coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 4 additions & 2 deletions b/‎coderd/apidoc/docs.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 12 additions & 2 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 12 additions & 2 deletions
diff --git a/‎coderd/audit.go
Lines changed: 2 additions & 2 deletions b/‎coderd/audit.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎coderd/audit/request.go
Lines changed: 10 additions & 1 deletion b/‎coderd/audit/request.go
Lines changed: 10 additions & 1 deletion
diff --git a/‎coderd/database/dump.sql
Lines changed: 2 additions & 1 deletion b/‎coderd/database/dump.sql
Lines changed: 2 additions & 1 deletion
diff --git a/‎coderd/database/migrations/000117_add_audit_action_register.down.sql
Lines changed: 2 additions & 0 deletions b/‎coderd/database/migrations/000117_add_audit_action_register.down.sql
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000117_add_audit_action_register.up.sql
Lines changed: 2 additions & 0 deletions b/‎coderd/database/migrations/000117_add_audit_action_register.up.sql
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 11 additions & 8 deletions b/‎coderd/database/models.go
Lines changed: 11 additions & 8 deletions
diff --git a/‎coderd/userauth.go
Lines changed: 12 additions & 0 deletions b/‎coderd/userauth.go
Lines changed: 12 additions & 0 deletions
diff --git a/‎coderd/userauth_test.go
Lines changed: 8 additions & 8 deletions b/‎coderd/userauth_test.go
Lines changed: 8 additions & 8 deletions
diff --git a/‎codersdk/audit.go
Lines changed: 10 additions & 7 deletions b/‎codersdk/audit.go
Lines changed: 10 additions & 7 deletions
@@ -247,9 +247,9 @@ func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
 	)
 
 	// API Key resources (used for authentication) do not have targets and follow the below format:
-	// "User {logged in | logged out}"
+	// "User {logged in | logged out | registered}"
 	if alog.ResourceType == database.ResourceTypeApiKey &&
-		(alog.Action == database.AuditActionLogin || alog.Action == database.AuditActionLogout) {
+		(alog.Action == database.AuditActionLogin || alog.Action == database.AuditActionLogout || alog.Action == database.AuditActionRegister) {
 		return str
 	}
 
 
@@ -36,6 +36,10 @@ type Request[T Auditable] struct {
 	// This optional field can be passed in when the userID cannot be determined from the API Key
 	// such as in the case of login, when the audit log is created prior the API Key's existence.
 	UserID uuid.UUID
+
+	// This optional field can be passed in if the AuditAction must be overridden
+	// such as in the case of new user authentication when the Audit Action is 'register', not 'login'.
+	Action database.AuditAction
 }
 
 type BuildAuditParams[T Auditable] struct {
@@ -198,6 +202,11 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			return
 		}
 
+		action := p.Action
+		if req.Action != "" {
+			action = req.Action
+		}
+
 		ip := parseIP(p.Request.RemoteAddr)
 		auditLog := database.AuditLog{
 			ID:               uuid.New(),
@@ -208,7 +217,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			ResourceType:     either(req.Old, req.New, ResourceType[T], req.params.Action),
 			ResourceID:       either(req.Old, req.New, ResourceID[T], req.params.Action),
 			ResourceTarget:   either(req.Old, req.New, ResourceTarget[T], req.params.Action),
-			Action:           p.Action,
+			Action:           action,
 			Diff:             diffRaw,
 			StatusCode:       int32(sw.Status),
 			RequestID:        httpmw.RequestID(p.Request),
 
@@ -0,0 +1,2 @@
+-- It's not possible to drop enum values from enum types, so the UP has "IF NOT
+-- EXISTS".
@@ -0,0 +1,2 @@
+ALTER TYPE audit_action
+  ADD VALUE IF NOT EXISTS 'register';
@@ -395,6 +395,12 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// If a new user is authenticating for the first time
+	// the audit action is 'register', not 'login'
+	if user.ID == uuid.Nil {
+		aReq.Action = database.AuditActionRegister
+	}
+
 	cookie, key, err := api.oauthLogin(r, oauthLoginParams{
 		User:         user,
 		Link:         link,
@@ -712,6 +718,12 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// If a new user is authenticating for the first time
+	// the audit action is 'register', not 'login'
+	if user.ID == uuid.Nil {
+		aReq.Action = database.AuditActionRegister
+	}
+
 	cookie, key, err := api.oauthLogin(r, oauthLoginParams{
 		User:         user,
 		Link:         link,
 
