diff options
author | Ash McKenzie <amckenzie@gitlab.com> | 2019-07-23 13:02:58 +0000 |
---|---|---|
committer | Ash McKenzie <amckenzie@gitlab.com> | 2019-07-23 13:02:58 +0000 |
commit | a9c7bda8f6f63c774bf723aeaefa47e98ccdfb2a (patch) | |
tree | a932dbffdfc0bd9044181b2a1e267c267d60ec36 | |
parent | 825e5c2c1b1cd98f3daf99f22fea910f075f48f9 (diff) | |
parent | 3c9d75e045c94e25a53e78257b47c938f9c538a2 (diff) | |
download | gitlab-ce-a9c7bda8f6f63c774bf723aeaefa47e98ccdfb2a.tar.gz |
Merge branch 'ce-port-315-log-impersonation-actions-in-audit-log' into 'master'
CE Port: Log impersonation actions in audit log
See merge request gitlab-org/gitlab-ce!31039
-rw-r--r-- | app/controllers/admin/users_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 12 | ||||
-rw-r--r-- | doc/administration/audit_events.md | 1 | ||||
-rw-r--r-- | spec/controllers/admin/users_controller_spec.rb | 6 |
4 files changed, 21 insertions, 4 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index a02d0843615..98883af6286 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -39,7 +39,7 @@ class Admin::UsersController < Admin::ApplicationController warden.set_user(user, scope: :user) - Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username }) + log_impersonation_event flash[:alert] = _("You are now impersonating %{username}") % { username: user.username } @@ -236,4 +236,8 @@ class Admin::UsersController < Admin::ApplicationController def check_impersonation_availability access_denied! unless Gitlab.config.gitlab.impersonation_enabled end + + def log_impersonation_event + Gitlab::AppLogger.info(_("User %{current_user_username} has started impersonating %{username}") % { current_user_username: current_user.username, username: user.username }) + end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 75108bf2646..0c80a276fce 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base end def stop_impersonation - impersonated_user = current_user - - Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}") + log_impersonation_event warden.set_user(impersonator, scope: :user) session[:impersonator_id] = nil @@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base impersonated_user end + def impersonated_user + current_user + end + + def log_impersonation_event + Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}") + end + def impersonator @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id] end diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index a80ff330e03..aaa43f67760 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -94,6 +94,7 @@ recorded: - Changed password - Ask for password reset - Grant OAuth access +- Started/stopped user impersonation It is possible to filter particular actions by choosing an audit data type from the filter drop-down. You can further filter by specific group, project or user diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index 89a0eba66f7..d7428f8b52c 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -279,6 +279,12 @@ describe Admin::UsersController do expect(warden.user).to eq(user) end + it 'logs the beginning of the impersonation event' do + expect(Gitlab::AppLogger).to receive(:info).with("User #{admin.username} has started impersonating #{user.username}").and_call_original + + post :impersonate, params: { id: user.username } + end + it "redirects to root" do post :impersonate, params: { id: user.username } |