kuzzleio · scottinet · Mar 6, 2020 · Jan 24, 2020 · Jan 24, 2020 · Jan 28, 2020
diff --git a/lib/api/controllers/security.js b/lib/api/controllers/security.js
@@ -304,6 +304,7 @@ class SecurityController extends NativeController {
       description,
       { creatorId, refresh, apiKeyId });
 
+    this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${userId}."`);
     return apiKey.serialize({ includeToken: true });
   }
 
@@ -534,7 +535,10 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(role => formatProcessing.serializeRole(role));
+      .then(role => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on role "${role._id}."`);
+        return formatProcessing.serializeRole(role);
+      });
   }
 
   /**
@@ -556,7 +560,10 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(role => formatProcessing.serializeRole(role));
+      .then(role => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on role "${role._id}."`);
+        return formatProcessing.serializeRole(role);
+      });
   }
 
   /**
@@ -571,7 +578,11 @@ class SecurityController extends NativeController {
     const options = { refresh: getRefresh(request) };
 
     return this.kuzzle.repositories.role.load(request.input.resource._id)
-      .then(role => this.kuzzle.repositories.role.delete(role, options));
+      .then(role =>
+      {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action} on role "${role._id}."`);
+        return this.kuzzle.repositories.role.delete(role, options);
+      });
   }
 
   /**
@@ -640,7 +651,9 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(profile => formatProcessing.serializeProfile(profile)
+      .then(profile => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on profile "${profile._id}."`);
+        return formatProcessing.serializeProfile(profile);}
       );
   }
 
@@ -665,8 +678,10 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(profile => formatProcessing.serializeProfile(profile)
-      );
+      .then(profile => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on profile "${profile._id}."`);
+        return formatProcessing.serializeProfile(profile);
+      });
   }
 
   /**
@@ -681,7 +696,10 @@ class SecurityController extends NativeController {
     const options = { refresh: getRefresh(request) };
 
     return this.kuzzle.repositories.profile.load(request.input.resource._id)
-      .then(profile => this.kuzzle.repositories.profile.delete(profile, options));
+      .then(profile => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on profile "${profile._id}."`);
+        return this.kuzzle.repositories.profile.delete(profile, options);
+      });
   }
 
   /**
@@ -829,6 +847,7 @@ class SecurityController extends NativeController {
 
     await this.kuzzle.repositories.user.delete(user, options);
 
+    this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${userId}."`);
     return {
       _id: userId
     };
@@ -855,6 +874,7 @@ class SecurityController extends NativeController {
     const pojoUser = request.input.body.content;
     pojoUser._id = request.input.resource._id || uuid();
 
+    this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${pojoUser._id}."`);
     return persistUser(this.kuzzle, request, pojoUser);
   }
 
@@ -880,6 +900,7 @@ class SecurityController extends NativeController {
 
     pojoUser.profileIds = this.kuzzle.config.security.restrictedProfileIds;
 
+    this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${pojoUser._id}."`);
     return persistUser(this.kuzzle, request, pojoUser);
   }
 
@@ -912,7 +933,10 @@ class SecurityController extends NativeController {
           Object.assign(currentUserPojo, pojo));
       })
       .then(user => this.kuzzle.repositories.user.persist(user, options))
-      .then(updatedUser => formatProcessing.serializeUser(updatedUser));
+      .then(updatedUser => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${updatedUser._id}."`);
+        return formatProcessing.serializeUser(updatedUser);
+      });
   }
 
   /**
@@ -961,6 +985,7 @@ class SecurityController extends NativeController {
         updatedUser,
         options);
 
+    this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${createdUser._id}."`);
     return formatProcessing.serializeUser(createdUser);
   }
 
@@ -985,7 +1010,10 @@ class SecurityController extends NativeController {
       .then(profile => this.kuzzle.repositories.profile.validateAndSaveProfile(
         _.extend(profile, request.input.body),
         options))
-      .then(updatedProfile => formatProcessing.serializeProfile(updatedProfile));
+      .then(updatedProfile => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on profile "${updatedProfile._id}."`);
+        return formatProcessing.serializeProfile(updatedProfile);
+      });
   }
 
   /**
@@ -1009,7 +1037,10 @@ class SecurityController extends NativeController {
       .then(role => this.kuzzle.repositories.role.validateAndSaveRole(
         _.extend(role, request.input.body),
         options))
-      .then(updatedRole => formatProcessing.serializeRole(updatedRole));
+      .then(updatedRole => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on role "${updatedRole._id}."`);
+        return formatProcessing.serializeRole(updatedRole);
+      });
   }
 
   /**
@@ -1049,6 +1080,7 @@ class SecurityController extends NativeController {
             .then(() => response);
         }
 
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}".`);
         return response;
       });
   }
@@ -1153,6 +1185,7 @@ class SecurityController extends NativeController {
           strategy,
           'create');
 
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${id}."`);
         return createMethod(request, request.input.body, id, strategy);
       });
   }
@@ -1188,6 +1221,7 @@ class SecurityController extends NativeController {
           strategy,
           'update');
 
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${id}."`);
         return updateMethod(request, request.input.body, id, strategy);
       });
   }
@@ -1247,7 +1281,10 @@ class SecurityController extends NativeController {
       'delete');
 
     return deleteMethod(request, request.input.resource._id, request.input.args.strategy)
-      .then(() => ({acknowledged: true}));
+      .then(() => {
+        this.kuzzle.log.info(`[SECURITY] User "${request.context.user}" applied action "${request.input.action}" on user "${request.input.resource._id}."`);
+        return {acknowledged: true};
+      });
   }
 
   /**
@@ -1442,6 +1479,12 @@ function mDelete (kuzzle, type, request) {
           errorsManager.get('services', 'storage', 'incomplete_delete', errors));
       }
 
+      if (ids.length > 1000) {
+        kuzzle.log.info(`[SECURITY] User "${request.context.user}" deleted the following ${type}s ${ids.slice(0, 1000).join(', ')}... (${ids.length - 1000} more users deleted)."`);
+      }
+      else {
+        kuzzle.log.info(`[SECURITY] User "${request.context.user}" deleted the following ${type}s ${ids.join(', ')}."`);
+      }
       return ids;
     });
 }

diff --git a/lib/api/funnel.js b/lib/api/funnel.js
@@ -676,7 +676,8 @@ class Funnel {
     if (asError) {
       callback(error, request);
       this.handleErrorDump(error);
-    } else {
+    }
+    else {
       callback(null, request);
     }
 
@@ -701,20 +702,22 @@ class Funnel {
         if (this[cachedItem.executor](cachedItem.request, cachedItem.callback) === -1) {
           // no slot found again. We stop here and try next time
           break;
-        } else {
+        }
+        else {
           this.requestsCacheQueue.shift();
         }
       }
     }
 
     if (this.requestsCacheQueue.length > 0) {
       setTimeout(() => this._playCachedRequests(), 0);
-    } else {
+    }
+    else {
       const now = Date.now();
       // No request remaining in cache => stop the background task and return to normal behavior
       this.overloaded = false;
 
-      if (this.overloadWarned
+      if ( this.overloadWarned
         && (this.lastOverloadTime === 0 || this.lastOverloadTime < now - 500)
       ) {
         this.overloadWarned = false;

diff --git a/test/api/controllers/security/profiles.test.js b/test/api/controllers/security/profiles.test.js
@@ -490,6 +490,7 @@ describe('Test: security controller - profiles', () => {
 
   describe('#deleteProfile', () => {
     it('should return an object with on deleteProfile call', () => {
+      kuzzle.repositories.profile.load.resolves({ _id: 'test' });
       kuzzle.repositories.profile.delete.resolves({_id: 'test'});
 
       return securityController.deleteProfile(new Request({_id: 'test'}))
@@ -501,6 +502,7 @@ describe('Test: security controller - profiles', () => {
 
     it('should reject with an error in case of error', () => {
       const error = new Error('Mocked error');
+      kuzzle.repositories.profile.load.resolves({ _id: 'test' });
       kuzzle.repositories.profile.delete.rejects(error);
 
       return should(securityController.deleteProfile(new Request({_id: 'test'}))).be.rejectedWith(error);

diff --git a/test/api/controllers/security/roles.test.js b/test/api/controllers/security/roles.test.js
@@ -251,7 +251,7 @@ describe('Test: security controller - roles', () => {
 
   describe('#deleteRole', () => {
     it('should return response with on deleteRole call', done => {
-      const role = {my: 'role'};
+      const role = {_id: 'role'};
 
       kuzzle.repositories.role.load.resolves(role);
       kuzzle.repositories.role.delete.resolves();
@@ -270,8 +270,9 @@ describe('Test: security controller - roles', () => {
     });
 
     it('should forward refresh option', () => {
-      const role = {my: 'role'};
+      const role = {_id: 'role'};
 
+      kuzzle.repositories.role.load.resolves(role);
       kuzzle.repositories.role.getRoleFromRequest.resolves(role);
       kuzzle.repositories.role.delete.resolves();