Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Append OIDC logins (success/failure) to security events. #44467

Merged
merged 8 commits into from Nov 16, 2022
Merged

Append OIDC logins (success/failure) to security events. #44467

merged 8 commits into from Nov 16, 2022

Conversation

vrto
Copy link
Contributor

@vrto vrto commented Nov 16, 2022

Description

Expand security events with a new SecurityEventOIDCLoginSucceeded and SecurityEventOIDCLoginFailed pair and hook it up to the correct place.

Test plan

  • expanded the existing automated tests

@cla-bot cla-bot bot added the cla-signed label Nov 16, 2022
@sourcegraph-bot
Copy link
Contributor

sourcegraph-bot commented Nov 16, 2022
edited

Codenotify: Notifying subscribers in CODENOTIFY files for diff 6334795...fbdb723.

Notify File(s)
@unknwon enterprise/cmd/frontend/internal/auth/openidconnect/middleware.go
enterprise/cmd/frontend/internal/auth/openidconnect/middleware_test.go

willdollman
willdollman approved these changes Nov 16, 2022
View reviewed changes
enterprise/cmd/frontend/internal/auth/openidconnect/middleware.go Outdated Show resolved Hide resolved
enterprise/cmd/frontend/internal/auth/openidconnect/middleware.go
db.SecurityEventLogs().LogEvent(r.Context(), &database.SecurityEvent{
Name: database.SecurityEventOIDCLoginFailed,
URL: r.URL.Path, // don't log OIDC query params
AnonymousUserID: fmt.Sprintf("unknown OIDC @ %s", time.Now()), // we don't know have a reliable user identify at the time of the failure
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
AnonymousUserID: fmt.Sprintf("unknown OIDC @ %s", time.Now()), // we don't know have a reliable user identify at the time of the failure
AnonymousUserID: fmt.Sprintf("unknown OIDC @ %s", time.Now()), // We don't have a reliable user identity at the time of the failure

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is time.Now() necessary as we also have a Timestamp field?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think no, but I wanted to make that unique (more or less); we'd normally use a cookie value for the AnonymousUserID, but we haven't got anything in this case.

enterprise/cmd/frontend/internal/auth/openidconnect/middleware.go Outdated Show resolved Hide resolved
enterprise/cmd/frontend/internal/auth/openidconnect/middleware.go Show resolved Hide resolved
@vrto vrto merged commit 776eb00 into main Nov 16, 2022
@vrto vrto deleted the mv/security-events/oidc-logins branch November 16, 2022 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willdollman willdollman willdollman approved these changes

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vrto @sourcegraph-bot @willdollman