@@ -261,7 +261,7 @@ func TestUserOAuth2Github(t *testing.T) {
 
 		require.Len(t, auditor.AuditLogs(), numLogs)
 		require.NotEqual(t, auditor.AuditLogs()[numLogs-1].UserID, uuid.Nil)
-		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 	})
 	t.Run("SignupAllowedTeam", func(t *testing.T) {
 		t.Parallel()
@@ -305,7 +305,7 @@ func TestUserOAuth2Github(t *testing.T) {
 
 		require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
 		require.Len(t, auditor.AuditLogs(), numLogs)
-		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 	})
 	t.Run("SignupAllowedTeamInFirstOrganization", func(t *testing.T) {
 		t.Parallel()
@@ -357,7 +357,7 @@ func TestUserOAuth2Github(t *testing.T) {
 
 		require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
 		require.Len(t, auditor.AuditLogs(), numLogs)
-		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 	})
 	t.Run("SignupAllowedTeamInSecondOrganization", func(t *testing.T) {
 		t.Parallel()
@@ -409,7 +409,7 @@ func TestUserOAuth2Github(t *testing.T) {
 
 		require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
 		require.Len(t, auditor.AuditLogs(), numLogs)
-		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 	})
 	t.Run("SignupAllowEveryone", func(t *testing.T) {
 		t.Parallel()
@@ -447,7 +447,7 @@ func TestUserOAuth2Github(t *testing.T) {
 
 		require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
 		require.Len(t, auditor.AuditLogs(), numLogs)
-		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 	})
 	t.Run("SignupFailedInactiveInOrg", func(t *testing.T) {
 		t.Parallel()
@@ -721,7 +721,7 @@ func TestUserOIDC(t *testing.T) {
 
 				require.Len(t, auditor.AuditLogs(), numLogs)
 				require.NotEqual(t, auditor.AuditLogs()[numLogs-1].UserID, uuid.Nil)
-				require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+				require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 			}
 
 			if tc.AvatarURL != "" {
@@ -731,7 +731,7 @@ func TestUserOIDC(t *testing.T) {
 				require.Equal(t, tc.AvatarURL, user.AvatarURL)
 
 				require.Len(t, auditor.AuditLogs(), numLogs)
-				require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+				require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 			}
 		})
 	}
@@ -782,7 +782,7 @@ func TestUserOIDC(t *testing.T) {
 		require.True(t, strings.HasPrefix(user.Username, "jon-"), "username %q should have prefix %q", user.Username, "jon-")
 
 		require.Len(t, auditor.AuditLogs(), numLogs)
-		require.Equal(t, database.AuditActionLogin, auditor.AuditLogs()[numLogs-1].Action)
+		require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
 	})
 
 	t.Run("Disabled", func(t *testing.T) {
 
@@ -55,13 +55,14 @@ func (r ResourceType) FriendlyString() string {
 type AuditAction string
 
 const (
-	AuditActionCreate AuditAction = "create"
-	AuditActionWrite  AuditAction = "write"
-	AuditActionDelete AuditAction = "delete"
-	AuditActionStart  AuditAction = "start"
-	AuditActionStop   AuditAction = "stop"
-	AuditActionLogin  AuditAction = "login"
-	AuditActionLogout AuditAction = "logout"
+	AuditActionCreate   AuditAction = "create"
+	AuditActionWrite    AuditAction = "write"
+	AuditActionDelete   AuditAction = "delete"
+	AuditActionStart    AuditAction = "start"
+	AuditActionStop     AuditAction = "stop"
+	AuditActionLogin    AuditAction = "login"
+	AuditActionLogout   AuditAction = "logout"
+	AuditActionRegister AuditAction = "register"
 )
 
 func (a AuditAction) Friendly() string {
@@ -80,6 +81,8 @@ func (a AuditAction) Friendly() string {
 		return "logged in"
 	case AuditActionLogout:
 		return "logged out"
+	case AuditActionRegister:
+		return "registered"
 	default:
 		return "unknown"
 	}
Original file line number	Diff line number	Diff line change
`@@ -247,9 +247,9 @@ func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {`
`247`	`247`	`)`
`248`	`248`
`249`	`249`	`// API Key resources (used for authentication) do not have targets and follow the below format:`
`250`		`- // "User {logged in \| logged out}"`
	`250`	`+ // "User {logged in \| logged out \| registered}"`
`251`	`251`	`if alog.ResourceType == database.ResourceTypeApiKey &&`
`252`		`- (alog.Action == database.AuditActionLogin \|\| alog.Action == database.AuditActionLogout) {`
	`252`	`+ (alog.Action == database.AuditActionLogin \|\| alog.Action == database.AuditActionLogout \|\| alog.Action == database.AuditActionRegister) {`
`253`	`253`	`return str`
`254`	`254`	`}`
`255`	`255`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+-- It's not possible to drop enum values from enum types, so the UP has "IF NOT`
	`2`	`+-- EXISTS".`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ALTER TYPE audit_action`
	`2`	`+ ADD VALUE IF NOT EXISTS 'register';`