Commit 79bf1c38 authored by Tan Le's avatar Tan Le

Fix incorrect IP address when creating audit event

The IP address on user (aka. `current_sign_in_ip`) can potentially be
stale if the user has not logged out for sometime. `AuditEvenService` is
capable of resolving IP address directly from request context and do not
need this information passed in from the caller.
parent f66f5b55
...@@ -7,16 +7,15 @@ module EE ...@@ -7,16 +7,15 @@ module EE
push_access_levels = protected_branch.push_access_levels.map(&:humanize) push_access_levels = protected_branch.push_access_levels.map(&:humanize)
merge_access_levels = protected_branch.merge_access_levels.map(&:humanize) merge_access_levels = protected_branch.merge_access_levels.map(&:humanize)
super(author, protected_branch.project, { super(author, protected_branch.project,
action => 'protected_branch', action => 'protected_branch',
author_name: author.name, author_name: author.name,
target_id: protected_branch.id, target_id: protected_branch.id,
target_type: protected_branch.class.name, target_type: protected_branch.class.name,
target_details: protected_branch.name, target_details: protected_branch.name,
push_access_levels: push_access_levels, push_access_levels: push_access_levels,
merge_access_levels: merge_access_levels, merge_access_levels: merge_access_levels
ip_address: author.current_sign_in_ip )
})
end end
end end
end end
......
---
title: Fix incorrect IP address when creating ProtectedBranch audit event
merge_request: 54292
author:
type: fixed
...@@ -5,10 +5,10 @@ require 'spec_helper' ...@@ -5,10 +5,10 @@ require 'spec_helper'
RSpec.describe EE::AuditEvents::ProtectedBranchAuditEventService do RSpec.describe EE::AuditEvents::ProtectedBranchAuditEventService do
let(:merge_level) { 'Maintainers' } let(:merge_level) { 'Maintainers' }
let(:push_level) { 'No one' } let(:push_level) { 'No one' }
let(:author) { create(:user, :with_sign_ins) } let_it_be(:author) { create(:user, :with_sign_ins) }
let(:entity) { create(:project, creator: author) } let_it_be(:entity) { create(:project, creator: author) }
let(:protected_branch) { create(:protected_branch, :no_one_can_push, project: entity) } let_it_be(:protected_branch) { create(:protected_branch, :no_one_can_push, project: entity) }
let(:logger) { instance_double(Gitlab::AuditJsonLogger) } let(:logger) { instance_spy(Gitlab::AuditJsonLogger) }
describe '#security_event' do describe '#security_event' do
shared_examples 'loggable' do |action| shared_examples 'loggable' do |action|
...@@ -19,41 +19,49 @@ RSpec.describe EE::AuditEvents::ProtectedBranchAuditEventService do ...@@ -19,41 +19,49 @@ RSpec.describe EE::AuditEvents::ProtectedBranchAuditEventService do
stub_licensed_features(admin_audit_log: true) stub_licensed_features(admin_audit_log: true)
end end
it 'creates an event and logs to a file with the provided details' do it 'creates an event', :aggregate_failures do
expect(service).to receive(:file_logger).and_return(logger)
expect(logger).to receive(:info).with(author_id: author.id,
author_name: author.name,
entity_id: entity.id,
entity_type: 'Project',
entity_path: entity.full_path,
merge_access_levels: [merge_level],
push_access_levels: [push_level],
target_details: protected_branch.name,
target_id: protected_branch.id,
target_type: 'ProtectedBranch',
action => 'protected_branch',
ip_address: '127.0.0.1')
expect { service.security_event }.to change(AuditEvent, :count).by(1) expect { service.security_event }.to change(AuditEvent, :count).by(1)
security_event = AuditEvent.last security_event = AuditEvent.last
expect(security_event.details).to eq(action => 'protected_branch', expect(security_event.details).to eq(
author_name: author.name, action => 'protected_branch',
target_id: protected_branch.id, author_name: author.name,
entity_path: entity.full_path, target_id: protected_branch.id,
target_type: 'ProtectedBranch', entity_path: entity.full_path,
target_details: protected_branch.name, target_type: 'ProtectedBranch',
push_access_levels: [push_level], target_details: protected_branch.name,
merge_access_levels: [merge_level], push_access_levels: [push_level],
ip_address: '127.0.0.1') merge_access_levels: [merge_level],
ip_address: '127.0.0.1'
)
expect(security_event.author_id).to eq(author.id) expect(security_event.author_id).to eq(author.id)
expect(security_event.entity_id).to eq(entity.id) expect(security_event.entity_id).to eq(entity.id)
expect(security_event.entity_type).to eq('Project') expect(security_event.entity_type).to eq('Project')
expect(security_event.ip_address).to eq('127.0.0.1') expect(security_event.ip_address).to eq('127.0.0.1')
end end
it 'logs to a file with the provided details' do
allow(service).to receive(:file_logger).and_return(logger)
service.security_event
expect(logger).to have_received(:info).with(
author_id: author.id,
author_name: author.name,
entity_id: entity.id,
entity_type: 'Project',
entity_path: entity.full_path,
merge_access_levels: [merge_level],
push_access_levels: [push_level],
target_details: protected_branch.name,
target_id: protected_branch.id,
target_type: 'ProtectedBranch',
action => 'protected_branch',
ip_address: '127.0.0.1'
)
end
end end
end end
...@@ -70,7 +78,7 @@ RSpec.describe EE::AuditEvents::ProtectedBranchAuditEventService do ...@@ -70,7 +78,7 @@ RSpec.describe EE::AuditEvents::ProtectedBranchAuditEventService do
admin_audit_log: false) admin_audit_log: false)
end end
it "doesn't create an event or log to a file" do it "doesn't create an event or log to a file", :aggregate_failures do
expect(service).not_to receive(:file_logger) expect(service).not_to receive(:file_logger)
expect { service.security_event }.not_to change(AuditEvent, :count) expect { service.security_event }.not_to change(AuditEvent, :count)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment