From 6d08df20180c9afe07bcdb9c2f7ee24f66218859 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Fri, 11 Aug 2023 15:03:15 +0530 Subject: [PATCH 1/9] Audit user password reset failure events This commit adds audit event for user password failures EE: true Changelog: added --- app/controllers/passwords_controller.rb | 4 ++ .../profiles/passwords_controller.rb | 1 + .../audit_event_types.md | 1 + ee/app/controllers/ee/passwords_controller.rb | 6 ++ .../types/password_reset_failed.yml | 9 +++ ee/lib/audit/user_password_reset_auditor.rb | 32 ++++++++++ .../controllers/passwords_controller_spec.rb | 35 +++++++++++ .../audit/user_password_reset_auditor_spec.rb | 61 +++++++++++++++++++ 8 files changed, 149 insertions(+) create mode 100644 ee/config/audit_events/types/password_reset_failed.yml create mode 100644 ee/lib/audit/user_password_reset_auditor.rb create mode 100644 ee/spec/lib/audit/user_password_reset_auditor_spec.rb diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 38839497fb6e24..d1ca16bd8fb79c 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -43,6 +43,7 @@ def update resource.password_expires_at = nil resource.save(validate: false) if resource.changed? else + log_audit_reset_failure(@user) track_weak_password_error(@user, self.class.name, 'create') end end @@ -50,6 +51,9 @@ def update protected + # overriden in EE + def log_audit_reset_failure(_user); end + def resource_from_email email = resource_params[:email] self.resource = resource_class.find_by_email(email) diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index 7a0dfbbba0d618..01a14f7b5dd11e 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -51,6 +51,7 @@ def update flash[:notice] = _('Password was successfully updated. Please sign in again.') redirect_to new_user_session_path else + Audit::UserPasswordResetAuditor.new(@user, @user).audit_reset_failure track_weak_password_error(@user, self.class.name, 'update') @user.reset render 'edit' diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index 2a7c3367f6a466..b6609313b02b3a 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -170,6 +170,7 @@ Every audit event is associated with an event type. The association with the eve | [`merged_merge_request_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | Audit event triggered when a merged merge request is deleted | **{dotted-circle}** No | **{check-circle}** Yes | `source_code_management` | GitLab [16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | | [`merged_merge_request_deletion_started`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | Audit event triggered when a merged merge request's deletion is started | **{dotted-circle}** No | **{check-circle}** Yes | `source_code_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | | [`omniauth_login_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123080) | Event triggered when an OmniAuth login fails | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | +| [`password_reset_failed`](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | Event triggered when a user requests a password reset fails | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | | [`password_reset_requested`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114548) | Event triggered when a user requests a password reset using a registered email address | **{check-circle}** Yes | **{dotted-circle}** No | `compliance_management` | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | | [`personal_access_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952) | Event triggered when a user creates a personal access token | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/374113) | | [`personal_access_token_revoked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952) | Event triggered when a personal access token is revoked | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/374113) | diff --git a/ee/app/controllers/ee/passwords_controller.rb b/ee/app/controllers/ee/passwords_controller.rb index 5c1282a2dc5a50..c6197a879b3ffa 100644 --- a/ee/app/controllers/ee/passwords_controller.rb +++ b/ee/app/controllers/ee/passwords_controller.rb @@ -3,11 +3,17 @@ module EE module PasswordsController extend ActiveSupport::Concern + extend ::Gitlab::Utils::Override prepended do before_action :log_audit_event, only: [:create] end + override :log_audit_reset_failure + def log_audit_reset_failure(user) + ::Audit::UserPasswordResetAuditor.new(user, user, request.remote_ip).audit_reset_failure + end + private def log_audit_event diff --git a/ee/config/audit_events/types/password_reset_failed.yml b/ee/config/audit_events/types/password_reset_failed.yml new file mode 100644 index 00000000000000..fc305b539cbf08 --- /dev/null +++ b/ee/config/audit_events/types/password_reset_failed.yml @@ -0,0 +1,9 @@ +--- +name: password_reset_failed +description: Event triggered when a user requests a password reset fails +introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/377762 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/issues/377762 +feature_category: compliance_management +milestone: '16.3' +saved_to_database: true +streamed: true diff --git a/ee/lib/audit/user_password_reset_auditor.rb b/ee/lib/audit/user_password_reset_auditor.rb new file mode 100644 index 00000000000000..f876beca479dff --- /dev/null +++ b/ee/lib/audit/user_password_reset_auditor.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +module Audit + class UserPasswordResetAuditor < BaseChangesAuditor + def initialize(current_user, model, remote_ip) + super(current_user, model) + + @remote_ip = remote_ip + end + + def audit_reset_failure + errors = @model.errors[:password] + return if errors.blank? + + ::Gitlab::Audit::Auditor.audit({ + name: "password_reset_failed", + author: @current_user, + scope: @model, + target: @model, + target_details: @current_user.email, + message: failure_message(errors), + ip_address: @remote_ip + }) + end + + private + + def failure_message(errors) + "Password reset failed with reason#{errors.many? ? 's' : nil}: #{errors.to_sentence}" # rubocop:disable CodeReuse/ActiveRecord + end + end +end diff --git a/ee/spec/controllers/passwords_controller_spec.rb b/ee/spec/controllers/passwords_controller_spec.rb index 9c4d10497ddca0..1d0fd2442e9a63 100644 --- a/ee/spec/controllers/passwords_controller_spec.rb +++ b/ee/spec/controllers/passwords_controller_spec.rb @@ -13,6 +13,41 @@ subject(:post_create) { post :create, params: { user: { email: email } } } + describe "#update" do + context "when password is not updated" do + subject do + put :update, params: { + user: { + password: password, + password_confirmation: password_confirmation, + reset_password_token: reset_password_token + } + } + end + + let(:password) { User.random_password } + let(:password_confirmation) { password } + let(:reset_password_token) { user.send_reset_password_instructions } + let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) } + + before do + allow_next_found_instance_of(::User) do |instance| + allow(instance).to receive(:valid?).and_return(false) + end + allow_next_instance_of(::Audit::UserPasswordResetAuditor) do |instance| + allow(instance).to receive(:new).and_call_original + end + end + + it "calls `::Audit::UserPasswordResetAuditor` with correct args" do + expect(::Audit::UserPasswordResetAuditor).to receive(:new).with(instance_of(User), instance_of(User), + instance_of(String)) + + subject + end + end + end + context "when email exists" do let(:email) { user.email } diff --git a/ee/spec/lib/audit/user_password_reset_auditor_spec.rb b/ee/spec/lib/audit/user_password_reset_auditor_spec.rb new file mode 100644 index 00000000000000..f851e84b3fbafa --- /dev/null +++ b/ee/spec/lib/audit/user_password_reset_auditor_spec.rb @@ -0,0 +1,61 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Audit::UserPasswordResetAuditor, feature_category: :audit_events do + let_it_be(:user) { create(:user) } + let_it_be(:remote_ip) { "127.0.0.1" } + + describe ".audit_reset_failure" do + subject(:audit_reset_failure) { described_class.new(user, user, remote_ip).audit_reset_failure } + + context "when there is no errors in password" do + before do + allow(user).to receive(:errors).and_return({}) + end + + it "doesn't audit" do + expect(::Gitlab::Audit::Auditor).not_to receive(:audit) + + audit_reset_failure + end + end + + shared_examples "logs audit event with correct reason" do |reason| + it "does audit with correct reason" do + expect(::Gitlab::Audit::Auditor).to receive(:audit).with( + { name: "password_reset_failed", + author: user, + scope: user, + target: user, + target_details: user.email, + message: reason, + ip_address: remote_ip } + ).and_call_original + + audit_reset_failure + end + end + + context "when there is a single error in password" do + before do + allow(user).to receive(:errors).and_return({ password: ["must contain a letter"] }) + end + + it_behaves_like "logs audit event with correct reason", + "Password reset failed with reason: must contain a letter" + end + + context "when there are multiple errors in password" do + before do + allow(user).to receive(:errors).and_return({ + password: ["must contain a letter", + "must not contain commonly used characters"] + }) + end + + it_behaves_like "logs audit event with correct reason", + "Password reset failed with reasons: must contain a letter and must not contain commonly used