Log when there is a potentially risky reassignment

Keeyan Nejadrequested to merge
log-admin-reassigns into master

What does this MR do and why?

Log when a user is remapped to an admin user, or when a user is remapped to user with a different email domain from the user who initiated the import.

This is to help protect ourselves from any potential future attacks, by giving us more information.

Related to: https://gitlab.com/gitlab-org/gitlab/-/issues/474873

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. In rails console enable the user mapping feature

    Feature.enable(:importer_user_mapping)
Feature.enable(:bulk_import_importer_user_mapping)

  2. Import a project, replacing the values in brackets as necessary (the tokens just need api access):

    curl --request POST \
  --url http://127.0.0.1:3000/api/v4/bulk_imports \
  --header 'Content-Type: application/json' \
  --header 'PRIVATE-TOKEN: <LOCALHOST_TOKEN>' \
  --data '{
    "configuration": {
      "url": "https://staging.gitlab.com",
      "access_token": "<STAGING_ACCESS_TOKEN>"
    },
    "entities": [
      {
        "source_full_path": "<FULL_NAME_OF_GROUP_YOU_ARE_AN_ADMIN_OF>",
        "source_type": "group_entity",
        "destination_slug": "delete-placeholder-user-test",
        "destination_namespace": ""
      }
    ]
  }'

  3. Wait until the import is done (An email is sent to confirm it's finished)

  4. Visit http://127.0.0.1:3000/groups/delete-placeholder-user-test/-/group_members?tab=placeholders

  5. Run tail -f log/importer.log

  6. Reassign a placeholder to an admin user with a different email domain from the user you trigger the import from

  7. Visit http://localhost:3000/rails/letter_opener and open the invitation email.

  8. Switch to the account of the user you invited and accept the invitation

  9. Observe the 2 messages "Reassigning contributions to user with admin privileges" and "Reassigning contributions to user with different email host from user who triggered the reassignment" in the logs

Edited by Keeyan Nejad

Merge request reports