Skip to content

Commit d997c8b

Browse files
CarlSchwanCarlSchwan
committed
Start porting Admin audit to new events
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
1 parent 0824f44 commit d997c8b

9 files changed

Lines changed: 245 additions & 106 deletions

File tree

apps/admin_audit/lib/Actions/Auth.php

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,32 @@
2727
*/
2828
namespace OCA\AdminAudit\Actions;
2929

30+
use OCP\EventDispatcher\Event;
31+
use OCP\EventDispatcher\IEventListener;
32+
use OCP\User\Events\BeforeUserLoggedInEvent;
33+
use OCP\User\Events\UserLoggedInEvent;
34+
use OCP\User\Events\UserLoggedOutEvent;
35+
3036
/**
3137
* Class Auth logs all auth related actions
3238
*
3339
* @package OCA\AdminAudit\Actions
3440
*/
35-
class Auth extends Action {
41+
class Auth extends Action implements IEventListener {
42+
public function handle(Event $event): void {
43+
if ($event instanceof BeforeUserLoggedInEvent) {
44+
$this->loginAttempt(['uid' => $event->getUsername()]);
45+
}
46+
47+
if ($event instanceof UserLoggedInEvent) {
48+
$this->loginAttempt(['uid' => $event->getUsername()]);
49+
}
50+
51+
if ($event instanceof UserLoggedOutEvent) {
52+
$this->logout($event->getUser()->getUID());
53+
}
54+
}
55+
3656
public function loginAttempt(array $params): void {
3757
$this->log(
3858
'Login attempt: "%s"',
@@ -55,11 +75,12 @@ public function loginSuccessful(array $params): void {
5575
);
5676
}
5777

58-
public function logout(array $params): void {
78+
public function logout(string $userId): void {
5979
$this->log(
60-
'Logout occurred',
61-
[],
62-
[]
80+
'Logout occurred for "%s"',
81+
['uid' => $userId],
82+
['uid'],
83+
true
6384
);
6485
}
6586
}

apps/admin_audit/lib/Actions/GroupManagement.php

Lines changed: 28 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,12 @@
2929
*/
3030
namespace OCA\AdminAudit\Actions;
3131

32+
use OCP\EventDispatcher\Event;
33+
use OCP\EventDispatcher\IEventListener;
34+
use OCP\Group\Events\GroupCreatedEvent;
35+
use OCP\Group\Events\GroupDeletedEvent;
36+
use OCP\Group\Events\UserAddedEvent;
37+
use OCP\Group\Events\UserRemovedEvent;
3238
use OCP\IGroup;
3339
use OCP\IUser;
3440

@@ -37,13 +43,27 @@
3743
*
3844
* @package OCA\AdminAudit\Actions
3945
*/
40-
class GroupManagement extends Action {
46+
class GroupManagement extends Action implements IEventListener {
47+
public function handle(Event $event): void {
48+
if ($event instanceof UserAddedEvent) {
49+
$this->addUser($event->getGroup(), $event->getUser());
50+
}
51+
52+
if ($event instanceof UserRemovedEvent) {
53+
$this->addUser($event->getGroup(), $event->getUser());
54+
}
55+
56+
if ($event instanceof GroupCreatedEvent) {
57+
$this->createGroup($event->getGroup());
58+
}
59+
60+
if ($event instanceof GroupDeletedEvent) {
61+
$this->deleteGroup($event->getGroup());
62+
}
63+
}
4164

4265
/**
43-
* log add user to group event
44-
*
45-
* @param IGroup $group
46-
* @param IUser $user
66+
* Log add user to group event
4767
*/
4868
public function addUser(IGroup $group, IUser $user): void {
4969
$this->log('User "%s" added to group "%s"',
@@ -58,10 +78,7 @@ public function addUser(IGroup $group, IUser $user): void {
5878
}
5979

