Merge branch '333124-refactor-authentication-log' into 'master'

Refactor profile authentication log to show relevent events

See merge request gitlab-org/gitlab!73890

app/controllers/profiles_controller.rb

@@ -63,7 +63,7 @@ class ProfilesController < Profiles::ApplicationController
 
   # rubocop: disable CodeReuse/ActiveRecord
   def audit_log
-    @events = AuditEvent.where(entity_type: "User", entity_id: current_user.id)
+    @events = AuthenticationEvent.where(user: current_user)
       .order("created_at DESC")
       .page(params[:page])
 

app/views/profiles/_event_table.html.haml

@@ -3,10 +3,11 @@
 
 %ul.content-list
   - events.each do |event|
-    %li
-      %span.description
-        = audit_icon(event.details[:with], css_class: 'gl-mr-2')
-        = _('Signed in with %{authentication} authentication') % { authentication: event.details[:with]}
-      %span.float-right= time_ago_with_tooltip(event.created_at)
+    - if event.success?
+      %li
+        %span.description
+          = audit_icon('key', css_class: 'gl-mr-2')
+          = _('Signed in with %{authentication} authentication') % { authentication: event.provider }
+        %span.float-right= time_ago_with_tooltip(event.created_at)
 
 = paginate events, theme: "gitlab"

app/views/profiles/audit_log.html.haml

@@ -6,6 +6,6 @@
     %h4.gl-mt-0
       = page_title
     %p
-      = _('This is a security log of important events involving your account.')
+      = _('This is a security log of authentication events involving your account.')
   .col-lg-8
     = render 'event_table', events: @events

locale/gitlab.pot

@@ -35286,7 +35286,7 @@ msgstr ""
 msgid "This is a private email address %{helpIcon} generated just for you. Anyone who has it can create issues or merge requests as if they were you. If that happens, %{resetLinkStart}reset this token%{resetLinkEnd}."
 msgstr ""
 
-msgid "This is a security log of important events involving your account."
+msgid "This is a security log of authentication events involving your account."
 msgstr ""
 
 msgid "This is a self-managed instance of GitLab."

spec/controllers/profiles_controller_spec.rb

@@ -125,6 +125,8 @@ RSpec.describe ProfilesController, :request_store do
   end
 
   describe 'GET audit_log' do
+    let(:auth_event) { create(:authentication_event, user: user) }
+
     it 'tracks search event', :snowplow do
       sign_in(user)
 
@@ -136,6 +138,14 @@ RSpec.describe ProfilesController, :request_store do
         user: user
       )
     end
+
+    it 'loads page correctly' do
+      sign_in(user)
+
+      get :audit_log
+
+      expect(response).to have_gitlab_http_status(:success)
+    end
   end
 
   describe 'PUT update_username' do

spec/factories/authentication_event.rb

@@ -7,5 +7,13 @@ FactoryBot.define do
     user_name { 'Jane Doe' }
     ip_address { '127.0.0.1' }
     result { :failed }
+
+    trait :successful do
+      result { :success }
+    end
+
+    trait :failed do
+      result { :failed }
+    end
   end
 end

spec/views/profiles/audit_log.html.haml_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'profiles/audit_log' do
+  let(:user) { create(:user) }
+
+  before do
+    assign(:user, user)
+    assign(:events, AuthenticationEvent.all.page(params[:page]))
+    allow(controller).to receive(:current_user).and_return(user)
+  end
+
+  context 'when user has successful and failure events' do
+    before do
+      create(:authentication_event, :successful, user: user)
+      create(:authentication_event, :failed, user: user)
+    end
+
+    it 'only shows successful events' do
+      render
+
+      expect(rendered).to have_text('Signed in with standard authentication', count: 1)
+    end
+  end
+end