From d7b09af3b6f06d9c01c1833e7f7269a1b5f11a54 Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Fri, 28 Oct 2022 09:12:53 +1300 Subject: [PATCH 1/2] Add audit event for deleting web hooks When a user deletes a project/group/system hook, this will now generate an audit event via the appropriate scope. Changelog: added EE: true --- app/services/web_hooks/destroy_service.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/services/web_hooks/destroy_service.rb b/app/services/web_hooks/destroy_service.rb index dbd164ab20e6df..164f37f6ade828 100644 --- a/app/services/web_hooks/destroy_service.rb +++ b/app/services/web_hooks/destroy_service.rb @@ -19,6 +19,16 @@ def execute(web_hook) hook_id = web_hook.id if web_hook.destroy + audit_context = { + name: "delete_#{web_hook.model_name.singular}", + author: current_user, + scope: web_hook.parent || current_user, + target: web_hook, + message: "Deleted #{web_hook.model_name.human.downcase}", + target_details: { id: web_hook.id, url: web_hook.url } + } + ::Gitlab::Audit::Auditor.audit(audit_context) + WebHooks::LogDestroyWorker.perform_async({ 'hook_id' => hook_id }) Gitlab::AppLogger.info(log_message(web_hook)) -- GitLab From ebd7a3f1c94db5b46c1d53110c708bb3497eb83b Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Fri, 28 Oct 2022 09:31:21 +1300 Subject: [PATCH 2/2] Move audit event code into EE --- app/services/web_hooks/destroy_service.rb | 28 ++++++++--------- .../services/ee/web_hooks/destroy_service.rb | 30 +++++++++++++++++++ 2 files changed, 42 insertions(+), 16 deletions(-) create mode 100644 ee/app/services/ee/web_hooks/destroy_service.rb diff --git a/app/services/web_hooks/destroy_service.rb b/app/services/web_hooks/destroy_service.rb index 164f37f6ade828..47e0a36b47356c 100644 --- a/app/services/web_hooks/destroy_service.rb +++ b/app/services/web_hooks/destroy_service.rb @@ -16,23 +16,8 @@ def initialize(current_user) def execute(web_hook) return error(DENIED, 401) unless authorized?(web_hook) - hook_id = web_hook.id - if web_hook.destroy - audit_context = { - name: "delete_#{web_hook.model_name.singular}", - author: current_user, - scope: web_hook.parent || current_user, - target: web_hook, - message: "Deleted #{web_hook.model_name.human.downcase}", - target_details: { id: web_hook.id, url: web_hook.url } - } - ::Gitlab::Audit::Auditor.audit(audit_context) - - WebHooks::LogDestroyWorker.perform_async({ 'hook_id' => hook_id }) - Gitlab::AppLogger.info(log_message(web_hook)) - - success({ async: false }) + after_destroy(web_hook) else error("Unable to destroy #{web_hook.model_name.human}", 500) end @@ -40,6 +25,15 @@ def execute(web_hook) private + def after_destroy(web_hook) + hook_id = web_hook.id + + WebHooks::LogDestroyWorker.perform_async({ 'hook_id' => hook_id }) + Gitlab::AppLogger.info(log_message(web_hook)) + + success({ async: false }) + end + def log_message(hook) "User #{current_user&.id} scheduled a deletion of logs for hook ID #{hook.id}" end @@ -49,3 +43,5 @@ def authorized?(web_hook) end end end + +WebHooks::DestroyService.prepend_mod_with('WebHooks::DestroyService') diff --git a/ee/app/services/ee/web_hooks/destroy_service.rb b/ee/app/services/ee/web_hooks/destroy_service.rb new file mode 100644 index 00000000000000..783b16c8e701d3 --- /dev/null +++ b/ee/app/services/ee/web_hooks/destroy_service.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +module EE + module WebHooks + module DestroyService + extend ::Gitlab::Utils::Override + + private + + override :after_destroy + def after_destroy(web_hook) + log_audit_event(web_hook) + super + end + + def log_audit_event(web_hook) + audit_context = { + name: "delete_#{web_hook.model_name.singular}", + author: current_user, + scope: web_hook.parent || current_user, + target: web_hook, + message: "Deleted #{web_hook.model_name.human.downcase}", + target_details: { id: web_hook.id, url: web_hook.url } + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end + end + end +end -- GitLab