kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

CE Port: Log impersonation actions in audit log 

This change adds audit logs for user impersonation
when an admin starts/stops impersonating
another user.
This commit is contained in:
manojmj 2019-07-23 11:44:09 +05:30
parent 3a55ba7de4
commit 3c9d75e045
4 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/admin/users_controller.rb
View File

@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController
warden.set_user(user, scope: :user) warden.set_user(user, scope: :user)
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username }) log_impersonation_event
flash[:alert] = _("You are now impersonating %{username}") % { username: user.username } flash[:alert] = _("You are now impersonating %{username}") % { username: user.username }
@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController
def check_impersonation_availability def check_impersonation_availability
access_denied! unless Gitlab.config.gitlab.impersonation_enabled access_denied! unless Gitlab.config.gitlab.impersonation_enabled
end end
def log_impersonation_event
Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username })
end
end end

12
app/controllers/application_controller.rb
View File

@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base
end end
def stop_impersonation def stop_impersonation
impersonated_user = current_user log_impersonation_event
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
warden.set_user(impersonator, scope: :user) warden.set_user(impersonator, scope: :user)
session[:impersonator_id] = nil session[:impersonator_id] = nil
@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base
impersonated_user impersonated_user
end end
def impersonated_user
current_user
end
def log_impersonation_event
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}")
end
def impersonator def impersonator
@impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id] @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
end end

1
doc/administration/audit_events.md
View File

@ -94,6 +94,7 @@ recorded:
- Changed password - Changed password
- Ask for password reset - Ask for password reset
- Grant OAuth access - Grant OAuth access
- Started/stopped user impersonation
It is possible to filter particular actions by choosing an audit data type from It is possible to filter particular actions by choosing an audit data type from
the filter drop-down. You can further filter by specific group, project or user the filter drop-down. You can further filter by specific group, project or user

6
spec/controllers/admin/users_controller_spec.rb
View File

@ -279,6 +279,12 @@ describe Admin::UsersController do
expect(warden.user).to eq(user) expect(warden.user).to eq(user)
end end
it 'logs the beginning of the impersonation event' do
expect(Gitlab::AppLogger).to receive(:info).with("User #{admin.username} has started impersonating #{user.username}").and_call_original
post :impersonate, params: { id: user.username }
end
it "redirects to root" do it "redirects to root" do
post :impersonate, params: { id: user.username } post :impersonate, params: { id: user.username }