Skip to content

Commit

Permalink
Implement auditing improvements
Browse files Browse the repository at this point in the history 
Fix: #101
  • Loading branch information
@io7m
io7m committed Dec 18, 2023
1 parent 30638a3 commit dfd6177
Show file tree
Hide file tree
Showing 25 changed files with 416 additions and 293 deletions.
11 changes: 6 additions & 5 deletions ....database.api/src/main/java/com/io7m/idstore/database/api/IdDatabaseAuditQueriesType.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import com.io7m.idstore.model.IdAuditSearchParameters;

import java.time.OffsetDateTime;
import java.util.Map;
import java.util.UUID;

/**
Expand All @@ -45,10 +46,10 @@ IdDatabaseAuditEventsSearchType auditEventsSearch(
/**
* Create an audit event.
*
* @param userId The user ID of the event
* @param time The event time
* @param type The event type
* @param message The event message
* @param userId The user ID of the event
* @param time The event time
* @param type The event type
* @param data The event data
*
* @throws IdDatabaseException On errors
*/
Expand All @@ -57,7 +58,7 @@ void auditPut(
UUID userId,
OffsetDateTime time,
String type,
String message)
Map<String, String> data)
throws IdDatabaseException;

}
4 changes: 4 additions & 0 deletions com.io7m.idstore.database.postgres/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@
<groupId>org.jooq</groupId>
<artifactId>jooq</artifactId>
</dependency>
<dependency>
<groupId>org.jooq</groupId>
<artifactId>jooq-postgres-extensions</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
Expand Down
113 changes: 98 additions & 15 deletions ...es/src/main/java/com/io7m/idstore/database/postgres/internal/IdDatabaseAdminsQueries.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
import org.jooq.Result;
import org.jooq.exception.DataAccessException;
import org.jooq.impl.DSL;
import org.jooq.postgres.extensions.types.Hstore;

import java.time.OffsetDateTime;
import java.util.EnumSet;
Expand All @@ -60,6 +61,7 @@
import java.util.function.Supplier;
import java.util.stream.Collectors;

import static com.io7m.idstore.database.postgres.internal.IdDatabaseAuditQueries.AU_DATA;
import static com.io7m.idstore.database.postgres.internal.IdDatabaseExceptions.handleDatabaseException;
import static com.io7m.idstore.database.postgres.internal.IdDatabaseUsersQueries.formatHosts;
import static com.io7m.idstore.database.postgres.internal.Tables.ADMINS;
Expand Down Expand Up @@ -247,12 +249,17 @@ public IdAdmin adminCreateInitial(
.set(EMAILS.ADMIN_ID, id)
.execute();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString())
);

final var audit =
context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CREATED")
.set(AUDIT.USER_ID, id)
.set(AUDIT.MESSAGE, id.toString());
.set(AU_DATA, Hstore.hstore(auditData));

audit.execute();
return this.adminGet(id).orElseThrow();
Expand Down Expand Up @@ -311,23 +318,35 @@ final var record =
final var name = withIdName.get();
record.setIdName(name.value());

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("IdName", name.value())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_ID_NAME")
.set(AUDIT.USER_ID, id)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id.toString(), name.value()))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

if (withRealName.isPresent()) {
final var name = withRealName.get();
record.setRealName(name.value());

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("RealName", name.value())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_REAL_NAME")
.set(AUDIT.USER_ID, id)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id.toString(), name.value()))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

Expand All @@ -338,11 +357,14 @@ final var record =
record.setPasswordSalt(pass.salt());
record.setPasswordExpires(pass.expires().orElse(null));

final var auditData =
Map.<String, String>of();

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_PASSWORD")
.set(AUDIT.USER_ID, id)
.set(AUDIT.MESSAGE, id.toString())
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

