Refactor audit events for user authentication, registration controllers
What does this MR do and why?
Adds audit event types for controllers related to user registration and authentication. Refactors associated API helpers to use Gitlab::Audit::Auditor
to build audit events.
This affects the following services:
- ee/app/controllers/ee/passwords_controller.rb
- ee/app/controllers/ee/omniauth_callbacks_controller.rb
- ee/app/controllers/ee/registrations_controller.rb
Verification steps
Passwords controller
This is an instance-level audit event and must be verified with admin access. This may only be possible in a local environment.
- Log out
- Click the password reset link
- Open the generated reset email and click the link
- Choose a new password
- Verify an audit event is created:
Omniauth failed login
- Log out
- Attempt to login via google. This should fail by default in a local GDK environment.
- Verify the audit event.
Registrations Controller
- Log out
- Click register to request a new account.
- Log in as admin
- Verify the audit event.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #374107 (closed)
Edited by Aaron Huntsman