synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add auditing to user routes (#3961)

Browse Source
This commit is contained in:
Colin Adler
2022-09-08 21:16:16 -05:00
committed by GitHub
parent c026464375
commit 4e26e325a6
11 changed files with 258 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
coderd/users_test.go
View File

@ -10,11 +10,14 @@ import (
"time"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/sync/errgroup"
"github.com/coder/coder/coderd"
"github.com/coder/coder/coderd/audit"
"github.com/coder/coder/coderd/coderdtest"
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/rbac"
"github.com/coder/coder/codersdk"
"github.com/coder/coder/testutil"
@ -374,7 +377,8 @@ func TestPostUsers(t *testing.T) {
t.Run("Create", func(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, nil)
auditor := audit.NewMock()
client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
user := coderdtest.CreateFirstUser(t, client)
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
@ -387,6 +391,8 @@ func TestPostUsers(t *testing.T) {
Password: "testing",
})
require.NoError(t, err)
assert.Len(t, auditor.AuditLogs, 1)
assert.Equal(t, database.AuditActionCreate, auditor.AuditLogs[0].Action)
})
}
@ -435,7 +441,8 @@ func TestUpdateUserProfile(t *testing.T) {
t.Run("UpdateUsername", func(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, nil)
auditor := audit.NewMock()
client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
coderdtest.CreateFirstUser(t, client)
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
@ -447,6 +454,8 @@ func TestUpdateUserProfile(t *testing.T) {
})
require.NoError(t, err)
require.Equal(t, userProfile.Username, "newusername")
assert.Len(t, auditor.AuditLogs, 1)
assert.Equal(t, database.AuditActionWrite, auditor.AuditLogs[0].Action)
})
}
@ -496,7 +505,8 @@ func TestUpdateUserPassword(t *testing.T) {
})
t.Run("MemberCanUpdateOwnPassword", func(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, nil)
auditor := audit.NewMock()
client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
admin := coderdtest.CreateFirstUser(t, client)
member := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
@ -508,6 +518,8 @@ func TestUpdateUserPassword(t *testing.T) {
Password: "newpassword",
})
require.NoError(t, err, "member should be able to update own password")
assert.Len(t, auditor.AuditLogs, 2)
assert.Equal(t, database.AuditActionWrite, auditor.AuditLogs[1].Action)
})
t.Run("MemberCantUpdateOwnPasswordWithoutOldPassword", func(t *testing.T) {
t.Parallel()
@ -525,7 +537,8 @@ func TestUpdateUserPassword(t *testing.T) {
})
t.Run("AdminCanUpdateOwnPasswordWithoutOldPassword", func(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, nil)
auditor := audit.NewMock()
client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
_ = coderdtest.CreateFirstUser(t, client)
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
@ -535,6 +548,8 @@ func TestUpdateUserPassword(t *testing.T) {
Password: "newpassword",
})
require.NoError(t, err, "admin should be able to update own password without providing old password")
assert.Len(t, auditor.AuditLogs, 1)
assert.Equal(t, database.AuditActionWrite, auditor.AuditLogs[0].Action)
})
}
@ -752,7 +767,8 @@ func TestPutUserSuspend(t *testing.T) {
t.Run("SuspendAnotherUser", func(t *testing.T) {
t.Parallel()
client := coderdtest.New(t, nil)
auditor := audit.NewMock()
client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
me := coderdtest.CreateFirstUser(t, client)
_, user := coderdtest.CreateAnotherUserWithUser(t, client, me.OrganizationID)
@ -762,6 +778,8 @@ func TestPutUserSuspend(t *testing.T) {
user, err := client.UpdateUserStatus(ctx, user.Username, codersdk.UserStatusSuspended)
require.NoError(t, err)
require.Equal(t, user.Status, codersdk.UserStatusSuspended)
assert.Len(t, auditor.AuditLogs, 2)
assert.Equal(t, database.AuditActionWrite, auditor.AuditLogs[1].Action)
})
t.Run("SuspendItSelf", func(t *testing.T) {