6080
/**
61-
* log remove user from group event
62-
*
63-
* @param IGroup $group
64-
* @param IUser $user
81+
* Log remove user from group event
6582
*/
6683
public function removeUser(IGroup $group, IUser $user): void {
6784
$this->log('User "%s" removed from group "%s"',
@@ -76,9 +93,7 @@ public function removeUser(IGroup $group, IUser $user): void {
7693
}
7794

7895
/**
79-
* log create group to group event
80-
*
81-
* @param IGroup $group
96+
* Log create group to group event
8297
*/
8398
public function createGroup(IGroup $group): void {
8499
$this->log('Group created: "%s"',
@@ -92,9 +107,7 @@ public function createGroup(IGroup $group): void {
92107
}
93108

94109
/**
95-
* log delete group to group event
96-
*
97-
* @param IGroup $group
110+
* Log delete group to group event
98111
*/
99112
public function deleteGroup(IGroup $group): void {
100113
$this->log('Group deleted: "%s"',

apps/admin_audit/lib/Actions/UserManagement.php

Lines changed: 47 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
* @author John Molakvoæ <skjnldsv@protonmail.com>
1313
* @author Lukas Reschke <lukas@statuscode.ch>
1414
* @author Roeland Jago Douma <roeland@famdouma.nl>
15+
* @author Carl Schwan <carl@carlschwan.eu>
1516
*
1617
* @license GNU AGPL version 3 or any later version
1718
*
@@ -31,23 +32,57 @@
3132
*/
3233
namespace OCA\AdminAudit\Actions;
3334

35+
use OCP\EventDispatcher\Event;
36+
use OCP\EventDispatcher\IEventListener;
3437
use OCP\IUser;
38+
use OCP\User\Events\PasswordUpdatedEvent;
39+
use OCP\User\Events\UserChangedEvent;
40+
use OCP\User\Events\UserCreatedEvent;
41+
use OCP\User\Events\UserDeletedEvent;
42+
use OCP\User\Events\UserIdAssignedEvent;
43+
use OCP\User\Events\UserIdUnAssignedEvent;
3544

3645
/**
3746
* Class UserManagement logs all user management related actions.
3847
*
3948
* @package OCA\AdminAudit\Actions
4049
*/
41-
class UserManagement extends Action {
50+
class UserManagement extends Action implements IEventListener {
51+
public function handle(Event $event): void {
52+
if ($event instanceof UserCreatedEvent) {
53+
$this->create($event->getUser()->getUID());
54+
}
55+
56+
if ($event instanceof UserDeletedEvent) {
57+
$this->delete($event->getUser()->getUID());
58+
}
59+
60+
if ($event instanceof UserChangedEvent) {
61+
$this->change($event);
62+
}
63+
64+
if ($event instanceof UserIdAssignedEvent) {
65+
$this->assign($event->getName());
66+
}
67+
68+
if ($event instanceof UserIdUnassignedEvent) {
69+
$this->assign($event->getName());
70+
}
71+
72+
if ($event instanceof PasswordUpdatedEvent) {
73+
$this->setPassword($event->getUser());
74+
}
75+
}
76+
4277
/**
4378
* Log creation of users
4479
*
4580
* @param array $params
4681
*/
47-
public function create(array $params): void {
82+
public function create(string $userId): void {
4883
$this->log(
4984
'User created: "%s"',
50-
$params,
85+
['uid' => $userId],
5186
[
5287
'uid',
5388
]
@@ -56,26 +91,22 @@ public function create(array $params): void {
5691

5792
/**
5893
* Log assignments of users (typically user backends)
59-
*
60-
* @param string $uid
6194
*/
62-
public function assign(string $uid): void {
95+
public function assign(string $userId): void {
6396
$this->log(
6497
'UserID assigned: "%s"',
65-
[ 'uid' => $uid ],
98+
[ 'uid' => $userId ],
6699
[ 'uid' ]
67100
);
68101
}
69102

