Skip to content

Commit 4c754d3

Browse files
Kira-PilotKira-Pilot
committed
passing the correct user id
1 parent a75392e commit 4c754d3

File tree

2 files changed

+36
-5
lines changed

2 files changed

+36
-5
lines changed

coderd/audit/request.go

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,9 @@ type RequestParams struct {
2929
type Request[T Auditable] struct {
3030
params *RequestParams
3131

32-
Old T
33-
New T
32+
Old T
33+
New T
34+
UserId uuid.UUID
3435
}
3536

3637
type BuildAuditParams[T Auditable] struct {
@@ -89,7 +90,6 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
8990
case database.AuditableGroup:
9091
return typed.Group.ID
9192
case database.APIKey:
92-
// this doesn't seem right
9393
return typed.UserID
9494
default:
9595
panic(fmt.Sprintf("unknown resource %T", tgt))
@@ -158,11 +158,19 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
158158
p.AdditionalFields = json.RawMessage("{}")
159159
}
160160

161+
var userID uuid.UUID
162+
key, ok := httpmw.APIKeyOptional(p.Request)
163+
if ok {
164+
userID = key.UserID
165+
} else {
166+
userID = req.UserId
167+
}
168+
161169
ip := parseIP(p.Request.RemoteAddr)
162170
auditLog := database.AuditLog{
163171
ID: uuid.New(),
164172
Time: database.Now(),
165-
UserID: uuid.Nil,
173+
UserID: userID,
166174
Ip: ip,
167175
UserAgent: sql.NullString{String: p.Request.UserAgent(), Valid: true},
168176
ResourceType: either(req.Old, req.New, ResourceType[T]),

coderd/users.go

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1005,11 +1005,15 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
10051005
Action: database.AuditActionLogin,
10061006
})
10071007
)
1008+
aReq.Old = database.APIKey{}
10081009

10091010
defer commitAudit()
10101011

10111012
var loginWithPassword codersdk.LoginWithPasswordRequest
10121013
if !httpapi.Read(ctx, rw, r, &loginWithPassword) {
1014+
// We pass a disposable user ID just to force an audit diff
1015+
// and generate a log for a failed login
1016+
aReq.New = database.APIKey{UserID: uuid.New()}
10131017
return
10141018
}
10151019

@@ -1020,15 +1024,23 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
10201024
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
10211025
Message: "Internal error.",
10221026
})
1027+
// We pass a disposable user ID just to force an audit diff
1028+
// and generate a log for a failed login
1029+
aReq.New = database.APIKey{UserID: uuid.New()}
10231030
return
10241031
}
10251032

1033+
aReq.UserId = user.ID
1034+
10261035
// If the user doesn't exist, it will be a default struct.
10271036
equal, err := userpassword.Compare(string(user.HashedPassword), loginWithPassword.Password)
10281037
if err != nil {
10291038
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
10301039
Message: "Internal error.",
10311040
})
1041+
// We pass a disposable user ID just to force an audit diff
1042+
// and generate a log for a failed login
1043+
aReq.New = database.APIKey{UserID: uuid.New()}
10321044
return
10331045
}
10341046
if !equal {
@@ -1037,13 +1049,19 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
10371049
httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
10381050
Message: "Incorrect email or password.",
10391051
})
1052+
// We pass a disposable user ID just to force an audit diff
1053+
// and generate a log for a failed login
1054+
aReq.New = database.APIKey{UserID: uuid.New()}
10401055
return
10411056
}
10421057

10431058
if user.LoginType != database.LoginTypePassword {
10441059
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
10451060
Message: fmt.Sprintf("Incorrect login type, attempting to use %q but user is of login type %q", database.LoginTypePassword, user.LoginType),
10461061
})
1062+
// We pass a disposable user ID just to force an audit diff
1063+
// and generate a log for a failed login
1064+
aReq.New = database.APIKey{UserID: uuid.New()}
10471065
return
10481066
}
10491067

@@ -1052,6 +1070,9 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
10521070
httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
10531071
Message: "Your account is suspended. Contact an admin to reactivate your account.",
10541072
})
1073+
// We pass a disposable user ID just to force an audit diff
1074+
// and generate a log for a failed login
1075+
aReq.New = database.APIKey{UserID: uuid.New()}
10551076
return
10561077
}
10571078

@@ -1065,10 +1086,12 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
10651086
Message: "Failed to create API key.",
10661087
Detail: err.Error(),
10671088
})
1089+
// We pass a disposable user ID just to force an audit diff
1090+
// and generate a log for a failed login
1091+
aReq.New = database.APIKey{UserID: uuid.New()}
10681092
return
10691093
}
10701094

1071-
// key := httpmw.APIKey(r)
10721095
aReq.New = *key
10731096

10741097
http.SetCookie(rw, cookie)

0 commit comments

Comments
 (0)