Expand Down Expand Up @@ -442,11 +464,16 @@ public IdAdmin adminCreate(
.set(EMAILS.ADMIN_ID, id)
.execute();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CREATED")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, id.toString())
.set(AU_DATA, Hstore.hstore(auditData))
.execute();

return this.adminGet(id).orElseThrow();
Expand Down Expand Up @@ -639,12 +666,17 @@ public void adminLogin(
* are tentatively considered confidential.
*/

final var auditData =
Map.ofEntries(
Map.entry("Host", formatHosts(metadata))
);

final var audit =
context.insertInto(AUDIT)
.set(AUDIT.TIME, time)
.set(AUDIT.TYPE, "ADMIN_LOGGED_IN")
.set(AUDIT.USER_ID, id)
.set(AUDIT.MESSAGE, formatHosts(metadata));
.set(AU_DATA, Hstore.hstore(auditData));

audit.execute();
} catch (final DataAccessException e) {
Expand Down Expand Up @@ -778,23 +810,35 @@ final var record = context.fetchOne(ADMINS, ADMINS.ID.eq(id));
final var name = withIdName.get();
record.setIdName(name.value());

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("IdName", name.value())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_ID_NAME")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id.toString(), name.value()))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

if (withRealName.isPresent()) {
final var name = withRealName.get();
record.setRealName(name.value());

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("RealName", name.value())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_REAL_NAME")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id.toString(), name.value()))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

Expand All @@ -805,11 +849,16 @@ final var record = context.fetchOne(ADMINS, ADMINS.ID.eq(id));
record.setPasswordSalt(pass.salt());
record.setPasswordExpires(pass.expires().orElse(null));

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_PASSWORD")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, id.toString())
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

Expand All @@ -821,11 +870,17 @@ final var record = context.fetchOne(ADMINS, ADMINS.ID.eq(id));

record.setPermissions(permissionString);

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("Permissions", permissionString)
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_CHANGED_PERMISSIONS")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id, permissionString))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();
}

Expand Down Expand Up @@ -865,11 +920,17 @@ public void adminEmailAdd(
.set(EMAILS.EMAIL_ADDRESS, email.value())
.execute();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("Email", email.value())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_EMAIL_ADDED")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id, email.value()))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();

} catch (final DataAccessException e) {
Expand Down Expand Up @@ -926,11 +987,17 @@ public void adminEmailRemove(
.and(EMAILS.EMAIL_ADDRESS.equalIgnoreCase(email.value())))
.execute();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString()),
Map.entry("Email", email.value())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_EMAIL_REMOVED")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, "%s|%s".formatted(id, email.value()))
.set(AU_DATA, Hstore.hstore(auditData))
.execute();

} catch (final DataAccessException e) {
Expand Down Expand Up @@ -975,11 +1042,16 @@ public void adminDelete(
.where(ADMINS.ID.eq(id))
.execute();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", id.toString())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_DELETED")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, id.toString())
.set(AU_DATA, Hstore.hstore(auditData))
.execute();

} catch (final DataAccessException e) {
Expand Down Expand Up @@ -1023,11 +1095,17 @@ public void adminBanCreate(
banRecord.set(BANS.REASON, ban.reason());
banRecord.store();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", user.id().toString()),
Map.entry("BanReason", ban.reason())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_BANNED")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, user.id().toString())
.set(AU_DATA, Hstore.hstore(auditData))
.execute();

} catch (final DataAccessException e) {
Expand Down Expand Up @@ -1110,11 +1188,16 @@ public void adminBanDelete(

banRecord.delete();

final var auditData =
Map.ofEntries(
Map.entry("AdminID", user.id().toString())
);

context.insertInto(AUDIT)
.set(AUDIT.TIME, this.currentTime())
.set(AUDIT.TYPE, "ADMIN_BAN_REMOVED")
.set(AUDIT.USER_ID, executor)
.set(AUDIT.MESSAGE, user.id().toString())
.set(AU_DATA, Hstore.hstore(auditData))
.execute();

} catch (final DataAccessException e) {
Expand Down
Loading

0 comments on commit dfd6177

Please sign in to comment.