Skip to content

Refactor audit events for user authentication, registration controllers

Aaron Huntsman requested to merge 374107-refactor-audit-events-for-auth-reg-controllers into master

What does this MR do and why?

Adds audit event types for controllers related to user registration and authentication. Refactors associated API helpers to use Gitlab::Audit::Auditor to build audit events.

This affects the following services:

  • ee/app/controllers/ee/passwords_controller.rb
  • ee/app/controllers/ee/omniauth_callbacks_controller.rb
  • ee/app/controllers/ee/registrations_controller.rb

Verification steps

Passwords controller

This is an instance-level audit event and must be verified with admin access. This may only be possible in a local environment.

  1. Log out
  2. Click the password reset link
  3. Open the generated reset email and click the link
  4. Choose a new password
  5. Verify an audit event is created: Screenshot_2023-03-31_at_3.40.41_AM

Omniauth failed login

  1. Log out
  2. Attempt to login via google. This should fail by default in a local GDK environment.
  3. Verify the audit event.

Registrations Controller

  1. Log out
  2. Click register to request a new account.
  3. Log in as admin
  4. Verify the audit event.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #374107 (closed)

Edited by Aaron Huntsman

Merge request reports