70103
/**
71104
* Log deletion of users
72-
*
73-
* @param array $params
74105
*/
75-
public function delete(array $params): void {
106+
public function delete(string $userId): void {
76107
$this->log(
77108
'User deleted: "%s"',
78-
$params,
109+
['uid' => $userId],
79110
[
80111
'uid',
81112
]
@@ -100,14 +131,14 @@ public function unassign(string $uid): void {
100131
*
101132
* @param array $params
102133
*/
103-
public function change(array $params): void {
104-
switch ($params['feature']) {
134+
public function change(UserChangedEvent $changedEvent): void {
135+
switch ($changedEvent->getFeature()) {
105136
case 'enabled':
106137
$this->log(
107-
$params['value'] === true
138+
$changedEvent->getValue() === true
108139
? 'User enabled: "%s"'
109140
: 'User disabled: "%s"',
110-
['user' => $params['user']->getUID()],
141+
['user' => $changedEvent->getUser()->getUID()],
111142
[
112143
'user',
113144
]
@@ -116,7 +147,7 @@ public function change(array $params): void {
116147
case 'eMailAddress':
117148
$this->log(
118149
'Email address changed for user %s',
119-
['user' => $params['user']->getUID()],
150+
['user' => $changedEvent->getUser()->getUID()],
120151
[
121152
'user',
122153
]

apps/admin_audit/lib/AppInfo/Application.php

Lines changed: 33 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,10 @@
5858
use OCP\AppFramework\Bootstrap\IRegistrationContext;
5959
use OCP\Authentication\TwoFactorAuth\IProvider;
6060
use OCP\Console\ConsoleEvent;
61+
use OCP\Group\Events\GroupCreatedEvent;
62+
use OCP\Group\Events\GroupDeletedEvent;
63+
use OCP\Group\Events\UserAddedEvent;
64+
use OCP\Group\Events\UserRemovedEvent;
6165
use OCP\IConfig;
6266
use OCP\IGroupManager;
6367
use OCP\IPreview;
@@ -66,6 +70,15 @@
6670
use OCP\Log\Audit\CriticalActionPerformedEvent;
6771
use OCP\Log\ILogFactory;
6872
use OCP\Share;
73+
use OCP\User\Events\BeforeUserLoggedInEvent;
74+
use OCP\User\Events\UserIdAssignedEvent;
75+
use OCP\User\Events\PasswordUpdatedEvent;
76+
use OCP\User\Events\UserChangedEvent;
77+
use OCP\User\Events\UserCreatedEvent;
78+
use OCP\User\Events\UserDeletedEvent;
79+
use OCP\User\Events\UserIdUnAssignedEvent;
80+
use OCP\User\Events\UserLoggedInEvent;
81+
use OCP\User\Events\UserLoggedOutEvent;
6982
use OCP\Util;
7083
use Psr\Container\ContainerInterface;
7184
use Psr\Log\LoggerInterface;
@@ -87,6 +100,26 @@ public function register(IRegistrationContext $context): void {
87100
});
88101

89102
$context->registerEventListener(CriticalActionPerformedEvent::class, CriticalActionPerformedEventListener::class);
103+
104+
// User management
105+
$context->registerEventListener(UserCreatedEvent::class, UserManagement::class);
106+
$context->registerEventListener(UserDeletedEvent::class, UserManagement::class);
107+
$context->registerEventListener(UserChangedEvent::class, UserManagement::class);
108+
$context->registerEventListener(PasswordUpdatedEvent::class, UserManagement::class);
109+
$context->registerEventListener(UserIdAssignedEvent::class, UserManagement::class);
110+
$context->registerEventListener(UserIdUnAssignedEvent::class, UserManagement::class);
111+
112+
// Group management
113+
$context->registerEventListener(GroupCreatedEvent::class, GroupManagement::class);
114+
$context->registerEventListener(GroupDeletedEvent::class, GroupManagement::class);
115+
$context->registerEventListener(UserAddedEvent::class, GroupManagement::class);
116+
$context->registerEventListener(UserRemovedEvent::class, GroupManagement::class);
117+
118+
// Authentication management
119+
$context->registerEventListener(UserLoggedInEvent::class, Auth::class);
120+
$context->registerEventListener(BeforeUserLoggedInEvent::class, Auth::class);
121+
$context->registerEventListener(UserLoggedOutEvent::class, Auth::class);
122+
90123
}
91124

