Add user_access_locked audit event
What does this MR do and why?
Resolves Add audit event when user access is locked after exceeding failed sign-in attempts limit as part of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244+
This MR adds user_access_locked
audit event type triggered when a user's access to the instance is locked. This can happen, for example, when the user exceeds the allowed number of failed login attempts.
Aside from the main purpose of audit event records, this audit event will also be used to show a history of a user's auth states in the admin user page.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
-
With a new user or an existing one, login with an incorrect password 4 times.
-
Validate that no audit event is created
Replace
test615
with the username of your GDK user$ rails console > AuditEvent.by_entity_username('test615') => [] >
-
Login one more time with an incorrect password
-
Validate that an audit event with correct attributes is created.
Replace
test615
with the username of your GDK userattribute expected value entity_path
"test615" author_name
"GitLab Admin Bot" details.custom_message
"User access locked - excessive failed login attempts" $ rails console > AuditEvent.by_entity_username('test615') => [#<AuditEvent:0x000000012a727e98 id: 615, author_id: 173, entity_id: 172, entity_type: "User", details: {:author_name=>"GitLab Admin Bot", :author_class=>"User", :target_id=>172, :target_type=>"User", :target_details=>"t t", :custom_message=>"User access locked - excessive failed login attempts", :ip_address=>"127.0.0.1", :entity_path=>"test615"}, ip_address: #<IPAddr: IPv4:127.0.0.1/255.255.255.255>, author_name: "GitLab Admin Bot", entity_path: "test615", target_details: "t t", created_at: Wed, 21 Jun 2023 02:03:16.878321000 UTC +00:00, target_type: "User", target_id: 172>] >
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.