tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AuditHook: Enforce a named identity and allow to pass a explicit time

This commit is contained in:
Johannes Meyer 2018-07-18 14:33:02 +02:00
parent 84e0c0c4fb
commit f28f7150fc
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
library/Icinga/Application/Hook/AuditHook.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Application\Hook;
use Exception; use Exception;
use InvalidArgumentException; use InvalidArgumentException;
use Icinga\Authentication\Auth;
use Icinga\Application\Hook; use Icinga\Application\Hook;
use Icinga\Application\Logger; use Icinga\Application\Logger;
@ -18,13 +19,23 @@ abstract class AuditHook
* @param string $type An arbitrary name identifying the type of activity * @param string $type An arbitrary name identifying the type of activity
* @param string $message A detailed description possibly referencing parameters in $data * @param string $message A detailed description possibly referencing parameters in $data
* @param array $data Additional information (How this is stored or used is up to each implementation) * @param array $data Additional information (How this is stored or used is up to each implementation)
* @param string $identity An arbitrary name identifying the responsible subject, defaults to the current user
* @param int $time A timestamp defining when the activity occurred, defaults to now
*/ */
public static function logActivity($type, $message, array $data = null) public static function logActivity($type, $message, array $data = null, $identity = null, $time = null)
{ {
if (! Hook::has('audit')) { if (! Hook::has('audit')) {
return; return;
} }
if ($identity === null) {
$identity = Auth::getInstance()->getUser()->getUsername();
}
if ($time === null) {
$time = time();
}
foreach (Hook::all('audit') as $hook) { foreach (Hook::all('audit') as $hook) {
/** @var self $hook */ /** @var self $hook */
try { try {
@ -35,7 +46,7 @@ abstract class AuditHook
$formattedMessage = $hook->formatMessage($message, $data); $formattedMessage = $hook->formatMessage($message, $data);
} }
$hook->logMessage($type, $formattedMessage, $data); $hook->logMessage($time, $identity, $type, $formattedMessage, $data);
} catch (Exception $e) { } catch (Exception $e) {
Logger::error( Logger::error(
'Failed to propagate audit message to hook "%s". An error occurred: %s', 'Failed to propagate audit message to hook "%s". An error occurred: %s',
@ -49,11 +60,13 @@ abstract class AuditHook
/** /**
* Log a message to the audit log * Log a message to the audit log
* *
* @param int $time A timestamp defining when the activity occurred
* @param string $identity An arbitrary name identifying the responsible subject
* @param string $type An arbitrary name identifying the type of activity * @param string $type An arbitrary name identifying the type of activity
* @param string $message A detailed description of the activity * @param string $message A detailed description of the activity
* @param array $data Additional activity information * @param array $data Additional activity information
*/ */
abstract public function logMessage($type, $message, array $data = null); abstract public function logMessage($time, $identity, $type, $message, array $data = null);
/** /**
* Substitute the given message with its accompanying data * Substitute the given message with its accompanying data

4
library/Icinga/Authentication/Auth.php
View File

@ -165,7 +165,7 @@ class Auth
if ($persist) { if ($persist) {
$this->persistCurrentUser(); $this->persistCurrentUser();
} }
AuditHook::logActivity('login', 'User {{username}} logged in', ['username' => $user->getUsername()]); AuditHook::logActivity('login', 'User logged in');
} }
/** /**
@ -364,7 +364,7 @@ class Auth
*/ */
public function removeAuthorization() public function removeAuthorization()
{ {
AuditHook::logActivity('logout', 'User {{username}} logged out', ['username' => $this->user->getUsername()]); AuditHook::logActivity('logout', 'User logged out');
$this->user = null; $this->user = null;
Session::getSession()->purge(); Session::getSession()->purge();
} }

2
test/php/library/Icinga/Application/Hook/AuditHookTest.php
View File

@ -8,7 +8,7 @@ use Icinga\Test\BaseTestCase;
class TestAuditHook extends AuditHook class TestAuditHook extends AuditHook
{ {
public function logMessage($type, $message, array $data = null) public function logMessage($time, $identity, $type, $message, array $data = null)
{ {
// TODO: Implement logMessage() method. // TODO: Implement logMessage() method.
} }