debian-mirror-gitlab/app/services/audit_event_service.rb

# frozen_string_literal: true

class AuditEventService
  # Instantiates a new service
  #
  # @param [User] author the user who authors the change
  # @param [User, Project, Group] entity the scope which audit event belongs to
  #   This param is also used to determine the visibility of the audit event.
  #   - Project: events are visible at Project and Instance level
  #   - Group: events are visible at Group and Instance level
  #   - User: events are visible at Instance level
  # @param [Hash] details extra data of audit event
  #
  # @return [AuditEventService]
  def initialize(author, entity, details = {})
    @author = build_author(author)
    @entity = entity
    @details = details
    @ip_address = resolve_ip_address(@details, @author)
  end

  # Builds the @details attribute for authentication
  #
  # This uses the @author as the target object being audited
  #
  # @return [AuditEventService]
  def for_authentication
    mark_as_authentication_event!

    @details = {
      with: @details[:with],
      target_id: @author.id,
      target_type: 'User',
      target_details: @author.name
    }

    self
  end

  # Writes event to a file and creates an event record in DB
  #
  # @return [AuditEvent] persited if saves and non-persisted if fails
  def security_event
    log_security_event_to_file
    log_authentication_event_to_database
    log_security_event_to_database
  end

  # Writes event to a file
  def log_security_event_to_file
    file_logger.info(base_payload.merge(formatted_details))
  end

  private

  attr_reader :ip_address

  def build_author(author)
    case author
    when User
      author.impersonated? ? Gitlab::Audit::ImpersonatedAuthor.new(author) : author
    else
      Gitlab::Audit::UnauthenticatedAuthor.new(name: author)
    end
  end

  def resolve_ip_address(details, author)
    details[:ip_address].presence ||
      Gitlab::RequestContext.instance.client_ip ||
      author.current_sign_in_ip
  end

  def base_payload
    {
      author_id: @author.id,
      author_name: @author.name,
      entity_id: @entity.id,
      entity_type: @entity.class.name
    }
  end

  def authentication_event_payload
    {
      # @author can be a User or various Gitlab::Audit authors.
      # Only capture real users for successful authentication events.
      user: author_if_user,
      user_name: @author.name,
      ip_address: ip_address,
      result: AuthenticationEvent.results[:success],
      provider: @details[:with]
    }
  end

  def author_if_user
    @author if @author.is_a?(User)
  end

  def file_logger
    @file_logger ||= Gitlab::AuditJsonLogger.build
  end

  def formatted_details
    @details.merge(@details.slice(:from, :to).transform_values(&:to_s))
  end

  def mark_as_authentication_event!
    @authentication_event = true
  end

  def authentication_event?
    @authentication_event
  end

  def log_security_event_to_database
    return if Gitlab::Database.read_only?

    event = AuditEvent.new(base_payload.merge(details: @details))
    save_or_track event

    event
  end

  def log_authentication_event_to_database
    return unless Gitlab::Database.read_write? && authentication_event?

    event = AuthenticationEvent.new(authentication_event_payload)
    save_or_track event

    event
  end

  def save_or_track(event)
    event.save!
  rescue => e
    Gitlab::ErrorTracking.track_exception(e, audit_event_type: event.class.to_s)
  end
end

AuditEventService.prepend_if_ee('EE::AuditEventService')
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`class AuditEventService`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`# Instantiates a new service`
			`#`
			`# @param [User] author the user who authors the change`
			`# @param [User, Project, Group] entity the scope which audit event belongs to`
			`# This param is also used to determine the visibility of the audit event.`
			`# - Project: events are visible at Project and Instance level`
			`# - Group: events are visible at Group and Instance level`
			`# - User: events are visible at Instance level`
			`# @param [Hash] details extra data of audit event`
			`#`
			`# @return [AuditEventService]`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def initialize(author, entity, details = {})`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`@author = build_author(author)`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`@entity = entity`
			`@details = details`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`@ip_address = resolve_ip_address(@details, @author)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`# Builds the @details attribute for authentication`
			`#`
			`# This uses the @author as the target object being audited`
			`#`
			`# @return [AuditEventService]`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def for_authentication`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`mark_as_authentication_event!`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`@details = {`
			`with: @details[:with],`
			`target_id: @author.id,`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`target_type: 'User',`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`target_details: @author.name`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`}`

			`self`
			`end`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`# Writes event to a file and creates an event record in DB`
			`#`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`# @return [AuditEvent] persited if saves and non-persisted if fails`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`def security_event`
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`log_security_event_to_file`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`log_authentication_event_to_database`
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`log_security_event_to_database`
			`end`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`# Writes event to a file`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`def log_security_event_to_file`
			`file_logger.info(base_payload.merge(formatted_details))`
			`end`

New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`private`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`attr_reader :ip_address`

New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`def build_author(author)`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`case author`
			`when User`
			`author.impersonated? ? Gitlab::Audit::ImpersonatedAuthor.new(author) : author`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`else`
			`Gitlab::Audit::UnauthenticatedAuthor.new(name: author)`
			`end`
			`end`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def resolve_ip_address(details, author)`
			`details[:ip_address].presence \|\|`
			`Gitlab::RequestContext.instance.client_ip \|\|`
			`author.current_sign_in_ip`
			`end`

New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`def base_payload`
			`{`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`author_id: @author.id,`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`author_name: @author.name,`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`entity_id: @entity.id,`
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`entity_type: @entity.class.name`
			`}`
			`end`

New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`def authentication_event_payload`
			`{`
			`# @author can be a User or various Gitlab::Audit authors.`
			`# Only capture real users for successful authentication events.`
			`user: author_if_user,`
			`user_name: @author.name,`
			`ip_address: ip_address,`
			`result: AuthenticationEvent.results[:success],`
			`provider: @details[:with]`
			`}`
			`end`

			`def author_if_user`
			`@author if @author.is_a?(User)`
			`end`

New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`def file_logger`
			`@file_logger \|\|= Gitlab::AuditJsonLogger.build`
			`end`

New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`def formatted_details`
			`@details.merge(@details.slice(:from, :to).transform_values(&:to_s))`
			`end`

New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`def mark_as_authentication_event!`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`@authentication_event = true`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`end`

			`def authentication_event?`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`@authentication_event`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`end`

New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`def log_security_event_to_database`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`return if Gitlab::Database.read_only?`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`event = AuditEvent.new(base_payload.merge(details: @details))`
			`save_or_track event`

			`event`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`end`

			`def log_authentication_event_to_database`
			`return unless Gitlab::Database.read_write? && authentication_event?`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`event = AuthenticationEvent.new(authentication_event_payload)`
			`save_or_track event`

			`event`
			`end`

			`def save_or_track(event)`
			`event.save!`
			`rescue => e`
			`Gitlab::ErrorTracking.track_exception(e, audit_event_type: event.class.to_s)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`
			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
			`AuditEventService.prepend_if_ee('EE::AuditEventService')`