Commit 09adce61 authored by Thong Kuah's avatar Thong Kuah

Merge branch '251-record-user-add-audit-event' into 'master'

Record audit event when user is added

See merge request gitlab-org/gitlab!24855
parents 53294dd8 b4ee92f2
......@@ -11,12 +11,19 @@ module Users
def execute(skip_authorization: false)
user = Users::BuildService.new(current_user, params).execute(skip_authorization: skip_authorization)
reset_token = user.generate_reset_token if user.recently_sent_password_reset?
@reset_token = user.generate_reset_token if user.recently_sent_password_reset?
notify_new_user(user, @reset_token) if user.save
after_create_hook(user, reset_token) if user.save
user
end
private
def after_create_hook(user, reset_token)
notify_new_user(user, reset_token)
end
end
end
Users::CreateService.prepend_if_ee('EE::Users::CreateService')
......@@ -107,6 +107,7 @@ recorded:
- Started/stopped user impersonation
- Changed username ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/7797) in GitLab 12.8)
- User was deleted ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/251) in GitLab 12.8)
- User was added ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/251) in GitLab 12.8)
- User was blocked via Admin Area ([introduced](https://gitlab.com/gitlab-org/gitlab/issues/251) in GitLab 12.8)
It is possible to filter particular actions by choosing an audit data type from
......
# frozen_string_literal: true
module EE
module Users
module CreateService
extend ::Gitlab::Utils::Override
override :after_create_hook
def after_create_hook(user, reset_token)
super
log_audit_event(user) if audit_required?
end
private
def log_audit_event(user)
::AuditEventService.new(
current_user,
user,
action: :create
).for_user.security_event
end
def audit_required?
current_user.present?
end
end
end
end
---
title: Record audit event when user is added
merge_request: 24855
author:
type: added
# frozen_string_literal: true
require 'spec_helper'
describe Users::CreateService do
let(:current_user) { create(:admin) }
let(:params) do
{
name: 'John Doe',
username: 'jduser',
email: 'jd@example.com',
password: 'mydummypass'
}
end
subject(:service) { described_class.new(current_user, params) }
context 'audit events' do
let(:operation) { service.execute }
include_examples 'audit event logging' do
let(:fail_condition!) do
expect_any_instance_of(User)
.to receive(:save).and_return(false)
end
let(:attributes) do
{
author_id: current_user.id,
entity_id: @resource.id,
entity_type: 'User',
details: {
add: 'user',
author_name: current_user.name,
target_id: @resource.full_path,
target_type: 'User',
target_details: @resource.full_path
}
}
end
end
context 'when audit is not required' do
let(:current_user) { nil }
it 'does not log audit event' do
expect { operation }.not_to change(AuditEvent, :count)
end
end
end
end
......@@ -5,19 +5,19 @@ RSpec.shared_examples 'audit event logging' do
stub_licensed_features(extended_audit_events: true)
end
context 'if operation succeed' do
it 'logs an audit event if operation succeed' do
context 'when operation succeeds' do
it 'logs an audit event' do
expect { operation }.to change(AuditEvent, :count).by(1)
end
it 'logs the project info' do
it 'logs the audit event info' do
@resource = operation
expect(AuditEvent.last).to have_attributes(attributes)
end
end
it 'does not log audit event if project operation fails' do
it 'does not log audit event if operation fails' do
fail_condition!
expect { operation }.not_to change(AuditEvent, :count)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment