dumplingmiku/ubicloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
shikhar/pg-configs-ui
ubicloud/routes/account.rb
Jeremy Evans 8cada58820 Add audit logging to all route actions 
Audit logging is designed to be simple to use.  You call the audit_log
method with the object affected and the action taken on it:

```ruby
audit_log(vm, "create")
```

If additional objects are affected by the same action, then you can
include them in the third argument:

```ruby
audit_log(ps, "connect", subnet)
```

This implements an audit logging check similar to the recently
added authorization check.  All successful non-GET requests to the
application are checked for audit logging, and will fail in
non-frozen tests if an audit logging method is not called.

Currently, only create/destroy actions are logged.  Audit logging
in other cases is ignored.  However, this approach was necessary
to check that no cases that should result in audit logging were
missed. It also allows for easily flipping the switch to audit log
all route actions.
2025-05-13 06:38:49 +09:00

45 lines
1.5 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
class Clover
hash_branch("account") do |r|
r.web do
r.get true do
no_authorization_needed
r.redirect "/account/multifactor-manage"
end
r.on "login-method" do
r.get true do
no_authorization_needed
@identities = current_account.identities.to_h { [it.provider, it.uid] }
view "account/login_method"
end
r.post "disconnect" do
no_authorization_needed
no_audit_log
provider, uid = typecast_params.nonempty_str(["provider", "uid"])
identities = current_account.identities
unless identities.length > (rodauth.has_password? ? 0 : 1)
flash[:error] = "You must have at least one login method"
r.redirect "/account/login-method"
end
if provider == "password"
DB[:account_password_hashes].where(id: current_account.id).delete
DB[:account_previous_password_hashes].where(account_id: current_account.id).delete
flash[:notice] = "Your password has been deleted"
elsif (identity = identities.find { it.provider == provider && it.uid == uid })
identity.destroy
flash[:notice] = "Your account has been disconnected from #{provider.capitalize}"
else
flash[:error] = "Your account already has been disconnected from #{provider.capitalize}"
end
r.redirect "/account/login-method"
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink