Commit 68b60a0f authored by Andy Soiron's avatar Andy Soiron Committed by Heinrich Lee Yu

Log user last activity on in GraphQL

parent a7b0553d
......@@ -19,6 +19,7 @@ class GraphqlController < ApplicationController
before_action :authorize_access_api!
before_action(only: [:execute]) { authenticate_sessionless_user!(:api) }
before_action :set_user_last_activity
# Since we deactivate authentication from the main ApplicationController and
# defer it to :authorize_access_api!, we need to override the bypass session
......@@ -47,6 +48,12 @@ class GraphqlController < ApplicationController
private
def set_user_last_activity
return unless current_user
Users::ActivityService.new(current_user).execute
end
def execute_multiplex
GitlabSchema.multiplex(multiplex_queries, context: context)
end
......
---
title: Add user last_activity logging in GraphQL
merge_request: 23063
author:
type: fixed
......@@ -1409,6 +1409,7 @@ The activities that update the timestamp are:
- User logging in into GitLab
- User visiting pages related to Dashboards, Projects, Issues, and Merge Requests ([introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/54947) in GitLab 11.8)
- User using the API
- User using the GraphQL API
By default, it shows the activity for all users in the last 6 months, but this can be
amended by using the `from` parameter.
......
......@@ -26,3 +26,4 @@ How do we measure the activity of users? GitLab considers a user active if:
- The user has Git activity (whether push or pull).
- The user visits pages related to Dashboards, Projects, Issues, and Merge Requests ([introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/54947) in GitLab 11.8).
- The user uses the API
- The user uses the GraphQL API
......@@ -32,7 +32,7 @@ describe GraphqlController do
describe 'POST #execute' do
context 'when user is logged in' do
let(:user) { create(:user) }
let(:user) { create(:user, last_activity_on: Date.yesterday) }
before do
sign_in(user)
......@@ -56,6 +56,19 @@ describe GraphqlController do
expect(response).to have_gitlab_http_status(:forbidden)
expect(response).to render_template('errors/access_denied')
end
it 'updates the users last_activity_on field' do
expect { post :execute }.to change { user.reload.last_activity_on }
end
end
context 'when user uses an API token' do
let(:user) { create(:user, last_activity_on: Date.yesterday) }
let(:token) { create(:personal_access_token, user: user, scopes: [:api]) }
it 'updates the users last_activity_on field' do
expect { post :execute, params: { access_token: token.token } }.to change { user.reload.last_activity_on }
end
end
context 'when user is not logged in' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment