Skip to content

Commit ca1241b

Browse files
EmyrkEmyrk
committed
audit log should not be dropped when there is no change
1 parent 1b6036d commit ca1241b

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

enterprise/coderd/scim_test.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -367,6 +367,9 @@ func TestScim(t *testing.T) {
367367
assert.Equal(t, codersdk.UserStatusSuspended, userRes.Users[0].Status)
368368
})
369369

370+
// Create a user via SCIM, which starts as dormant.
371+
// Log in as the user, making them active.
372+
// Then patch the user again and the user should still be active.
370373
t.Run("ActiveIsActive", func(t *testing.T) {
371374
t.Parallel()
372375

@@ -375,9 +378,11 @@ func TestScim(t *testing.T) {
375378

376379
scimAPIKey := []byte("hi")
377380

381+
mockAudit := audit.NewMock()
378382
fake := oidctest.NewFakeIDP(t, oidctest.WithServing())
379383
client, _ := coderdenttest.New(t, &coderdenttest.Options{
380384
Options: &coderdtest.Options{
385+
Auditor: mockAudit,
381386
OIDCConfig: fake.OIDCConfig(t, []string{}),
382387
},
383388
SCIMAPIKey: scimAPIKey,
@@ -390,7 +395,9 @@ func TestScim(t *testing.T) {
390395
},
391396
},
392397
})
398+
mockAudit.ResetLogs()
393399

400+
// User is dormant on create
394401
sUser := makeScimUser(t)
395402
res, err := client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey))
396403
require.NoError(t, err)
@@ -400,10 +407,17 @@ func TestScim(t *testing.T) {
400407
err = json.NewDecoder(res.Body).Decode(&sUser)
401408
require.NoError(t, err)
402409

410+
// Check the audit log
411+
aLogs := mockAudit.AuditLogs()
412+
require.Len(t, aLogs, 1)
413+
assert.Equal(t, database.AuditActionCreate, aLogs[0].Action)
414+
415+
// Verify the user is dormant
403416
scimUser, err := client.User(ctx, sUser.UserName)
404417
require.NoError(t, err)
405418
require.Equal(t, codersdk.UserStatusDormant, scimUser.Status, "user starts as dormant")
406419

420+
// Log in as the user, making them active
407421
//nolint:bodyclose
408422
scimUserClient, _ := fake.Login(t, client, jwt.MapClaims{
409423
"email": sUser.Emails[0].Value,
@@ -413,12 +427,18 @@ func TestScim(t *testing.T) {
413427
require.Equal(t, codersdk.UserStatusActive, scimUser.Status, "user should now be active")
414428

415429
// Patch the user
430+
mockAudit.ResetLogs()
416431
res, err = client.Request(ctx, "PATCH", "/scim/v2/Users/"+sUser.ID, sUser, setScimAuth(scimAPIKey))
417432
require.NoError(t, err)
418433
_, _ = io.Copy(io.Discard, res.Body)
419434
_ = res.Body.Close()
420435
assert.Equal(t, http.StatusOK, res.StatusCode)
421436

437+
// Should be no audit logs since there is no diff
438+
aLogs = mockAudit.AuditLogs()
439+
require.Len(t, aLogs, 0)
440+
441+
// Verify the user is still active.
422442
scimUser, err = client.User(ctx, sUser.UserName)
423443
require.NoError(t, err)
424444
require.Equal(t, codersdk.UserStatusActive, scimUser.Status, "user is still active")

0 commit comments

Comments
 (0)