Commit 83c863b2 authored by Tan Le's avatar Tan Le Committed by Imre Farkas

Avoid saving author object in DB

Since the introduction of `UnauthenticatedAuthor` object, failed login
event has been persisted as a serialized Ruby object in DB.

!ruby/object:Gitlab::Audit::UnauthenticatedAuthor

This causes undesirable coupling with application code and hinders
future DB migration.
parent 071e8dac
...@@ -90,7 +90,7 @@ module EE ...@@ -90,7 +90,7 @@ module EE
@details = { @details = {
failed_login: auth.upcase, failed_login: auth.upcase,
author_name: @author.name, author_name: @author.name,
target_details: @author, target_details: @author.name,
ip_address: ip ip_address: ip
} }
......
---
title: Avoid saving author object in audit_events table
merge_request: 31456
author:
type: fixed
...@@ -249,6 +249,10 @@ describe AuditEventService do ...@@ -249,6 +249,10 @@ describe AuditEventService do
expect(event.details[:author_name]).to eq(author_name) expect(event.details[:author_name]).to eq(author_name)
end end
it 'has the right target_details' do
expect(event.details[:target_details]).to eq(author_name)
end
it 'has the right auth method for OAUTH' do it 'has the right auth method for OAUTH' do
oauth_service = described_class.new(author_name, nil, ip_address: ip_address, with: 'ldap') oauth_service = described_class.new(author_name, nil, ip_address: ip_address, with: 'ldap')
event = oauth_service.for_failed_login.unauth_security_event event = oauth_service.for_failed_login.unauth_security_event
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment