
resource,
action: :custom,
custom_message: 'Ask for password reset',
ip_address: request.remote_ip)
.for_user(resource_params[:email]).unauth_security_event
end
end
......@@ -80,7 +80,7 @@ module EE
end
def add_security_event_admin_details!
@details.merge!(ip_address: @author.current_sign_in_ip,
@details.merge!(ip_address: ip_address,
entity_path: @entity.full_path)
end
......@@ -97,11 +97,13 @@ module EE
def unauth_security_event
return unless audit_events_enabled?
@details.delete(:ip_address) unless admin_audit_log_enabled?
@details[:entity_path] = @entity&.full_path
SecurityEvent.create(
author_id: -1,
entity_id: -1,
author_id: @author&.id || -1,
entity_id: @entity&.id || -1,
entity_type: 'User',
details: @details
)
......@@ -121,30 +123,43 @@ module EE
def for_custom_model(model, key_title)
action = @details[:action]
author_name = @author.name
model_class = model.camelize
custom_message = @details[:custom_message]
@details =
case action
when :destroy
{
remove: model,
author_name: author_name,
target_id: key_title,
target_type: model_class,
target_details: key_title
}
when :create
{
add: model,
author_name: author_name,
target_id: key_title,
target_type: model_class,
target_details: key_title
}
end
case action
when :destroy
{
remove: model,
author_name: @author.name,
target_id: key_title,
target_type: model_class,
target_details: key_title
}
when :create
{
add: model,
author_name: @author.name,
target_id: key_title,
target_type: model_class,
target_details: key_title
}
when :custom
{
custom_message: custom_message,
author_name: @author&.name,
target_id: key_title,
target_type: model_class,
target_details: key_title,
ip_address: @details[:ip_address]
}
end
self
end
def ip_address
@author&.current_sign_in_ip || @details[:ip_address]
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment