Skip to content

G
gitlab-ce
Commit 752579fb authored by James Lopez's avatar James Lopez
Browse files
Options

update audit event service to log password reset events

parent 8d5fa833
Show whitespace changes
Inline Side-by-side
Showing with 49 additions and 22 deletions
app/controllers/passwords_controller.rb
View file @ 752579fb
...@@ -2,6 +2,7 @@ class PasswordsController < Devise::PasswordsController ...@@ -2,6 +2,7 @@ class PasswordsController < Devise::PasswordsController
before_action :resource_from_email, only: [:create] before_action :resource_from_email, only: [:create]
before_action :prevent_ldap_reset, only: [:create] before_action :prevent_ldap_reset, only: [:create]
before_action :throttle_reset, only: [:create] before_action :throttle_reset, only: [:create]
before_action :log_audit_event, only: [:create]
def edit def edit
super super
...@@ -53,4 +54,15 @@ class PasswordsController < Devise::PasswordsController ...@@ -53,4 +54,15 @@ class PasswordsController < Devise::PasswordsController
redirect_to new_user_session_path, redirect_to new_user_session_path,
notice: I18n.t('devise.passwords.send_paranoid_instructions') notice: I18n.t('devise.passwords.send_paranoid_instructions')
end end
private
def log_audit_event
AuditEventService.new(current_user,
resource,
action: :custom,
custom_message: 'Ask for password reset',
ip_address: request.remote_ip)
.for_user(resource_params[:email]).unauth_security_event
end
end end
ee/app/services/ee/audit_event_service.rb
View file @ 752579fb
...@@ -80,7 +80,7 @@ module EE ...@@ -80,7 +80,7 @@ module EE
end end
def add_security_event_admin_details! def add_security_event_admin_details!
@details.merge!(ip_address: @author.current_sign_in_ip, @details.merge!(ip_address: ip_address,
entity_path: @entity.full_path) entity_path: @entity.full_path)
end end
...@@ -97,11 +97,13 @@ module EE ...@@ -97,11 +97,13 @@ module EE
def unauth_security_event def unauth_security_event
return unless audit_events_enabled? return unless audit_events_enabled?
@details.delete(:ip_address) unless admin_audit_log_enabled? @details.delete(:ip_address) unless admin_audit_log_enabled?
@details[:entity_path] = @entity&.full_path
SecurityEvent.create( SecurityEvent.create(
author_id: -1, author_id: @author&.id || -1,
entity_id: -1, entity_id: @entity&.id || -1,
entity_type: 'User', entity_type: 'User',
details: @details details: @details
) )
...@@ -121,15 +123,15 @@ module EE ...@@ -121,15 +123,15 @@ module EE
def for_custom_model(model, key_title) def for_custom_model(model, key_title)
action = @details[:action] action = @details[:action]
author_name = @author.name
model_class = model.camelize model_class = model.camelize
custom_message = @details[:custom_message]
@details = @details =
case action case action
when :destroy when :destroy
{ {
remove: model, remove: model,
author_name: author_name, author_name: @author.name,
target_id: key_title, target_id: key_title,
target_type: model_class, target_type: model_class,
target_details: key_title target_details: key_title
...@@ -137,14 +139,27 @@ module EE ...@@ -137,14 +139,27 @@ module EE
when :create when :create
{ {
add: model, add: model,
author_name: author_name, author_name: @author.name,
target_id: key_title, target_id: key_title,
target_type: model_class, target_type: model_class,
target_details: key_title target_details: key_title
} }
when :custom
{
custom_message: custom_message,
author_name: @author&.name,
target_id: key_title,
target_type: model_class,
target_details: key_title,
ip_address: @details[:ip_address]
}
end end
self self
end end
def ip_address
@author&.current_sign_in_ip || @details[:ip_address]
end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7