Change audit event user id to token id

Log token id instead of user id

Change audit event user id to token id
Log token id instead of user id
85c58c0e · Serena Fang · Robert Speicher · 88e3fdc4 · 85c58c0e · 85c58c0e
Commit 85c58c0e authored Jan 28, 2021 by Serena Fang Committed by Robert Speicher Jan 28, 2021
5 changed files
--- a/ee/app/services/ee/resource_access_tokens/create_service.rb
+++ b/ee/app/services/ee/resource_access_tokens/create_service.rb
@@ -13,7 +13,7 @@ module EE

      def audit_event_service(token, response)
        message = if response.success?
-                    "Created #{resource_type} access token with id: #{token.user.id} with scopes: #{token.scopes}"
+                    "Created #{resource_type} access token with token_id: #{token.id} with scopes: #{token.scopes}"
                  else
                    "Attempted to create #{resource_type} access token but failed with message: #{response.message}"
                  end

--- a/ee/app/services/ee/resource_access_tokens/revoke_service.rb
+++ b/ee/app/services/ee/resource_access_tokens/revoke_service.rb
@@ -5,7 +5,7 @@ module EE
    module RevokeService
      def execute
        super.tap do |response|
-          audit_event_service(bot_user, response)
+          audit_event_service(access_token, response)
        end
      end

@@ -13,15 +13,15 @@ module EE

      def audit_event_service(token, response)
        message = if response.success?
-                    "Revoked #{resource.class.name.downcase} access token with id: #{bot_user.id}"
+                    "Revoked #{resource.class.name.downcase} access token with token_id: #{access_token.id}"
                  else
-                    "Attempted to revoke #{resource.class.name.downcase} access token with id: #{bot_user.id}, but failed with message: #{response.message}"
+                    "Attempted to revoke #{resource.class.name.downcase} access token with token_id: #{access_token.id}, but failed with message: #{response.message}"
                  end

        ::AuditEventService.new(
          current_user,
          resource,
-          target_details: bot_user.name,
+          target_details: access_token.user.name,
          action: :custom,
          custom_message: message,
          ip_address: current_user.current_sign_in_ip

--- a/ee/changelogs/unreleased/299943-follow-up-from-project-access-token-api.yml
+++ b/ee/changelogs/unreleased/299943-follow-up-from-project-access-token-api.yml
+---
+title: Log token_id in project access token audit events instead of user_id
+merge_request: 52535
+author:
+type: changed
--- a/ee/spec/services/resource_access_tokens/create_service_spec.rb
+++ b/ee/spec/services/resource_access_tokens/create_service_spec.rb
@@ -85,7 +85,7 @@ RSpec.describe ResourceAccessTokens::CreateService do

          audit_event = AuditEvent.where(author_id: user.id).last

-          expect(audit_event.details[:custom_message]).to eq("Created project access token with id: #{response.payload[:access_token].user.id} with scopes: #{response.payload[:access_token].scopes}")
+          expect(audit_event.details[:custom_message]).to eq("Created project access token with token_id: #{response.payload[:access_token].id} with scopes: #{response.payload[:access_token].scopes}")
          expect(audit_event.details[:target_details]).to match(response.payload[:access_token].user.name)
        end
      end

--- a/ee/spec/services/resource_access_tokens/revoke_service_spec.rb
+++ b/ee/spec/services/resource_access_tokens/revoke_service_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do

        audit_event = AuditEvent.where(author_id: user.id).last

-        expect(audit_event.details[:custom_message]).to match(/Revoked project access token with id: \d+/)
+        expect(audit_event.details[:custom_message]).to match(/Revoked project access token with token_id: \d+/)
        expect(audit_event.details[:target_details]).to eq(access_token.user.name)
      end
    end
@@ -56,7 +56,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
        it 'logs the find error message' do
          subject

-          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with id: \d+, but failed with message: Failed to find bot user/)
+          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with token_id: \d+, but failed with message: Failed to find bot user/)
        end
      end

@@ -71,7 +71,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
        it 'logs the permission error message' do
          subject

-          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with id: \d+, but failed with message: #{user.name} cannot delete #{access_token.user.name}/)
+          expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with token_id: \d+, but failed with message: #{user.name} cannot delete #{access_token.user.name}/)
        end
      end
    end