Add AuthenticationEvent to track sign-ins

AuthenticationEvent will track sign-ins via providers such as LDAP,
SAML, and other OmniAuth/OAuth providers. The end goal is to report
usage of each authentication method via Usage Ping. In the future
this will be an extension of AuditEvents specific to authentication.

app/models/authentication_event.rb

+# frozen_string_literal: true
+
+class AuthenticationEvent < ApplicationRecord
+  belongs_to :user, optional: true
+
+  validates :provider, :user_name, :result, presence: true
+
+  enum result: {
+    failed: 0,
+    success: 1
+  }
+end

changelogs/unreleased/dblessing-auth-events.yml

+---
+title: Add AuthenticationEvent to store sign-in events
+merge_request: 39652
+author:
+type: added

db/migrate/20200908100053_create_authentication_events.rb

+# frozen_string_literal: true
+
+class CreateAuthenticationEvents < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    unless table_exists?(:authentication_events)
+      with_lock_retries do
+        create_table :authentication_events do |t|
+          t.datetime_with_timezone :created_at, null: false
+          t.references :user, foreign_key: { on_delete: :nullify }, index: true
+          t.integer :result, limit: 2, null: false
+          t.inet :ip_address
+          t.text :provider, null: false, index: true
+          t.text :user_name, null: false
+        end
+      end
+    end
+
+    add_text_limit :authentication_events, :provider, 64
+    add_text_limit :authentication_events, :user_name, 255
+  end
+
+  def down
+    with_lock_retries do
+      drop_table :authentication_events
+    end
+  end
+end

db/schema_migrations/20200908100053

+5642f7d91bbbd20d1e3a964b6a06a4da14474db58f47e3ee0ce3273f7cd7a9e8
\ No newline at end of file

db/structure.sql

@@ -9539,6 +9539,27 @@ CREATE SEQUENCE public.audit_events_id_seq
 
 ALTER SEQUENCE public.audit_events_id_seq OWNED BY public.audit_events.id;
 
+CREATE TABLE public.authentication_events (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    user_id bigint,
+    result smallint NOT NULL,
+    ip_address inet,
+    provider text NOT NULL,
+    user_name text NOT NULL,
+    CONSTRAINT check_45a6cc4e80 CHECK ((char_length(user_name) <= 255)),
+    CONSTRAINT check_c64f424630 CHECK ((char_length(provider) <= 64))
+);
+
+CREATE SEQUENCE public.authentication_events_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE public.authentication_events_id_seq OWNED BY public.authentication_events.id;
+
 CREATE TABLE public.award_emoji (
     id integer NOT NULL,
     name character varying,
@@ -16963,6 +16984,8 @@ ALTER TABLE ONLY public.atlassian_identities ALTER COLUMN user_id SET DEFAULT ne
 
 ALTER TABLE ONLY public.audit_events ALTER COLUMN id SET DEFAULT nextval('public.audit_events_id_seq'::regclass);
 
+ALTER TABLE ONLY public.authentication_events ALTER COLUMN id SET DEFAULT nextval('public.authentication_events_id_seq'::regclass);
+
 ALTER TABLE ONLY public.award_emoji ALTER COLUMN id SET DEFAULT nextval('public.award_emoji_id_seq'::regclass);
 
 ALTER TABLE ONLY public.background_migration_jobs ALTER COLUMN id SET DEFAULT nextval('public.background_migration_jobs_id_seq'::regclass);
@@ -17894,6 +17917,9 @@ ALTER TABLE ONLY public.audit_events_part_5fc467ac26
 ALTER TABLE ONLY public.audit_events
     ADD CONSTRAINT audit_events_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.authentication_events
+    ADD CONSTRAINT authentication_events_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.award_emoji
     ADD CONSTRAINT award_emoji_pkey PRIMARY KEY (id);
 
@@ -19331,6 +19357,10 @@ CREATE INDEX index_approvers_on_user_id ON public.approvers USING btree (user_id
 
 CREATE UNIQUE INDEX index_atlassian_identities_on_extern_uid ON public.atlassian_identities USING btree (extern_uid);
 
+CREATE INDEX index_authentication_events_on_provider ON public.authentication_events USING btree (provider);
+
+CREATE INDEX index_authentication_events_on_user_id ON public.authentication_events USING btree (user_id);
+
 CREATE INDEX index_award_emoji_on_awardable_type_and_awardable_id ON public.award_emoji USING btree (awardable_type, awardable_id);
 
 CREATE INDEX index_award_emoji_on_user_id_and_name ON public.award_emoji USING btree (user_id, name);
@@ -23160,6 +23190,9 @@ ALTER TABLE ONLY public.webauthn_registrations
 ALTER TABLE ONLY public.packages_build_infos
     ADD CONSTRAINT fk_rails_b18868292d FOREIGN KEY (package_id) REFERENCES public.packages_packages(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY public.authentication_events
+    ADD CONSTRAINT fk_rails_b204656a54 FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE SET NULL;
+
 ALTER TABLE ONLY public.merge_trains
     ADD CONSTRAINT fk_rails_b29261ce31 FOREIGN KEY (user_id) REFERENCES public.users(id) ON DELETE CASCADE;
 

spec/models/authentication_event_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe AuthenticationEvent do
+  describe 'associations' do
+    it { is_expected.to belong_to(:user).optional }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_presence_of(:provider) }
+    it { is_expected.to validate_presence_of(:user_name) }
+    it { is_expected.to validate_presence_of(:result) }
+  end
+end