characters" + end + end +end -- GitLab From a3fe9a2a2f4a965129d7725c1e05275bbf2fe3c4 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Fri, 11 Aug 2023 15:38:43 +0530 Subject: [PATCH 2/9] Add MR url --- app/controllers/profiles/passwords_controller.rb | 1 - ee/config/audit_events/types/password_reset_failed.yml | 4 ++-- ee/spec/controllers/passwords_controller_spec.rb | 5 +---- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index 01a14f7b5dd11e..7a0dfbbba0d618 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -51,7 +51,6 @@ def update flash[:notice] = _('Password was successfully updated. Please sign in again.') redirect_to new_user_session_path else - Audit::UserPasswordResetAuditor.new(@user, @user).audit_reset_failure track_weak_password_error(@user, self.class.name, 'update') @user.reset render 'edit' diff --git a/ee/config/audit_events/types/password_reset_failed.yml b/ee/config/audit_events/types/password_reset_failed.yml index fc305b539cbf08..8bfa2d5ca1ee72 100644 --- a/ee/config/audit_events/types/password_reset_failed.yml +++ b/ee/config/audit_events/types/password_reset_failed.yml @@ -2,8 +2,8 @@ name: password_reset_failed description: Event triggered when a user requests a password reset fails introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/377762 -introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/issues/377762 +introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129079 feature_category: compliance_management milestone: '16.3' -saved_to_database: true +saved_to_database: false streamed: true diff --git a/ee/spec/controllers/passwords_controller_spec.rb b/ee/spec/controllers/passwords_controller_spec.rb index 1d0fd2442e9a63..52525786fc0179 100644 --- a/ee/spec/controllers/passwords_controller_spec.rb +++ b/ee/spec/controllers/passwords_controller_spec.rb @@ -34,14 +34,11 @@ allow_next_found_instance_of(::User) do |instance| allow(instance).to receive(:valid?).and_return(false) end - allow_next_instance_of(::Audit::UserPasswordResetAuditor) do |instance| - allow(instance).to receive(:new).and_call_original - end end it "calls `::Audit::UserPasswordResetAuditor` with correct args" do expect(::Audit::UserPasswordResetAuditor).to receive(:new).with(instance_of(User), instance_of(User), - instance_of(String)) + instance_of(String)).and_call_original subject end -- GitLab From 6f19326b9fdcaf7efdf1e1d273d6b351e7958136 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Fri, 11 Aug 2023 15:39:40 +0530 Subject: [PATCH 3/9] Recompile docs --- doc/administration/audit_event_streaming/audit_event_types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index b6609313b02b3a..c6253815124711 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -170,7 +170,7 @@ Every audit event is associated with an event type. The association with the eve | [`merged_merge_request_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | Audit event triggered when a merged merge request is deleted | **{dotted-circle}** No | **{check-circle}** Yes | `source_code_management` | GitLab [16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | | [`merged_merge_request_deletion_started`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | Audit event triggered when a merged merge request's deletion is started | **{dotted-circle}** No | **{check-circle}** Yes | `source_code_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | | [`omniauth_login_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123080) | Event triggered when an OmniAuth login fails | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | -| [`password_reset_failed`](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | Event triggered when a user requests a password reset fails | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | +| [`password_reset_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129079) | Event triggered when a user requests a password reset fails | **{dotted-circle}** No | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | | [`password_reset_requested`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114548) | Event triggered when a user requests a password reset using a registered email address | **{check-circle}** Yes | **{dotted-circle}** No | `compliance_management` | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | | [`personal_access_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952) | Event triggered when a user creates a personal access token | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/374113) | | [`personal_access_token_revoked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952) | Event triggered when a personal access token is revoked | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/374113) | -- GitLab From ccb5544ae866ba7185ce71a23733da9b45be18ec Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Tue, 22 Aug 2023 09:14:51 +0000 Subject: [PATCH 4/9] Apply 5 suggestion(s) to 3 file(s) --- ee/config/audit_events/types/password_reset_failed.yml | 6 +++--- ee/lib/audit/user_password_reset_auditor.rb | 2 +- ee/spec/lib/audit/user_password_reset_auditor_spec.rb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ee/config/audit_events/types/password_reset_failed.yml b/ee/config/audit_events/types/password_reset_failed.yml index 8bfa2d5ca1ee72..418c6b1faf7e36 100644 --- a/ee/config/audit_events/types/password_reset_failed.yml +++ b/ee/config/audit_events/types/password_reset_failed.yml @@ -1,9 +1,9 @@ --- name: password_reset_failed -description: Event triggered when a user requests a password reset fails +description: Event triggered when a password reset fails for a user introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/377762 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129079 -feature_category: compliance_management -milestone: '16.3' +feature_category: user_management +milestone: '16.4' saved_to_database: false streamed: true diff --git a/ee/lib/audit/user_password_reset_auditor.rb b/ee/lib/audit/user_password_reset_auditor.rb index f876beca479dff..3c2f9146133a82 100644 --- a/ee/lib/audit/user_password_reset_auditor.rb +++ b/ee/lib/audit/user_password_reset_auditor.rb @@ -26,7 +26,7 @@ def audit_reset_failure private def failure_message(errors) - "Password reset failed with reason#{errors.many? ? 's' : nil}: #{errors.to_sentence}" # rubocop:disable CodeReuse/ActiveRecord + "Password reset failed with reason#{errors.count > 1 ? 's' : nil}: #{errors.to_sentence}" end end end diff --git a/ee/spec/lib/audit/user_password_reset_auditor_spec.rb b/ee/spec/lib/audit/user_password_reset_auditor_spec.rb index f851e84b3fbafa..bd1dd72b749faf 100644 --- a/ee/spec/lib/audit/user_password_reset_auditor_spec.rb +++ b/ee/spec/lib/audit/user_password_reset_auditor_spec.rb @@ -9,7 +9,7 @@ describe ".audit_reset_failure" do subject(:audit_reset_failure) { described_class.new(user, user, remote_ip).audit_reset_failure } - context "when there is no errors in password" do + context "when there are no errors in password" do before do allow(user).to receive(:errors).and_return({}) end -- GitLab From 195bbbfe9dfc19f5b02aa1c24d34174827442cfc Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Tue, 22 Aug 2023 09:24:43 +0000 Subject: [PATCH 5/9] Apply 1 suggestion(s) to 1 file(s) --- ee/spec/controllers/passwords_controller_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/controllers/passwords_controller_spec.rb b/ee/spec/controllers/passwords_controller_spec.rb index 52525786fc0179..bfa146e2e54c05 100644 --- a/ee/spec/controllers/passwords_controller_spec.rb +++ b/ee/spec/controllers/passwords_controller_spec.rb @@ -14,7 +14,7 @@ subject(:post_create) { post :create, params: { user: { email: email } } } describe "#update" do - context "when password is not updated" do + context "when there is error in password updation" do subject do put :update, params: { user: { -- GitLab From 5ff00def9b489a1af498ecf44d2c09ea88cc8f74 Mon Sep 17 00:00:00 2001 From: Hitesh Raghuvanshi Date: Tue, 22 Aug 2023 09:28:05 +0000 Subject: [PATCH 6/9] Apply 1 suggestion(s) to 1 file(s) --- ee/spec/controllers/passwords_controller_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/controllers/passwords_controller_spec.rb b/ee/spec/controllers/passwords_controller_spec.rb index bfa146e2e54c05..17406b7f07e2e8 100644 --- a/ee/spec/controllers/passwords_controller_spec.rb +++ b/ee/spec/controllers/passwords_controller_spec.rb @@ -37,7 +37,7 @@ end it "calls `::Audit::UserPasswordResetAuditor` with correct args" do - expect(::Audit::UserPasswordResetAuditor).to receive(:new).with(instance_of(User), instance_of(User), + expect(::Audit::UserPasswordResetAuditor).to receive(:new).with(user, user, instance_of(String)).and_call_original subject -- GitLab From 1344be74e40e6128fdb7815be459efc4f209b2f4 Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Tue, 22 Aug 2023 15:27:56 +0530 Subject: [PATCH 7/9] Recompile docs --- doc/administration/audit_event_streaming/audit_event_types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md index c6253815124711..331e991aeb325f 100644 --- a/doc/administration/audit_event_streaming/audit_event_types.md +++ b/doc/administration/audit_event_streaming/audit_event_types.md @@ -170,7 +170,7 @@ Every audit event is associated with an event type. The association with the eve | [`merged_merge_request_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | Audit event