synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-03-14 10:09:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

use audit.BackgroundAudit

Browse Source
This commit is contained in:
McKayla Washburn
2025-03-13 16:56:19 +00:00
parent a39a886f92
commit fcc68a4cff
3 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
coderd/userauth.go
View File

@ -1756,7 +1756,7 @@ func (api *API) oauthLogin(rw http.ResponseWriter, r *http.Request, params *oaut
LoginType: params.LoginType, LoginType: params.LoginType,
accountCreatorName: "oauth", accountCreatorName: "oauth",
RBACRoles: rbacRoles, RBACRoles: rbacRoles,
}, rw, r) }, r)
if err != nil { if err != nil {
return xerrors.Errorf("create user: %w", err) return xerrors.Errorf("create user: %w", err)
} }

31
coderd/users.go
View File

@ -202,7 +202,7 @@ func (api *API) postFirstUser(rw http.ResponseWriter, r *http.Request) {
LoginType: database.LoginTypePassword, LoginType: database.LoginTypePassword,
RBACRoles: []string{rbac.RoleOwner().String()}, RBACRoles: []string{rbac.RoleOwner().String()},
accountCreatorName: "coder", accountCreatorName: "coder",
}, rw, r) }, r)
if err != nil { if err != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Message: "Internal error creating user.", Message: "Internal error creating user.",
@ -485,7 +485,7 @@ func (api *API) postUser(rw http.ResponseWriter, r *http.Request) {
CreateUserRequestWithOrgs: req, CreateUserRequestWithOrgs: req,
LoginType: loginType, LoginType: loginType,
accountCreatorName: accountCreator.Name, accountCreatorName: accountCreator.Name,
}, rw, r) }, r)
if dbauthz.IsNotAuthorizedError(err) { if dbauthz.IsNotAuthorizedError(err) {
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{ httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
@ -1364,7 +1364,7 @@ type CreateUserRequest struct {
RBACRoles []string RBACRoles []string
} }
func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest, rw http.ResponseWriter, r *http.Request) (database.User, error) { func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest, r *http.Request) (database.User, error) {
// Ensure the username is valid. It's the caller's responsibility to ensure // Ensure the username is valid. It's the caller's responsibility to ensure
// the username is valid and unique. // the username is valid and unique.
if usernameValid := codersdk.NameValid(req.Username); usernameValid != nil { if usernameValid := codersdk.NameValid(req.Username); usernameValid != nil {
@ -1379,6 +1379,7 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
} }
var user database.User var user database.User
var memberships []database.AuditableOrganizationMember
err := store.InTx(func(tx database.Store) error { err := store.InTx(func(tx database.Store) error {
status := "" status := ""
if req.UserStatus != nil { if req.UserStatus != nil {
@ -1427,16 +1428,7 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
} }
for _, orgID := range req.OrganizationIDs { for _, orgID := range req.OrganizationIDs {
aReq, commitAudit := audit.InitRequest[database.AuditableOrganizationMember](rw, &audit.RequestParams{ member, err := tx.InsertOrganizationMember(ctx, database.InsertOrganizationMemberParams{
OrganizationID: orgID,
Audit: *api.Auditor.Load(),
Log: api.Logger,
Request: r,
Action: database.AuditActionCreate,
})
aReq.Old = database.AuditableOrganizationMember{}
defer commitAudit()
_, err = tx.InsertOrganizationMember(ctx, database.InsertOrganizationMemberParams{
OrganizationID: orgID, OrganizationID: orgID,
UserID: user.ID, UserID: user.ID,
CreatedAt: dbtime.Now(), CreatedAt: dbtime.Now(),
@ -1446,6 +1438,7 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
if err != nil { if err != nil {
return xerrors.Errorf("create organization member for %q: %w", orgID.String(), err) return xerrors.Errorf("create organization member for %q: %w", orgID.String(), err)
} }
memberships = append(memberships, member.Auditable(user.Username))
} }
return nil return nil
@ -1454,6 +1447,18 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
return user, err return user, err
} }
for _, member := range memberships {
audit.BackgroundAudit(ctx, &audit.BackgroundAuditParams[database.AuditableOrganizationMember]{
Audit: *api.Auditor.Load(),
Log: api.Logger,
Action: database.AuditActionCreate,
IP: r.RemoteAddr,
OrganizationID: member.OrganizationID,
UserID: member.UserID,
New: member,
})
}
userAdmins, err := findUserAdmins(ctx, store) userAdmins, err := findUserAdmins(ctx, store)
if err != nil { if err != nil {
return user, xerrors.Errorf("find user admins: %w", err) return user, xerrors.Errorf("find user admins: %w", err)

2
enterprise/coderd/scim.go
View File

@ -319,7 +319,7 @@ func (api *API) scimPostUser(rw http.ResponseWriter, r *http.Request) {
LoginType: database.LoginTypeOIDC, LoginType: database.LoginTypeOIDC,
// Do not send notifications to user admins as SCIM endpoint might be called sequentially to all users. // Do not send notifications to user admins as SCIM endpoint might be called sequentially to all users.
SkipNotifications: true, SkipNotifications: true,
}, rw, r) }, r)
if err != nil { if err != nil {
_ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusInternalServerError, "internalError", xerrors.Errorf("failed to create user: %w", err))) _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusInternalServerError, "internalError", xerrors.Errorf("failed to create user: %w", err)))
return return