Merge pull request #3530 from Icinga/feature/enforce-a-named-identity-for-audit-logs
AuditHook: Enforce a named identity and allow to pass a explicit time
This commit is contained in:
commit
121bd545d1
|
@ -5,6 +5,7 @@ namespace Icinga\Application\Hook;
|
|||
|
||||
use Exception;
|
||||
use InvalidArgumentException;
|
||||
use Icinga\Authentication\Auth;
|
||||
use Icinga\Application\Hook;
|
||||
use Icinga\Application\Logger;
|
||||
|
||||
|
@ -18,13 +19,23 @@ abstract class AuditHook
|
|||
* @param string $type An arbitrary name identifying the type of activity
|
||||
* @param string $message A detailed description possibly referencing parameters in $data
|
||||
* @param array $data Additional information (How this is stored or used is up to each implementation)
|
||||
* @param string $identity An arbitrary name identifying the responsible subject, defaults to the current user
|
||||
* @param int $time A timestamp defining when the activity occurred, defaults to now
|
||||
*/
|
||||
public static function logActivity($type, $message, array $data = null)
|
||||
public static function logActivity($type, $message, array $data = null, $identity = null, $time = null)
|
||||
{
|
||||
if (! Hook::has('audit')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($identity === null) {
|
||||
$identity = Auth::getInstance()->getUser()->getUsername();
|
||||
}
|
||||
|
||||
if ($time === null) {
|
||||
$time = time();
|
||||
}
|
||||
|
||||
foreach (Hook::all('audit') as $hook) {
|
||||
/** @var self $hook */
|
||||
try {
|
||||
|
@ -35,7 +46,7 @@ abstract class AuditHook
|
|||
$formattedMessage = $hook->formatMessage($message, $data);
|
||||
}
|
||||
|
||||
$hook->logMessage($type, $formattedMessage, $data);
|
||||
$hook->logMessage($time, $identity, $type, $formattedMessage, $data);
|
||||
} catch (Exception $e) {
|
||||
Logger::error(
|
||||
'Failed to propagate audit message to hook "%s". An error occurred: %s',
|
||||
|
@ -49,11 +60,13 @@ abstract class AuditHook
|
|||
/**
|
||||
* Log a message to the audit log
|
||||
*
|
||||
* @param int $time A timestamp defining when the activity occurred
|
||||
* @param string $identity An arbitrary name identifying the responsible subject
|
||||
* @param string $type An arbitrary name identifying the type of activity
|
||||
* @param string $message A detailed description of the activity
|
||||
* @param array $data Additional activity information
|
||||
*/
|
||||
abstract public function logMessage($type, $message, array $data = null);
|
||||
abstract public function logMessage($time, $identity, $type, $message, array $data = null);
|
||||
|
||||
/**
|
||||
* Substitute the given message with its accompanying data
|
||||
|
|
|
@ -165,7 +165,7 @@ class Auth
|
|||
if ($persist) {
|
||||
$this->persistCurrentUser();
|
||||
}
|
||||
AuditHook::logActivity('login', 'User {{username}} logged in', ['username' => $user->getUsername()]);
|
||||
AuditHook::logActivity('login', 'User logged in');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -364,7 +364,7 @@ class Auth
|
|||
*/
|
||||
public function removeAuthorization()
|
||||
{
|
||||
AuditHook::logActivity('logout', 'User {{username}} logged out', ['username' => $this->user->getUsername()]);
|
||||
AuditHook::logActivity('logout', 'User logged out');
|
||||
$this->user = null;
|
||||
Session::getSession()->purge();
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ use Icinga\Test\BaseTestCase;
|
|||
|
||||
class TestAuditHook extends AuditHook
|
||||
{
|
||||
public function logMessage($type, $message, array $data = null)
|
||||
public function logMessage($time, $identity, $type, $message, array $data = null)
|
||||
{
|
||||
// TODO: Implement logMessage() method.
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue