Complete Activity Log System

apps/activity_logger/test/support/activity_logger_test_helper.ex

@@ -0,0 +1,91 @@
+defmodule ActivityLogger.ActivityLoggerTestHelper do
+  @moduledoc """
+  Contains helper methods to make testing activity logging easier
+  """
+  use ExUnit.CaseTemplate
+  import Ecto.Query
+  alias ActivityLogger.{ActivityLog, System, Repo}
+  alias EWalletConfig.{Setting, StoredSetting}
+
+  def assert_activity_log(
+        log,
+        action: action,
+        originator: originator,
+        target: %Setting{} = target,
+        changes: changes,
+        encrypted_changes: encrypted_changes
+      ) do
+    assert_activity_log(
+      log,
+      action: action,
+      originator: originator,
+      target: %StoredSetting{uuid: target.uuid},
+      changes: changes,
+      encrypted_changes: encrypted_changes
+    )
+  end
+
+  def assert_activity_log(
+        log,
+        action: action,
+        originator: :system,
+        target: target,
+        changes: changes,
+        encrypted_changes: encrypted_changes
+      ) do
+    assert_activity_log(
+      log,
+      action: action,
+      originator: %System{},
+      target: target,
+      changes: changes,
+      encrypted_changes: encrypted_changes
+    )
+  end
+
+  def assert_activity_log(
+        log,
+        action: action,
+        originator: originator,
+        target: target,
+        changes: changes,
+        encrypted_changes: encrypted_changes
+      ) do
+    assert log.action == action
+    assert log.inserted_at != nil
+    assert log.originator_type == ActivityLog.get_type(originator.__struct__)
+    assert log.originator_uuid == originator.uuid
+    assert log.target_type == ActivityLog.get_type(target.__struct__)
+    assert log.target_uuid == target.uuid
+    assert log.target_changes == changes
+    assert log.target_encrypted_changes == encrypted_changes
+  end
+
+  def assert_simple_activity_log(
+        log,
+        action: action,
+        originator_type: o_type,
+        target_type: t_type
+      ) do
+    assert log.action == action
+    assert log.inserted_at != nil
+    assert log.originator_type == o_type
+    assert log.target_type == t_type
+  end
+
+  def get_all_activity_logs(schema) do
+    type = ActivityLog.get_type(schema.__struct__)
+
+    ActivityLog
+    |> order_by(asc: :inserted_at)
+    |> where(target_type: ^type)
+    |> Repo.all()
+  end
+
+  def get_all_activity_logs_since(since) do
+    ActivityLog
+    |> order_by(asc: :inserted_at)
+    |> where([a], a.inserted_at > ^since)
+    |> Repo.all()
+  end
+end

apps/admin_api/lib/admin_api/v1/controllers/admin_auth_controller.ex

@@ -16,7 +16,8 @@ defmodule AdminAPI.V1.AdminAuthController do
          conn <- AdminUserAuthenticator.authenticate(conn, attrs["email"], attrs["password"]),
          true <- conn.assigns.authenticated || {:error, :invalid_login_credentials},
          true <- User.get_status(conn.assigns.admin_user) == :active || {:error, :invite_pending},
-         {:ok, auth_token} = AuthToken.generate(conn.assigns.admin_user, :admin_api),
+         originator <- Originator.extract(conn.assigns),
+         {:ok, auth_token} = AuthToken.generate(conn.assigns.admin_user, :admin_api, originator),
          {:ok, auth_token} <- Orchestrator.one(auth_token, AuthTokenOverlay, attrs) do
       render_token(conn, auth_token)
     else

apps/admin_api/lib/admin_api/v1/controllers/role_controller.ex

@@ -66,6 +66,7 @@ defmodule AdminAPI.V1.RoleController do
   def update(conn, %{"id" => id} = attrs) do
     with :ok <- permit(:update, conn.assigns, id),
          %Role{} = original <- Role.get(id) || {:error, :role_id_not_found},
+         attrs <- Originator.set_in_attrs(attrs, conn.assigns),
          {:ok, updated} <- Role.update(original, attrs),
          {:ok, updated} <- Orchestrator.one(updated, RoleOverlay, attrs) do
       render(conn, :role, %{role: updated})

apps/admin_api/lib/admin_api/v1/controllers/user_auth_controller.ex

@@ -11,7 +11,8 @@ defmodule AdminAPI.V1.UserAuthController do
   def login(conn, attrs) do
     with {:ok, %User{} = user} <- UserFetcher.fetch(attrs),
          true <- User.enabled?(user) || {:error, :user_disabled},
-         {:ok, token} = AuthToken.generate(user, :ewallet_api),
+         originator <- Originator.extract(conn.assigns),
+         {:ok, token} = AuthToken.generate(user, :ewallet_api, originator),
          {:ok, token} = Orchestrator.one(token, AuthTokenOverlay, attrs) do
       render(conn, :auth_token, %{auth_token: token})
     else

apps/admin_api/test/admin_api/v1/controllers/admin_auth/account_controller_test.exs

@@ -256,6 +256,7 @@ defmodule AdminAPI.V1.AdminAuth.AccountControllerTest do
     test "generates an activity log" do
       user = get_test_admin()
       parent = User.get_account(user)
+      timestamp = DateTime.utc_now()
 
       request_data = %{
         parent_id: parent.id,
@@ -269,24 +270,41 @@ defmodule AdminAPI.V1.AdminAuth.AccountControllerTest do
       assert response["success"] == true
 
       account = Account.get(response["data"]["id"])
-      log = get_last_activity_log(account)
-
-      assert log.action == "insert"
-      assert log.inserted_at != nil
-      assert log.originator_type == "user"
-      assert log.originator_uuid == user.uuid
-      assert log.target_type == "account"
-      assert log.target_uuid == account.uuid
-
-      assert log.target_changes == %{
-               "metadata" => %{"something" => "interesting"},
-               "name" => "A test account",
-               "parent_uuid" => parent.uuid
-             }
-
-      assert log.target_encrypted_changes == %{
-               "encrypted_metadata" => %{"something" => "secret"}
-             }
+
+      logs = get_all_activity_logs_since(timestamp)
+      assert Enum.count(logs) == 3
+
+      logs
+      |> Enum.at(0)
+      |> assert_simple_activity_log(
+        action: "insert",
+        originator_type: "account",
+        target_type: "wallet"
+      )
+
+      logs
+      |> Enum.at(1)
+      |> assert_simple_activity_log(
+        action: "insert",
+        originator_type: "account",
+        target_type: "wallet"
+      )
+
+      logs
+      |> Enum.at(2)
+      |> assert_activity_log(
+        action: "insert",
+        originator: user,
+        target: account,
+        changes: %{
+          "metadata" => %{"something" => "interesting"},
+          "name" => "A test account",
+          "parent_uuid" => parent.uuid
+        },
+        encrypted_changes: %{
+          "encrypted_metadata" => %{"something" => "secret"}
+        }
+      )
     end
 
     test "creates a new account with no parent_id" do
@@ -343,6 +361,7 @@ defmodule AdminAPI.V1.AdminAuth.AccountControllerTest do
     test "generates an activity log" do
       user = get_test_admin()
       account = User.get_account(user)
+      timestamp = DateTime.utc_now()
 
       request_data =
         params_for(:account, %{
@@ -357,24 +376,24 @@ defmodule AdminAPI.V1.AdminAuth.AccountControllerTest do
       assert response["success"] == true
 
       account = Account.get(response["data"]["id"])
-      log = get_last_activity_log(account)
-
-      assert log.action == "update"
-      assert log.inserted_at != nil
-      assert log.originator_type == "user"
-      assert log.originator_uuid == user.uuid
-      assert log.target_type == "account"
-      assert log.target_uuid == account.uuid
-
-      assert log.target_changes == %{
-               "name" => "updated_name",
-               "parent_uuid" => account.parent_uuid,
-               "description" => "updated_description"
-             }
-
-      assert log.target_encrypted_changes == %{
-               "encrypted_metadata" => %{"something" => "secret"}
-             }
+      logs = get_all_activity_logs_since(timestamp)
+      assert Enum.count(logs) == 1
+
+      logs
+      |> Enum.at(0)
+      |> assert_activity_log(
+        action: "update",
+        originator: user,
+        target: account,
+        changes: %{
+          "name" => "updated_name",
+          "parent_uuid" => account.parent_uuid,
+          "description" => "updated_description"
+        },
+        encrypted_changes: %{
+          "encrypted_metadata" => %{"something" => "secret"}
+        }
+      )
     end
 
     test "updates the account's categories" do
@@ -571,5 +590,41 @@ defmodule AdminAPI.V1.AdminAuth.AccountControllerTest do
       assert response["data"]["description"] ==
                "You are not allowed to perform the requested operation."
     end
+
+    test "generates an activity log" do
+      user = get_test_admin()
+      account = insert(:account)
+      timestamp = DateTime.utc_now()
+
+      response =
+        admin_user_request("/account.upload_avatar", %{
+          "id" => account.id,
+          "avatar" => %Plug.Upload{
+            path: "test/support/assets/test.jpg",
+            filename: "test.jpg"
+          }
+        })
+
+      assert response["success"] == true
+
+      account = Account.get(account.id)
+      logs = get_all_activity_logs_since(timestamp)
+      assert Enum.count(logs) == 1
+
+      logs
+      |> Enum.at(0)
+      |> assert_activity_log(
+        action: "update",
+        originator: user,
+        target: account,
+        changes: %{
+          "avatar" => %{
+            "file_name" => "test.jpg",
+            "updated_at" => Ecto.DateTime.to_iso8601(account.avatar.updated_at)
+          }
+        },
+        encrypted_changes: %{}
+      )
+    end
   end
 end

apps/admin_api/test/admin_api/v1/controllers/admin_auth/account_membership_controller_test.exs

@@ -2,7 +2,7 @@ defmodule AdminAPI.V1.AdminAuth.AccountMembershipControllerTest do
   use AdminAPI.ConnCase, async: true
   alias Ecto.UUID
   alias EWallet.Web.Date
-  alias EWalletDB.{Account, User}
+  alias EWalletDB.{Account, User, Membership}
 
   @redirect_url "http://localhost:4000/invite?email={email}&token={token}"
 
@@ -532,6 +532,40 @@ defmodule AdminAPI.V1.AdminAuth.AccountMembershipControllerTest do
       assert response["data"]["description"] ==
                "There is no role corresponding to the provided name."
     end
+
+    test "generates an activity log" do
+      {:ok, user} = :user |> params_for() |> User.insert()
+      account = insert(:account)
+      role = insert(:role)
+      timestamp = DateTime.utc_now()
+
+      response =
+        admin_user_request("/account.assign_user", %{
+          user_id: user.id,
+          account_id: account.id,
+          role_name: role.name,
+          redirect_url: @redirect_url
+        })
+
+      assert response["success"] == true
+      membership = get_last_inserted(Membership)
+      logs = get_all_activity_logs_since(timestamp)
+      assert Enum.count(logs) == 1
+
+      logs
+      |> Enum.at(0)
+      |> assert_activity_log(
+        action: "insert",
+        originator: get_test_admin(),
+        target: membership,
+        changes: %{
+          "account_uuid" => account.uuid,
+          "role_uuid" => role.uuid,
+          "user_uuid" => user.uuid
+        },
+        encrypted_changes: %{}
+      )
+    end
   end
 
   describe "/account.unassign_user" do
@@ -599,5 +633,33 @@ defmodule AdminAPI.V1.AdminAuth.AccountMembershipControllerTest do
       assert response["data"]["description"] ==
                "You are not allowed to perform the requested operation."
     end
+
+    test "generates an activity log" do
+      account = insert(:account)
+      {:ok, user} = :user |> params_for() |> User.insert()
+      membership = insert(:membership, %{account: account, user: user})
+
+      timestamp = DateTime.utc_now()
+
+      response =
+        admin_user_request("/account.unassign_user", %{
+          user_id: user.id,
+          account_id: account.id
+        })
+
+      assert response["success"] == true
+      logs = get_all_activity_logs_since(timestamp)
+      assert Enum.count(logs) == 1
+
+      logs
+      |> Enum.at(0)
+      |> assert_activity_log(
+        action: "delete",
+        originator: get_test_admin(),
+        target: membership,
+        changes: %{},
+        encrypted_changes: %{}
+      )
+    end
   end
 end