From 883047532dacc9ab03b7fdf282c356f901eaa2b4 Mon Sep 17 00:00:00 2001 From: sameer shaik Date: Thu, 23 Mar 2023 16:43:40 +0000 Subject: [PATCH 1/6] Add user unblock audit event --- app/services/users/unblock_service.rb | 2 + ee/app/services/ee/users/unblock_service.rb | 30 +++++++++ ee/config/audit_events/types/unblock_user.yml | 8 +++ .../services/ee/users/unblock_service_spec.rb | 64 +++++++++++++++++++ 4 files changed, 104 insertions(+) create mode 100644 ee/app/services/ee/users/unblock_service.rb create mode 100644 ee/config/audit_events/types/unblock_user.yml create mode 100644 ee/spec/services/ee/users/unblock_service_spec.rb diff --git a/app/services/users/unblock_service.rb b/app/services/users/unblock_service.rb index 1302395662fc19..d80f65b5757f8f 100644 --- a/app/services/users/unblock_service.rb +++ b/app/services/users/unblock_service.rb @@ -27,3 +27,5 @@ def after_unblock_hook(user) end end end + +Users::UnblockService.prepend_mod_with('Users::UnblockService') diff --git a/ee/app/services/ee/users/unblock_service.rb b/ee/app/services/ee/users/unblock_service.rb new file mode 100644 index 00000000000000..dc0853feb5ed2e --- /dev/null +++ b/ee/app/services/ee/users/unblock_service.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +module EE + module Users + module UnblockService + extend ::Gitlab::Utils::Override + + override :after_unblock_hook + def after_unblock_hook(user) + super + log_audit_event(user) + end + + private + + def log_audit_event(user) + audit_context = { + name: 'unblock_user', + author: current_user, + scope: user, + target: user, + message: "Unblocked user" + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end + end + end + end + \ No newline at end of file diff --git a/ee/config/audit_events/types/unblock_user.yml b/ee/config/audit_events/types/unblock_user.yml new file mode 100644 index 00000000000000..47486a342ddefe --- /dev/null +++ b/ee/config/audit_events/types/unblock_user.yml @@ -0,0 +1,8 @@ +name: unblock_user +description: Event triggered on user unblock action +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/13473 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115726 +feature_category: "compliance_management" +milestone: "15.11" +saved_to_database: true +streamed: true diff --git a/ee/spec/services/ee/users/unblock_service_spec.rb b/ee/spec/services/ee/users/unblock_service_spec.rb new file mode 100644 index 00000000000000..f41d87c955987c --- /dev/null +++ b/ee/spec/services/ee/users/unblock_service_spec.rb @@ -0,0 +1,64 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Users::UnblockService, feature_category: :user_management do + let_it_be(:current_user) { create(:admin) } + + subject(:service) { described_class.new(current_user) } + + describe '#execute' do + let!(:user) { create(:user, :blocked) } + + subject(:operation) { service.execute(user) } + + describe 'audit events' do + context 'when licensed' do + before do + stub_licensed_features(admin_audit_log: true) + end + + context 'when user unblock operation succeeds' do + it 'logs an audit event' do + binding.pry_shell + expect { operation }.to change { AuditEvent.count } + end + + it 'logs the audit event info' do + operation + + expect(AuditEvent.last).to have_attributes( + details: hash_including(custom_message: 'Unblocked user') + ) + end + end + + context 'when user unblock operation fails' do + let!(:user) { create(:user) } + + before do + allow(user).to receive(:unblock).and_return(false) + end + + it 'does not log any audit event' do + expect { operation }.not_to change { AuditEvent.count } + end + end + end + + context 'when not licensed' do + before do + stub_licensed_features( + admin_audit_log: false, + audit_events: false, + extended_audit_events: false + ) + end + + it 'does not log any audit event' do + expect { operation }.not_to change { AuditEvent.count } + end + end + end + end +end -- GitLab From 05b67b46d9558e8e16de3053668978f3033f282f Mon Sep 17 00:00:00 2001 From: sameer shaik Date: Thu, 23 Mar 2023 16:52:00 +0000 Subject: [PATCH 2/6] Fix rubocop issues --- ee/app/services/ee/users/unblock_service.rb | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/ee/app/services/ee/users/unblock_service.rb b/ee/app/services/ee/users/unblock_service.rb index dc0853feb5ed2e..ce84316161c2b1 100644 --- a/ee/app/services/ee/users/unblock_service.rb +++ b/ee/app/services/ee/users/unblock_service.rb @@ -1,18 +1,18 @@ # frozen_string_literal: true module EE - module Users + module Users module UnblockService extend ::Gitlab::Utils::Override - + override :after_unblock_hook def after_unblock_hook(user) super log_audit_event(user) end - + private - + def log_audit_event(user) audit_context = { name: 'unblock_user', @@ -21,10 +21,9 @@ def log_audit_event(user) target: user, message: "Unblocked user" } - + ::Gitlab::Audit::Auditor.audit(audit_context) - end end end end - \ No newline at end of file +end -- GitLab From a8df52fe33fb3a6300af186a41e99cb4665affcb Mon Sep 17 00:00:00 2001 From: sameer shaik Date: Thu, 23 Mar 2023 17:01:58 +0000 Subject: [PATCH 3/6] Fix rubocop spacing issues --- ee/app/services/ee/users/unblock_service.rb | 34 ++++++++++----------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/ee/app/services/ee/users/unblock_service.rb b/ee/app/services/ee/users/unblock_service.rb index ce84316161c2b1..17f4600f377004 100644 --- a/ee/app/services/ee/users/unblock_service.rb +++ b/ee/app/services/ee/users/unblock_service.rb @@ -2,27 +2,27 @@ module EE module Users - module UnblockService - extend ::Gitlab::Utils::Override + module UnblockService + extend ::Gitlab::Utils::Override - override :after_unblock_hook - def after_unblock_hook(user) - super - log_audit_event(user) - end + override :after_unblock_hook + def after_unblock_hook(user) + super + log_audit_event(user) + end - private + private - def log_audit_event(user) - audit_context = { - name: 'unblock_user', - author: current_user, - scope: user, - target: user, - message: "Unblocked user" - } + def log_audit_event(user) + audit_context = { + name: 'unblock_user', + author: current_user, + scope: user, + target: user, + message: "Unblocked user" + } - ::Gitlab::Audit::Auditor.audit(audit_context) + ::Gitlab::Audit::Auditor.audit(audit_context) end end end -- GitLab From fe8d6369be8387802547e343e2e6adab60c75090 Mon Sep 17 00:00:00 2001 From: sameer shaik Date: Fri, 24 Mar 2023 06:50:39 +0000 Subject: [PATCH 4/6] User unblock audit event Add user unblock audit event at the instance level Changelog: added MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115727 EE: true --- ee/config/audit_events/types/unblock_user.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/config/audit_events/types/unblock_user.yml b/ee/config/audit_events/types/unblock_user.yml index 47486a342ddefe..7ecdf30652947f 100644 --- a/ee/config/audit_events/types/unblock_user.yml +++ b/ee/config/audit_events/types/unblock_user.yml @@ -1,7 +1,7 @@ name: unblock_user description: Event triggered on user unblock action -introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/13473 -introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115726 +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/377620 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115727 feature_category: "compliance_management" milestone: "15.11" saved_to_database: true -- GitLab From 52163f410defebb6331497179c2b6d074a90e816 Mon Sep 17 00:00:00 2001 From: sameer shaik Date: Fri, 24 Mar 2023 11:03:18 +0000 Subject: [PATCH 5/6] Specify audit change count --- ee/spec/services/ee/users/unblock_service_spec.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ee/spec/services/ee/users/unblock_service_spec.rb b/ee/spec/services/ee/users/unblock_service_spec.rb index f41d87c955987c..2a91d5de8a9c68 100644 --- a/ee/spec/services/ee/users/unblock_service_spec.rb +++ b/ee/spec/services/ee/users/unblock_service_spec.rb @@ -20,8 +20,7 @@ context 'when user unblock operation succeeds' do it 'logs an audit event' do - binding.pry_shell - expect { operation }.to change { AuditEvent.count } + expect { operation }.to change { AuditEvent.count }.by(1) end it 'logs the audit event info' do -- GitLab From 5994fef19de663cd0e6ebfe2ca29d11f414e7c14 Mon Sep 17 00:00:00 2001 From: sameer shaik Date: Sun, 26 Mar 2023 15:37:37 +0000 Subject: [PATCH 6/6] Specify target details --- ee/app/services/ee/users/unblock_service.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ee/app/services/ee/users/unblock_service.rb b/ee/app/services/ee/users/unblock_service.rb index 17f4600f377004..5b648780cd43e5 100644 --- a/ee/app/services/ee/users/unblock_service.rb +++ b/ee/app/services/ee/users/unblock_service.rb @@ -19,7 +19,8 @@ def log_audit_event(user) author: current_user, scope: user, target: user, - message: "Unblocked user" + message: "Unblocked user", + target_details: user.username } ::Gitlab::Audit::Auditor.audit(audit_context) -- GitLab