92125
public function boot(IBootContext $context): void {
@@ -105,10 +138,6 @@ public function boot(IBootContext $context): void {
105138
*/
106139
private function registerHooks(IAuditLogger $logger,
107140
IServerContainer $serverContainer): void {
108-
$this->userManagementHooks($logger, $serverContainer->get(IUserSession::class));
109-
$this->groupHooks($logger, $serverContainer->get(IGroupManager::class));
110-
$this->authHooks($logger);
111-
112141
/** @var EventDispatcherInterface $eventDispatcher */
113142
$eventDispatcher = $serverContainer->get(EventDispatcherInterface::class);
114143
$this->consoleHooks($logger, $eventDispatcher);
@@ -123,31 +152,6 @@ private function registerHooks(IAuditLogger $logger,
123152
$this->securityHooks($logger, $eventDispatcher);
124153
}
125154

126-
private function userManagementHooks(IAuditLogger $logger,
127-
IUserSession $userSession): void {
128-
$userActions = new UserManagement($logger);
129-
130-
Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
131-
Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
132-
Util::connectHook('OC_User', 'changeUser', $userActions, 'change');
133-
134-
assert($userSession instanceof UserSession);
135-
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
136-
$userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']);
137-
$userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']);
138-
}
139-
140-
private function groupHooks(IAuditLogger $logger,
141-
IGroupManager $groupManager): void {
142-
$groupActions = new GroupManagement($logger);
143-
144-
assert($groupManager instanceof GroupManager);
145-
$groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
146-
$groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
147-
$groupManager->listen('\OC\Group', 'postDelete', [$groupActions, 'deleteGroup']);
148-
$groupManager->listen('\OC\Group', 'postCreate', [$groupActions, 'createGroup']);
149-
}
150-
151155
private function sharingHooks(IAuditLogger $logger): void {
152156
$shareActions = new Sharing($logger);
153157

@@ -160,14 +164,6 @@ private function sharingHooks(IAuditLogger $logger): void {
160164
Util::connectHook(Share::class, 'share_link_access', $shareActions, 'shareAccessed');
161165
}
162166

163-
private function authHooks(IAuditLogger $logger): void {
164-
$authActions = new Auth($logger);
165-
166-
Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
167-
Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
168-
Util::connectHook('OC_User', 'logout', $authActions, 'logout');
169-
}
170-
171167
private function appHooks(IAuditLogger $logger,
172168
EventDispatcherInterface $eventDispatcher): void {
173169
$eventDispatcher->addListener(ManagerEvent::EVENT_APP_ENABLE, function (ManagerEvent $event) use ($logger) {

apps/user_ldap/ajax/clearMappings.php

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@
2525
*/
2626
use OCA\User_LDAP\Mapping\UserMapping;
2727
use OCA\User_LDAP\Mapping\GroupMapping;
28+
use OCP\EventDispatcher\IEventDispatcher;
29+
use OCP\User\Events\BeforeUserIdUnAssignedEvent;
30+
use OCP\User\Events\UserIdUnAssignedEvent;
2831

2932
// Check user and app status
3033
\OC_JSON::checkAdminUser();
@@ -36,11 +39,15 @@
3639
try {
3740
if ($subject === 'user') {
3841
$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
42+
/** @var IEventDispatcher $dispatcher */
43+
$dispatcher = \OC::$server->get(IEventDispatcher::class);
3944
$result = $mapping->clearCb(
40-
function ($uid) {
45+
function ($uid) use ($dispatcher) {
46+
$dispatcher->dispatchTyped(new BeforeUserIdUnAssignedEvent($uid));
4147
\OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
4248
},
43-
function ($uid) {
49+
function ($uid) use ($dispatcher) {
50+
$dispatcher->dispatchTyped(new UserIdUnAssignedEvent($uid));
4451
\OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
4552
}
4653
);

0 commit comments

Comments
 (0)