Commit e6dff31c authored by Robert Speicher's avatar Robert Speicher

Merge branch '299943-follow-up-from-project-access-token-api' into 'master'

Project access token audit events- Log token id instead of user id

See merge request gitlab-org/gitlab!52535
parents 260e0afc 85c58c0e
...@@ -13,7 +13,7 @@ module EE ...@@ -13,7 +13,7 @@ module EE
def audit_event_service(token, response) def audit_event_service(token, response)
message = if response.success? message = if response.success?
"Created #{resource_type} access token with id: #{token.user.id} with scopes: #{token.scopes}" "Created #{resource_type} access token with token_id: #{token.id} with scopes: #{token.scopes}"
else else
"Attempted to create #{resource_type} access token but failed with message: #{response.message}" "Attempted to create #{resource_type} access token but failed with message: #{response.message}"
end end
......
...@@ -5,7 +5,7 @@ module EE ...@@ -5,7 +5,7 @@ module EE
module RevokeService module RevokeService
def execute def execute
super.tap do |response| super.tap do |response|
audit_event_service(bot_user, response) audit_event_service(access_token, response)
end end
end end
...@@ -13,15 +13,15 @@ module EE ...@@ -13,15 +13,15 @@ module EE
def audit_event_service(token, response) def audit_event_service(token, response)
message = if response.success? message = if response.success?
"Revoked #{resource.class.name.downcase} access token with id: #{bot_user.id}" "Revoked #{resource.class.name.downcase} access token with token_id: #{access_token.id}"
else else
"Attempted to revoke #{resource.class.name.downcase} access token with id: #{bot_user.id}, but failed with message: #{response.message}" "Attempted to revoke #{resource.class.name.downcase} access token with token_id: #{access_token.id}, but failed with message: #{response.message}"
end end
::AuditEventService.new( ::AuditEventService.new(
current_user, current_user,
resource, resource,
target_details: bot_user.name, target_details: access_token.user.name,
action: :custom, action: :custom,
custom_message: message, custom_message: message,
ip_address: current_user.current_sign_in_ip ip_address: current_user.current_sign_in_ip
......
---
title: Log token_id in project access token audit events instead of user_id
merge_request: 52535
author:
type: changed
...@@ -85,7 +85,7 @@ RSpec.describe ResourceAccessTokens::CreateService do ...@@ -85,7 +85,7 @@ RSpec.describe ResourceAccessTokens::CreateService do
audit_event = AuditEvent.where(author_id: user.id).last audit_event = AuditEvent.where(author_id: user.id).last
expect(audit_event.details[:custom_message]).to eq("Created project access token with id: #{response.payload[:access_token].user.id} with scopes: #{response.payload[:access_token].scopes}") expect(audit_event.details[:custom_message]).to eq("Created project access token with token_id: #{response.payload[:access_token].id} with scopes: #{response.payload[:access_token].scopes}")
expect(audit_event.details[:target_details]).to match(response.payload[:access_token].user.name) expect(audit_event.details[:target_details]).to match(response.payload[:access_token].user.name)
end end
end end
......
...@@ -40,7 +40,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do ...@@ -40,7 +40,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
audit_event = AuditEvent.where(author_id: user.id).last audit_event = AuditEvent.where(author_id: user.id).last
expect(audit_event.details[:custom_message]).to match(/Revoked project access token with id: \d+/) expect(audit_event.details[:custom_message]).to match(/Revoked project access token with token_id: \d+/)
expect(audit_event.details[:target_details]).to eq(access_token.user.name) expect(audit_event.details[:target_details]).to eq(access_token.user.name)
end end
end end
...@@ -56,7 +56,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do ...@@ -56,7 +56,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
it 'logs the find error message' do it 'logs the find error message' do
subject subject
expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with id: \d+, but failed with message: Failed to find bot user/) expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with token_id: \d+, but failed with message: Failed to find bot user/)
end end
end end
...@@ -71,7 +71,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do ...@@ -71,7 +71,7 @@ RSpec.describe ResourceAccessTokens::RevokeService do
it 'logs the permission error message' do it 'logs the permission error message' do
subject subject
expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with id: \d+, but failed with message: #{user.name} cannot delete #{access_token.user.name}/) expect(AuditEvent.where(author_id: user.id).last.details[:custom_message]).to match(/Attempted to revoke project access token with token_id: \d+, but failed with message: #{user.name} cannot delete #{access_token.user.name}/)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment