CE Port: Log impersonation actions in audit log
This change adds audit logs for user impersonation when an admin starts/stops impersonating another user.
This commit is contained in:
parent
3a55ba7de4
commit
3c9d75e045
4 changed files with 21 additions and 4 deletions
|
@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController
|
||||||
|
|
||||||
warden.set_user(user, scope: :user)
|
warden.set_user(user, scope: :user)
|
||||||
|
|
||||||
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
|
log_impersonation_event
|
||||||
|
|
||||||
flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }
|
flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }
|
||||||
|
|
||||||
|
@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController
|
||||||
def check_impersonation_availability
|
def check_impersonation_availability
|
||||||
access_denied! unless Gitlab.config.gitlab.impersonation_enabled
|
access_denied! unless Gitlab.config.gitlab.impersonation_enabled
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def log_impersonation_event
|
||||||
|
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def stop_impersonation
|
def stop_impersonation
|
||||||
impersonated_user = current_user
|
log_impersonation_event
|
||||||
|
|
||||||
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
|
|
||||||
|
|
||||||
warden.set_user(impersonator, scope: :user)
|
warden.set_user(impersonator, scope: :user)
|
||||||
session[:impersonator_id] = nil
|
session[:impersonator_id] = nil
|
||||||
|
@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base
|
||||||
impersonated_user
|
impersonated_user
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def impersonated_user
|
||||||
|
current_user
|
||||||
|
end
|
||||||
|
|
||||||
|
def log_impersonation_event
|
||||||
|
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
|
||||||
|
end
|
||||||
|
|
||||||
def impersonator
|
def impersonator
|
||||||
@impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
|
@impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
|
||||||
end
|
end
|
||||||
|
|
|
@ -94,6 +94,7 @@ recorded:
|
||||||
- Changed password
|
- Changed password
|
||||||
- Ask for password reset
|
- Ask for password reset
|
||||||
- Grant OAuth access
|
- Grant OAuth access
|
||||||
|
- Started/stopped user impersonation
|
||||||
|
|
||||||
It is possible to filter particular actions by choosing an audit data type from
|
It is possible to filter particular actions by choosing an audit data type from
|
||||||
the filter drop-down. You can further filter by specific group, project or user
|
the filter drop-down. You can further filter by specific group, project or user
|
||||||
|
|
|
@ -279,6 +279,12 @@ describe Admin::UsersController do
|
||||||
expect(warden.user).to eq(user)
|
expect(warden.user).to eq(user)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'logs the beginning of the impersonation event' do
|
||||||
|
expect(Gitlab::AppLogger).to receive(:info).with("User #{admin.username} has started impersonating #{user.username}").and_call_original
|
||||||
|
|
||||||
|
post :impersonate, params: { id: user.username }
|
||||||
|
end
|
||||||
|
|
||||||
it "redirects to root" do
|
it "redirects to root" do
|
||||||
post :impersonate, params: { id: user.username }
|
post :impersonate, params: { id: user.username }
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue