Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Audit Logs] Check auth strategy to log events on audit logs #15708

Merged
merged 1 commit into from
Feb 7, 2023
Merged

[Audit Logs] Check auth strategy to log events on audit logs #15708

merged 1 commit into from
Feb 7, 2023

Conversation

Feranchz
Copy link
Contributor

@Feranchz Feranchz commented Feb 3, 2023

To have previous context about this PR please check this closed PR

What does it do?

In the processEvent function, before log anything we check if the user is correctly authenticated and if it's using the admin auth strategy, in this way we ignore events triggered by the content API or the U&P plugin

How to test it

  • Run a Strapi application with a valid EE license
  • Create a new content type or edit a existing one and wait for Strapi to restart
  • Go to the audit logs page, you should see only the create/update event and not the delete permissions events
  • Try to create a new entry with the Content API, you should not see any event on the audit logs page

@Feranchz Feranchz added source: core:admin Source is core/admin package pr: fix This PR is fixing a bug flag: EE Issues correlates to internal EE ticket labels Feb 3, 2023
@Feranchz Feranchz self-assigned this Feb 3, 2023
@Feranchz Feranchz mentioned this pull request Feb 3, 2023
Closed
@codecov
Copy link

codecov bot commented Feb 3, 2023
edited

Codecov Report

Base: 59.07% // Head: 59.08% // Increases project coverage by +0.00% 🎉

Coverage data is based on head (a5a1967) compared to base (8383e33).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #15708   +/-   ##
=======================================
  Coverage   59.07%   59.08%           
=======================================
  Files        1501     1501           
  Lines       38365    38370    +5     
  Branches     7384     7385    +1     
=======================================
+ Hits        22666    22671    +5     
  Misses      13427    13427           
  Partials     2272     2272
Flag Coverage Δ
back 47.40% <100.00%> (+0.01%) ⬆️
front 67.08% <ø> (ø)
unit_back 47.40% <100.00%> (+0.01%) ⬆️
unit_front 67.08% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...ckages/core/admin/ee/server/services/audit-logs.js 80.95% <100.00%> (+1.64%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

remidej
remidej approved these changes Feb 6, 2023
View reviewed changes
Copy link
Contributor

@remidej remidej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the code changes look good to me, I think we should QA it before merging

remidej
remidej approved these changes Feb 7, 2023
View reviewed changes
Copy link
Contributor

@remidej remidej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks all good to me regarding QA

✅ no more weird events on startup
✅ no more additional permissions events when making changes in the CTB
✅ no log when using the content API without authentication
✅ no log when using the content API with authentication

@Feranchz Feranchz merged commit 0072ce9 into main Feb 7, 2023
@Feranchz Feranchz deleted the fix/audit-logs-check-auth-strategy branch February 7, 2023 16:25
@remidej remidej added this to the 4.6.1 milestone Feb 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@remidej remidej remidej approved these changes

@Convly Convly Convly approved these changes

@oiorain oiorain Awaiting requested review from oiorain

@markkaylor markkaylor Awaiting requested review from markkaylor

Assignees

@Feranchz Feranchz

Labels
flag: EE Issues correlates to internal EE ticket pr: fix This PR is fixing a bug source: core:admin Source is core/admin package
Projects
None yet
Milestone
4.6.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Feranchz @remidej @Convly