Start porting Admin audit to new events

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
nextcloud · Apr 19, 2022 · d997c8b · d997c8b
1 parent 0824f44
commit d997c8b
Show file tree

Hide file tree

Showing 9 changed files with 245 additions and 106 deletions.
diff --git a/apps/admin_audit/lib/Actions/Auth.php b/apps/admin_audit/lib/Actions/Auth.php
@@ -27,12 +27,32 @@
  */
 namespace OCA\AdminAudit\Actions;
 
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\User\Events\BeforeUserLoggedInEvent;
+use OCP\User\Events\UserLoggedInEvent;
+use OCP\User\Events\UserLoggedOutEvent;
+
 /**
  * Class Auth logs all auth related actions
  *
  * @package OCA\AdminAudit\Actions
  */
-class Auth extends Action {
+class Auth extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if ($event instanceof BeforeUserLoggedInEvent) {
+			$this->loginAttempt(['uid' => $event->getUsername()]);
+		}
+
+		if ($event instanceof UserLoggedInEvent) {
+			$this->loginAttempt(['uid' => $event->getUsername()]);
+		}
+
+		if ($event instanceof UserLoggedOutEvent) {
+			$this->logout($event->getUser()->getUID());
+		}
+	}
+
 	public function loginAttempt(array $params): void {
 		$this->log(
 			'Login attempt: "%s"',
@@ -55,11 +75,12 @@ public function loginSuccessful(array $params): void {
 		);
 	}
 
-	public function logout(array $params): void {
+	public function logout(string $userId): void {
 		$this->log(
-			'Logout occurred',
-			[],
-			[]
+			'Logout occurred for "%s"',
+			['uid' => $userId],
+			['uid'],
+			true
 		);
 	}
 }
diff --git a/apps/admin_audit/lib/Actions/GroupManagement.php b/apps/admin_audit/lib/Actions/GroupManagement.php
@@ -29,6 +29,12 @@
  */
 namespace OCA\AdminAudit\Actions;
 
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Group\Events\GroupCreatedEvent;
+use OCP\Group\Events\GroupDeletedEvent;
+use OCP\Group\Events\UserAddedEvent;
+use OCP\Group\Events\UserRemovedEvent;
 use OCP\IGroup;
 use OCP\IUser;
 
@@ -37,13 +43,27 @@
  *
  * @package OCA\AdminAudit\Actions
  */
-class GroupManagement extends Action {
+class GroupManagement extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if ($event instanceof UserAddedEvent) {
+			$this->addUser($event->getGroup(), $event->getUser());
+		}
+
+		if ($event instanceof UserRemovedEvent) {
+			$this->addUser($event->getGroup(), $event->getUser());
+		}
+
+		if ($event instanceof GroupCreatedEvent) {
+			$this->createGroup($event->getGroup());
+		}
+
+		if ($event instanceof GroupDeletedEvent) {
+			$this->deleteGroup($event->getGroup());
+		}
+	}
 
 	/**
-	 * log add user to group event
-	 *
-	 * @param IGroup $group
-	 * @param IUser $user
+	 * Log add user to group event
 	 */
 	public function addUser(IGroup $group, IUser $user): void {
 		$this->log('User "%s" added to group "%s"',
@@ -58,10 +78,7 @@ public function addUser(IGroup $group, IUser $user): void {
 	}
 
 	/**
-	 * log remove user from group event
-	 *
-	 * @param IGroup $group
-	 * @param IUser $user
+	 * Log remove user from group event
 	 */
 	public function removeUser(IGroup $group, IUser $user): void {
 		$this->log('User "%s" removed from group "%s"',
@@ -76,9 +93,7 @@ public function removeUser(IGroup $group, IUser $user): void {
 	}
 
 	/**
-	 * log create group to group event
-	 *
-	 * @param IGroup $group
+	 * Log create group to group event
 	 */
 	public function createGroup(IGroup $group): void {
 		$this->log('Group created: "%s"',
@@ -92,9 +107,7 @@ public function createGroup(IGroup $group): void {
 	}
 
 	/**
-	 * log delete group to group event
-	 *
-	 * @param IGroup $group
+	 * Log delete group to group event
 	 */
 	public function deleteGroup(IGroup $group): void {
 		$this->log('Group deleted: "%s"',

diff --git a/apps/admin_audit/lib/Actions/UserManagement.php b/apps/admin_audit/lib/Actions/UserManagement.php
@@ -12,6 +12,7 @@
  * @author John Molakvoæ <skjnldsv@protonmail.com>
  * @author Lukas Reschke <lukas@statuscode.ch>
  * @author Roeland Jago Douma <roeland@famdouma.nl>
+ * @author Carl Schwan <carl@carlschwan.eu>
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -31,23 +32,57 @@
  */
 namespace OCA\AdminAudit\Actions;
 
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
 use OCP\IUser;
+use OCP\User\Events\PasswordUpdatedEvent;
+use OCP\User\Events\UserChangedEvent;
+use OCP\User\Events\UserCreatedEvent;
+use OCP\User\Events\UserDeletedEvent;
+use OCP\User\Events\UserIdAssignedEvent;
+use OCP\User\Events\UserIdUnAssignedEvent;
 
 /**
  * Class UserManagement logs all user management related actions.
  *
  * @package OCA\AdminAudit\Actions
  */
-class UserManagement extends Action {
+class UserManagement extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if ($event instanceof UserCreatedEvent) {
+			$this->create($event->getUser()->getUID());
+		}
+
+		if ($event instanceof UserDeletedEvent) {
+			$this->delete($event->getUser()->getUID());
+		}
+
+		if ($event instanceof UserChangedEvent) {
+			$this->change($event);
+		}
+
+		if ($event instanceof UserIdAssignedEvent) {
+			$this->assign($event->getName());
+		}
+
+		if ($event instanceof UserIdUnassignedEvent) {
+			$this->assign($event->getName());
+		}
+
+		if ($event instanceof PasswordUpdatedEvent) {
+			$this->setPassword($event->getUser());
+		}
+	}
+
 	/**
 	 * Log creation of users
 	 *
 	 * @param array $params
 	 */
-	public function create(array $params): void {
+	public function create(string $userId): void {
 		$this->log(
 			'User created: "%s"',
-			$params,
+			['uid' => $userId],
 			[
 				'uid',
 			]
@@ -56,26 +91,22 @@ public function create(array $params): void {
 
 	/**
 	 * Log assignments of users (typically user backends)
-	 *
-	 * @param string $uid
 	 */
-	public function assign(string $uid): void {
+	public function assign(string $userId): void {
 		$this->log(
 		'UserID assigned: "%s"',
-			[ 'uid' => $uid ],
+			[ 'uid' => $userId ],
 			[ 'uid' ]
 		);
 	}
 
 	/**
 	 * Log deletion of users
-	 *
-	 * @param array $params
 	 */
-	public function delete(array $params): void {
+	public function delete(string $userId): void {
 		$this->log(
 			'User deleted: "%s"',
-			$params,
+			['uid' => $userId],
 			[
 				'uid',
 			]
@@ -100,14 +131,14 @@ public function unassign(string $uid): void {
 	 *
 	 * @param array $params
 	 */
-	public function change(array $params): void {
-		switch ($params['feature']) {
+	public function change(UserChangedEvent $changedEvent): void {
+		switch ($changedEvent->getFeature()) {
 			case 'enabled':
 				$this->log(
-					$params['value'] === true
+					$changedEvent->getValue() === true
 						? 'User enabled: "%s"'
 						: 'User disabled: "%s"',
-					['user' => $params['user']->getUID()],
+					['user' => $changedEvent->getUser()->getUID()],
 					[
 						'user',
 					]
@@ -116,7 +147,7 @@ public function change(array $params): void {
 			case 'eMailAddress':
 				$this->log(
 					'Email address changed for user %s',
-					['user' => $params['user']->getUID()],
+					['user' => $changedEvent->getUser()->getUID()],
 					[
 						'user',
 					]

diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
@@ -58,6 +58,10 @@
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Console\ConsoleEvent;
+use OCP\Group\Events\GroupCreatedEvent;
+use OCP\Group\Events\GroupDeletedEvent;
+use OCP\Group\Events\UserAddedEvent;
+use OCP\Group\Events\UserRemovedEvent;
 use OCP\IConfig;
 use OCP\IGroupManager;
 use OCP\IPreview;
@@ -66,6 +70,15 @@
 use OCP\Log\Audit\CriticalActionPerformedEvent;
 use OCP\Log\ILogFactory;
 use OCP\Share;
+use OCP\User\Events\BeforeUserLoggedInEvent;
+use OCP\User\Events\UserIdAssignedEvent;
+use OCP\User\Events\PasswordUpdatedEvent;
+use OCP\User\Events\UserChangedEvent;
+use OCP\User\Events\UserCreatedEvent;
+use OCP\User\Events\UserDeletedEvent;
+use OCP\User\Events\UserIdUnAssignedEvent;
+use OCP\User\Events\UserLoggedInEvent;
+use OCP\User\Events\UserLoggedOutEvent;
 use OCP\Util;
 use Psr\Container\ContainerInterface;
 use Psr\Log\LoggerInterface;
@@ -87,6 +100,26 @@ public function register(IRegistrationContext $context): void {
 		});
 