triggered when a merged merge request is deleted | **{dotted-circle}** No | **{check-circle}** Yes | `source_code_management` | GitLab [16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | | [`merged_merge_request_deletion_started`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118793) | Audit event triggered when a merged merge request's deletion is started | **{dotted-circle}** No | **{check-circle}** Yes | `source_code_management` | GitLab [16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/408288) | | [`omniauth_login_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123080) | Event triggered when an OmniAuth login fails | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | -| [`password_reset_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129079) | Event triggered when a user requests a password reset fails | **{dotted-circle}** No | **{check-circle}** Yes | `compliance_management` | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | +| [`password_reset_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129079) | Event triggered when a password reset fails for a user | **{dotted-circle}** No | **{check-circle}** Yes | `user_management` | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/377762) | | [`password_reset_requested`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114548) | Event triggered when a user requests a password reset using a registered email address | **{check-circle}** Yes | **{dotted-circle}** No | `compliance_management` | GitLab [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374107) | | [`personal_access_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952) | Event triggered when a user creates a personal access token | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/374113) | | [`personal_access_token_revoked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952) | Event triggered when a personal access token is revoked | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/issues/374113) | -- GitLab From 0fb9d0440553cf89f27e9b734c2c422a21748103 Mon Sep 17 00:00:00 2001 From: Dylan Griffith Date: Wed, 23 Aug 2023 07:31:58 +0000 Subject: [PATCH 8/9] Apply 2 suggestion(s) to 2 file(s) --- ee/spec/controllers/passwords_controller_spec.rb | 2 +- ee/spec/lib/audit/user_password_reset_auditor_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/spec/controllers/passwords_controller_spec.rb b/ee/spec/controllers/passwords_controller_spec.rb index 17406b7f07e2e8..101af65c0313ab 100644 --- a/ee/spec/controllers/passwords_controller_spec.rb +++ b/ee/spec/controllers/passwords_controller_spec.rb @@ -14,7 +14,7 @@ subject(:post_create) { post :create, params: { user: { email: email } } } describe "#update" do - context "when there is error in password updation" do + context "when there is error updating the password" do subject do put :update, params: { user: { diff --git a/ee/spec/lib/audit/user_password_reset_auditor_spec.rb b/ee/spec/lib/audit/user_password_reset_auditor_spec.rb index bd1dd72b749faf..b63f755b1a0383 100644 --- a/ee/spec/lib/audit/user_password_reset_auditor_spec.rb +++ b/ee/spec/lib/audit/user_password_reset_auditor_spec.rb @@ -6,7 +6,7 @@ let_it_be(:user) { create(:user) } let_it_be(:remote_ip) { "127.0.0.1" } - describe ".audit_reset_failure" do + describe "#audit_reset_failure" do subject(:audit_reset_failure) { described_class.new(user, user, remote_ip).audit_reset_failure } context "when there are no errors in password" do -- GitLab From 02086a49a337aff338324fede5c1d881c662815b Mon Sep 17 00:00:00 2001 From: harsimarsandhu Date: Tue, 5 Sep 2023 23:23:44 +0530 Subject: [PATCH 9/9] Backend maintainer suggestion --- ee/spec/controllers/passwords_controller_spec.rb | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/ee/spec/controllers/passwords_controller_spec.rb b/ee/spec/controllers/passwords_controller_spec.rb index 101af65c0313ab..12a247450ef512 100644 --- a/ee/spec/controllers/passwords_controller_spec.rb +++ b/ee/spec/controllers/passwords_controller_spec.rb @@ -25,17 +25,11 @@ } end - let(:password) { User.random_password } + let(:password) { "short" } # short invalid password let(:password_confirmation) { password } let(:reset_password_token) { user.send_reset_password_instructions } let(:user) { create(:user, password_automatically_set: true, password_expires_at: 10.minutes.ago) } - before do - allow_next_found_instance_of(::User) do |instance| - allow(instance).to receive(:valid?).and_return(false) - end - end - it "calls `::Audit::UserPasswordResetAuditor` with correct args" do expect(::Audit::UserPasswordResetAuditor).to receive(:new).with(user, user, instance_of(String)).and_call_original -- GitLab