debian-mirror-gitlab/app/services/audit_event_service.rb

155 lines
4 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2015-09-11 14:41:01 +05:30
class AuditEventService
2022-01-26 12:08:38 +05:30
include AuditEventSaveType
2020-04-08 14:13:33 +05:30
# Instantiates a new service
#
2022-04-04 11:22:00 +05:30
# @param [User, token String] author the entity who authors the change
2020-04-08 14:13:33 +05:30
# @param [User, Project, Group] entity the scope which audit event belongs to
# This param is also used to determine the visibility of the audit event.
# - Project: events are visible at Project and Instance level
# - Group: events are visible at Group and Instance level
# - User: events are visible at Instance level
# @param [Hash] details extra data of audit event
2022-01-26 12:08:38 +05:30
# @param [Symbol] save_type the type to save the event
# Can be selected from the following, :database, :stream, :database_and_stream .
2022-06-21 17:19:12 +05:30
# @params [DateTime] created_at the time the action occured
2020-04-08 14:13:33 +05:30
#
# @return [AuditEventService]
2022-06-21 17:19:12 +05:30
def initialize(author, entity, details = {}, save_type = :database_and_stream, created_at = DateTime.current)
2020-04-22 19:07:51 +05:30
@author = build_author(author)
2020-04-08 14:13:33 +05:30
@entity = entity
@details = details
2021-09-30 23:02:18 +05:30
@ip_address = resolve_ip_address(@author)
2022-01-26 12:08:38 +05:30
@save_type = save_type
2022-06-21 17:19:12 +05:30
@created_at = created_at
2015-09-11 14:41:01 +05:30
end
2020-04-08 14:13:33 +05:30
# Builds the @details attribute for authentication
#
# This uses the @author as the target object being audited
#
# @return [AuditEventService]
2015-09-11 14:41:01 +05:30
def for_authentication
2020-11-24 15:15:51 +05:30
mark_as_authentication_event!
2015-09-11 14:41:01 +05:30
@details = {
with: @details[:with],
target_id: @author.id,
2016-08-24 12:49:21 +05:30
target_type: 'User',
2017-09-10 17:25:29 +05:30
target_details: @author.name
2015-09-11 14:41:01 +05:30
}
self
end
2020-04-08 14:13:33 +05:30
# Writes event to a file and creates an event record in DB
#
2022-04-04 11:22:00 +05:30
# @return [AuditEvent] persisted if saves and non-persisted if fails
2015-09-11 14:41:01 +05:30
def security_event
2018-12-13 13:39:08 +05:30
log_security_event_to_file
2020-11-24 15:15:51 +05:30
log_authentication_event_to_database
2018-12-13 13:39:08 +05:30
log_security_event_to_database
end
2020-04-08 14:13:33 +05:30
# Writes event to a file
2019-12-04 20:38:33 +05:30
def log_security_event_to_file
file_logger.info(base_payload.merge(formatted_details))
end
2018-12-13 13:39:08 +05:30
private
2020-07-28 23:09:34 +05:30
attr_reader :ip_address
2020-04-22 19:07:51 +05:30
def build_author(author)
2020-05-24 23:13:21 +05:30
case author
when User
author.impersonated? ? Gitlab::Audit::ImpersonatedAuthor.new(author) : author
2020-04-22 19:07:51 +05:30
else
Gitlab::Audit::UnauthenticatedAuthor.new(name: author)
end
end
2021-09-30 23:02:18 +05:30
def resolve_ip_address(author)
Gitlab::RequestContext.instance.client_ip ||
2021-01-29 00:20:46 +05:30
author.current_sign_in_ip
end
2018-12-13 13:39:08 +05:30
def base_payload
{
2015-09-11 14:41:01 +05:30
author_id: @author.id,
2020-07-28 23:09:34 +05:30
author_name: @author.name,
2015-09-11 14:41:01 +05:30
entity_id: @entity.id,
2022-06-21 17:19:12 +05:30
entity_type: @entity.class.name,
created_at: @created_at
2018-12-13 13:39:08 +05:30
}
end
2020-11-24 15:15:51 +05:30
def authentication_event_payload
{
# @author can be a User or various Gitlab::Audit authors.
# Only capture real users for successful authentication events.
user: author_if_user,
user_name: @author.name,
ip_address: ip_address,
result: AuthenticationEvent.results[:success],
provider: @details[:with]
}
end
def author_if_user
@author if @author.is_a?(User)
end
2018-12-13 13:39:08 +05:30
def file_logger
@file_logger ||= Gitlab::AuditJsonLogger.build
end
2019-09-30 21:07:59 +05:30
def formatted_details
@details.merge(@details.slice(:from, :to).transform_values(&:to_s))
end
2020-11-24 15:15:51 +05:30
def mark_as_authentication_event!
2021-01-03 14:25:43 +05:30
@authentication_event = true
2020-11-24 15:15:51 +05:30
end
def authentication_event?
2021-01-03 14:25:43 +05:30
@authentication_event
2020-11-24 15:15:51 +05:30
end
2018-12-13 13:39:08 +05:30
def log_security_event_to_database
2020-03-13 15:44:24 +05:30
return if Gitlab::Database.read_only?
2022-08-13 15:12:31 +05:30
event = build_event
2021-01-03 14:25:43 +05:30
save_or_track event
event
2020-11-24 15:15:51 +05:30
end
2022-08-13 15:12:31 +05:30
def build_event
AuditEvent.new(base_payload.merge(details: @details))
end
2021-12-11 22:18:48 +05:30
def stream_event_to_external_destinations(_event)
# Defined in EE
end
2020-11-24 15:15:51 +05:30
def log_authentication_event_to_database
return unless Gitlab::Database.read_write? && authentication_event?
2021-01-03 14:25:43 +05:30
event = AuthenticationEvent.new(authentication_event_payload)
save_or_track event
event
end
def save_or_track(event)
2022-01-26 12:08:38 +05:30
event.save! if should_save_database?(@save_type)
stream_event_to_external_destinations(event) if should_save_stream?(@save_type)
2021-06-08 01:23:25 +05:30
rescue StandardError => e
2022-03-02 08:16:31 +05:30
Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, audit_event_type: event.class.to_s)
2015-09-11 14:41:01 +05:30
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
AuditEventService.prepend_mod_with('AuditEventService')