Merge branch 'ce-port-315-log-impersonation-actions-in-audit-log' into 'master'

CE Port: Log impersonation actions in audit log See merge request gitlab-org/gitlab-ce!31039

Merge branch 'ce-port-315-log-impersonation-actions-in-audit-log' into 'master'
CE Port: Log impersonation actions in audit log See merge request gitlab-org/gitlab-ce!31039
a9c7bda8 · Ash McKenzie · 825e5c2c · 3c9d75e0 · a9c7bda8 · a9c7bda8
Commit a9c7bda8 authored Jul 23, 2019 by Ash McKenzie
4 changed files
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController
      warden.set_user(user, scope: :user)
-      Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
+      log_impersonation_event
      flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }
@@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController
  def check_impersonation_availability
    access_denied! unless Gitlab.config.gitlab.impersonation_enabled
  end
+  def log_impersonation_event
+    Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
+  end
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base
  end
  def stop_impersonation
-    impersonated_user = current_user
+    log_impersonation_event
-    Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
    warden.set_user(impersonator, scope: :user)
    session[:impersonator_id] = nil
@@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base
    impersonated_user
  end
+  def impersonated_user
+    current_user
+  end
+  def log_impersonation_event
+    Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
+  end
  def impersonator
    @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
  end

--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -94,6 +94,7 @@ recorded:
 - Changed password
 - Ask for password reset
 - Grant OAuth access
+- Started/stopped user impersonation
 It is possible to filter particular actions by choosing an audit data type from
 the filter drop-down. You can further filter by specific group, project or user

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -279,6 +279,12 @@ describe Admin::UsersController do
        expect(warden.user).to eq(user)
      end
+      it 'logs the beginning of the impersonation event' do
+        expect(Gitlab::AppLogger).to receive(:info).with("User #{admin.username} has started impersonating #{user.username}").and_call_original
+        post :impersonate, params: { id: user.username }
+      end
      it "redirects to root" do
        post :impersonate, params: { id: user.username }