 		$context->registerEventListener(CriticalActionPerformedEvent::class, CriticalActionPerformedEventListener::class);
+
+		// User management
+		$context->registerEventListener(UserCreatedEvent::class, UserManagement::class);
+		$context->registerEventListener(UserDeletedEvent::class, UserManagement::class);
+		$context->registerEventListener(UserChangedEvent::class, UserManagement::class);
+		$context->registerEventListener(PasswordUpdatedEvent::class, UserManagement::class);
+		$context->registerEventListener(UserIdAssignedEvent::class, UserManagement::class);
+		$context->registerEventListener(UserIdUnAssignedEvent::class, UserManagement::class);
+
+		// Group management
+		$context->registerEventListener(GroupCreatedEvent::class, GroupManagement::class);
+		$context->registerEventListener(GroupDeletedEvent::class, GroupManagement::class);
+		$context->registerEventListener(UserAddedEvent::class, GroupManagement::class);
+		$context->registerEventListener(UserRemovedEvent::class, GroupManagement::class);
+
+		// Authentication management
+		$context->registerEventListener(UserLoggedInEvent::class, Auth::class);
+		$context->registerEventListener(BeforeUserLoggedInEvent::class, Auth::class);
+		$context->registerEventListener(UserLoggedOutEvent::class, Auth::class);
+
 	}
 
 	public function boot(IBootContext $context): void {
@@ -105,10 +138,6 @@ public function boot(IBootContext $context): void {
 	 */
 	private function registerHooks(IAuditLogger $logger,
 									 IServerContainer $serverContainer): void {
-		$this->userManagementHooks($logger, $serverContainer->get(IUserSession::class));
-		$this->groupHooks($logger, $serverContainer->get(IGroupManager::class));
-		$this->authHooks($logger);
-
 		/** @var EventDispatcherInterface $eventDispatcher */
 		$eventDispatcher = $serverContainer->get(EventDispatcherInterface::class);
 		$this->consoleHooks($logger, $eventDispatcher);
@@ -123,31 +152,6 @@ private function registerHooks(IAuditLogger $logger,
 		$this->securityHooks($logger, $eventDispatcher);
 	}
 
-	private function userManagementHooks(IAuditLogger $logger,
-										 IUserSession $userSession): void {
-		$userActions = new UserManagement($logger);
-
-		Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
-		Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
-		Util::connectHook('OC_User', 'changeUser', $userActions, 'change');
-
-		assert($userSession instanceof UserSession);
-		$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
-		$userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']);
-		$userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']);
-	}
-
-	private function groupHooks(IAuditLogger $logger,
-								IGroupManager $groupManager): void {
-		$groupActions = new GroupManagement($logger);
-
-		assert($groupManager instanceof GroupManager);
-		$groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
-		$groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
-		$groupManager->listen('\OC\Group', 'postDelete', [$groupActions, 'deleteGroup']);
-		$groupManager->listen('\OC\Group', 'postCreate', [$groupActions, 'createGroup']);
-	}
-
 	private function sharingHooks(IAuditLogger $logger): void {
 		$shareActions = new Sharing($logger);
 
@@ -160,14 +164,6 @@ private function sharingHooks(IAuditLogger $logger): void {
 		Util::connectHook(Share::class, 'share_link_access', $shareActions, 'shareAccessed');
 	}
 
-	private function authHooks(IAuditLogger $logger): void {
-		$authActions = new Auth($logger);
-
-		Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
-		Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
-		Util::connectHook('OC_User', 'logout', $authActions, 'logout');
-	}
-
 	private function appHooks(IAuditLogger $logger,
 							  EventDispatcherInterface $eventDispatcher): void {
 		$eventDispatcher->addListener(ManagerEvent::EVENT_APP_ENABLE, function (ManagerEvent $event) use ($logger) {

diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php
@@ -25,6 +25,9 @@
  */
 use OCA\User_LDAP\Mapping\UserMapping;
 use OCA\User_LDAP\Mapping\GroupMapping;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\User\Events\BeforeUserIdUnAssignedEvent;
+use OCP\User\Events\UserIdUnAssignedEvent;
 
 // Check user and app status
 \OC_JSON::checkAdminUser();
@@ -36,11 +39,15 @@
 try {
 	if ($subject === 'user') {
 		$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+		/** @var IEventDispatcher $dispatcher */
+		$dispatcher = \OC::$server->get(IEventDispatcher::class);
 		$result = $mapping->clearCb(
-			function ($uid) {
+			function ($uid) use ($dispatcher) {
+				$dispatcher->dispatchTyped(new BeforeUserIdUnAssignedEvent($uid));
 				\OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
 			},
-			function ($uid) {
+			function ($uid) use ($dispatcher) {
+				$dispatcher->dispatchTyped(new UserIdUnAssignedEvent($uid));
 				\OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
 			}
 		);