Skip to content

Add user_access_locked audit event

Eugie Limpin requested to merge el-failed-sign-in-audit-event into master

What does this MR do and why?

Resolves Add audit event when user access is locked after exceeding failed sign-in attempts limit as part of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244+

This MR adds user_access_locked audit event type triggered when a user's access to the instance is locked. This can happen, for example, when the user exceeds the allowed number of failed login attempts.

Aside from the main purpose of audit event records, this audit event will also be used to show a history of a user's auth states in the admin user page.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

  1. With a new user or an existing one, login with an incorrect password 4 times.

  2. Validate that no audit event is created

    Replace test615 with the username of your GDK user

    $ rails console
> AuditEvent.by_entity_username('test615')
=> []
>

  3. Login one more time with an incorrect password

  4. Validate that an audit event with correct attributes is created.

    Replace test615 with the username of your GDK user

    attribute expected value
    entity_path "test615"
    author_name "GitLab Admin Bot"
    details.custom_message "User access locked - excessive failed login attempts" 
    $ rails console
> AuditEvent.by_entity_username('test615')
=> [#<AuditEvent:0x000000012a727e98
  id: 615,
  author_id: 173,
  entity_id: 172,
  entity_type: "User",
  details:
   {:author_name=>"GitLab Admin Bot",
    :author_class=>"User",
    :target_id=>172,
    :target_type=>"User",
    :target_details=>"t t",
    :custom_message=>"User access locked - excessive failed login attempts",
    :ip_address=>"127.0.0.1",
    :entity_path=>"test615"},
  ip_address: #<IPAddr: IPv4:127.0.0.1/255.255.255.255>,
  author_name: "GitLab Admin Bot",
  entity_path: "test615",
  target_details: "t t",
  created_at: Wed, 21 Jun 2023 02:03:16.878321000 UTC +00:00,
  target_type: "User",
  target_id: 172>]
>

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports