Skip to content
Snippets Groups Projects

Add user_access_unlocked audit event

Merged Eugie Limpin requested to merge el-add-unlock-access-audit-event into master
All threads resolved!

What does this MR do and why?

Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244?work_item_iid=416 as part of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244.

Add user_access_unlocked audit event.

A user_access_unlocked audit event is logged when the user's access to the instance is unlocked. The author for the logged audit event is set to the user that unlocked the user's access.

The following table shows the events that trigger logging of the new type of audit event as well as the author used for the audit event.

event trigger author
Unlocked by an admin via the users admin page current user (admin)
Unlocked by the user by entering a code sent to their email the locked user
Unlocked after the lock expires the locked user
Calls to User#unlock_access the locked user

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Alex Buijs
  • Alex Buijs removed review request for @alexbuijs

    removed review request for @alexbuijs

  • Eugie Limpin added 1 commit

    added 1 commit

    • 481e2fd1 - Add comment to indicate method is overridden in EE

    Compare with previous version

  • Eugie Limpin requested review from @alexbuijs

    requested review from @alexbuijs

  • Eugie Limpin added 573 commits

    added 573 commits

    • 481e2fd1...57fc34ce - 568 commits from branch master
    • d2e8de25 - Add user_access_unlocked audit event
    • 968a7f99 - Update audit event type definition file with the correct MR URL
    • 64da9d8b - Log an audit event when user unlocks their own user access
    • 6ca48a88 - Update check to see if a user's access is locked
    • c85292c7 - Add comment to indicate method is overridden in EE

    Compare with previous version

  • Eugie Limpin added 1 commit

    added 1 commit

    • 9af8bfa3 - Document user_access_unlocked audit event

    Compare with previous version

  • Author Maintainer

    @phillipwells Could you review the documentation part, please? :pray_tone2:

  • Eugie Limpin requested review from @phillipwells

    requested review from @phillipwells

  • A deleted user added documentation label

    added documentation label

  • Alex Buijs approved this merge request

    approved this merge request

  • Alex Buijs requested review from @dbalexandre and @mksionek

    requested review from @dbalexandre and @mksionek

  • :wave: @alexbuijs, thanks for approving this merge request.

    This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.

    For more info, please refer to the following links:

  • Alex Buijs removed review request for @alexbuijs

    removed review request for @alexbuijs

  • removed review request for @dbalexandre

  • Eugie Limpin added 2 commits

    added 2 commits

    • 09038da0 - Set user as the default user_access_unlocked audit event author
    • 080e8811 - Remove unnecessary initialization

    Compare with previous version

  • Eugie Limpin added 1 commit

    added 1 commit

    • d7d4a7b1 - Add specs for unlock controller action

    Compare with previous version

  • Gosia Ksionek approved this merge request

    approved this merge request

  • LGTM :thumbsup:

  • Gosia Ksionek removed review request for @mksionek

    removed review request for @mksionek

  • Alex Buijs
  • Phillip Wells approved this merge request

    approved this merge request

  • Phillip Wells removed review request for @phillipwells

    removed review request for @phillipwells

  • Eugie Limpin requested review from @dbalexandre

    requested review from @dbalexandre

  • Eugie Limpin added 1 commit

    added 1 commit

    • d0a4f6de - Remove use of virtual attribute unlock_access_audit_event_author_id

    Compare with previous version

  • Eugie Limpin changed the description

    changed the description

  • resolved all threads

  • Douglas Barbosa Alexandre approved this merge request

    approved this merge request

  • Douglas Barbosa Alexandre enabled an automatic merge when the pipeline for cc9e802e succeeds

    enabled an automatic merge when the pipeline for cc9e802e succeeds

  • mentioned in commit cf64921a

  • added workflowstaging label and removed workflowcanary label

  • Adil Farrukh mentioned in issue #502374

    mentioned in issue #502374

  • Please register or sign in to reply
    Loading