From aaa62a40ae86862b6ce6802807492b7b019df3f2 Mon Sep 17 00:00:00 2001 From: David Krauser Date: Wed, 25 Jun 2025 20:37:32 -0400 Subject: [PATCH] [MM-64686] Expose audit logging functionality via plugin API (#31204) This commit exposes audit logging functionality to plugins via the plugin API, allowing plugins to create and log audit records. Additionally, it addresses a gob encoding issue that could cause plugin crashes when audit data contains nil pointers or unregistered types. --- server/channels/api4/access_control.go | 27 ++- server/channels/api4/audit_logging.go | 7 +- server/channels/api4/bleve.go | 3 +- server/channels/api4/bot.go | 31 ++- server/channels/api4/brand.go | 5 +- server/channels/api4/channel.go | 97 ++++---- server/channels/api4/channel_bookmark.go | 17 +- server/channels/api4/channel_category.go | 11 +- server/channels/api4/channel_local.go | 43 ++-- server/channels/api4/command.go | 31 ++- server/channels/api4/command_local.go | 5 +- server/channels/api4/compliance.go | 15 +- server/channels/api4/config.go | 11 +- server/channels/api4/config_local.go | 11 +- .../api4/custom_profile_attributes.go | 17 +- server/channels/api4/data_retention.go | 37 ++- server/channels/api4/elasticsearch.go | 3 +- server/channels/api4/emoji.go | 7 +- server/channels/api4/export.go | 9 +- server/channels/api4/file.go | 41 ++-- server/channels/api4/group.go | 53 +++-- server/channels/api4/import.go | 3 +- server/channels/api4/ip_filtering.go | 5 +- server/channels/api4/job.go | 13 +- server/channels/api4/ldap.go | 31 ++- server/channels/api4/license.go | 9 +- server/channels/api4/license_local.go | 7 +- server/channels/api4/oauth.go | 19 +- .../api4/outgoing_oauth_connection.go | 17 +- server/channels/api4/plugin.go | 29 ++- server/channels/api4/post.go | 45 ++-- server/channels/api4/post_local.go | 8 +- server/channels/api4/preference.go | 5 +- server/channels/api4/remote_cluster.go | 49 ++-- server/channels/api4/role.go | 5 +- server/channels/api4/saml.go | 19 +- server/channels/api4/scheduled_post.go | 13 +- server/channels/api4/scheme.go | 15 +- server/channels/api4/shared_channel.go | 15 +- server/channels/api4/system.go | 43 ++-- server/channels/api4/system_local.go | 3 +- server/channels/api4/team.go | 105 +++++---- server/channels/api4/team_local.go | 15 +- server/channels/api4/terms_of_service.go | 3 +- server/channels/api4/upload.go | 9 +- server/channels/api4/user.go | 215 +++++++++--------- server/channels/api4/user_local.go | 7 +- server/channels/api4/webhook.go | 39 ++-- server/channels/api4/webhook_local.go | 11 +- server/channels/app/audit.go | 16 +- server/channels/app/plugin_api.go | 15 ++ server/channels/app/session.go | 3 +- server/channels/audit/audit.go | 17 +- server/channels/audit/audit_test.go | 6 +- server/channels/audit/const.go | 26 --- server/channels/web/context.go | 17 +- server/channels/web/oauth.go | 19 +- server/channels/web/saml.go | 3 +- server/cmd/mattermost/commands/export.go | 5 +- server/cmd/mattermost/commands/import.go | 5 +- server/cmd/mattermost/commands/jobserver.go | 4 +- .../model/audit_record.go} | 88 ++++--- server/public/plugin/api.go | 13 ++ .../plugin/api_timer_layer_generated.go | 13 ++ server/public/plugin/audit.go | 70 ++++++ server/public/plugin/client_rpc.go | 56 +++++ .../public/plugin/interface_generator/main.go | 2 + server/public/plugin/plugintest/api.go | 12 + 68 files changed, 878 insertions(+), 750 deletions(-) delete mode 100644 server/channels/audit/const.go rename server/{channels/audit/record.go => public/model/audit_record.go} (54%) create mode 100644 server/public/plugin/audit.go diff --git a/server/channels/api4/access_control.go b/server/channels/api4/access_control.go index 6a7c391a0e7..336d0226604 100644 --- a/server/channels/api4/access_control.go +++ b/server/channels/api4/access_control.go @@ -11,7 +11,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitAccessControlPolicy() { @@ -42,9 +41,9 @@ func createAccessControlPolicy(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("createAccessControlPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("createAccessControlPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "requested", &policy) + model.AddEventParameterAuditableToAuditRec(auditRec, "requested", &policy) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { c.SetPermissionError(model.PermissionManageSystem) @@ -113,9 +112,9 @@ func deleteAccessControlPolicy(c *Context, w http.ResponseWriter, r *http.Reques } policyID := c.Params.PolicyId - auditRec := c.MakeAuditRecord("deleteAccessControlPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("deleteAccessControlPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", policyID) + model.AddEventParameterToAuditRec(auditRec, "id", policyID) appErr := c.App.DeleteAccessControlPolicy(c.AppContext, policyID) if appErr != nil { @@ -246,9 +245,9 @@ func updateActiveStatus(c *Context, w http.ResponseWriter, r *http.Request) { policyID := c.Params.PolicyId - auditRec := c.MakeAuditRecord("updateActiveStatus", audit.Fail) + auditRec := c.MakeAuditRecord("updateActiveStatus", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", policyID) + model.AddEventParameterToAuditRec(auditRec, "id", policyID) active := r.URL.Query().Get("active") if active != "true" && active != "false" { @@ -260,7 +259,7 @@ func updateActiveStatus(c *Context, w http.ResponseWriter, r *http.Request) { c.SetInvalidParamWithErr("active", err) return } - audit.AddEventParameter(auditRec, "active", activeBool) + model.AddEventParameterToAuditRec(auditRec, "active", activeBool) appErr := c.App.UpdateAccessControlPolicyActive(c.AppContext, policyID, activeBool) if appErr != nil { @@ -293,10 +292,10 @@ func assignAccessPolicy(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("assignAccessPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("assignAccessPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", policyID) - audit.AddEventParameter(auditRec, "channel_ids", assignments.ChannelIds) + model.AddEventParameterToAuditRec(auditRec, "id", policyID) + model.AddEventParameterToAuditRec(auditRec, "channel_ids", assignments.ChannelIds) if len(assignments.ChannelIds) != 0 { _, appErr := c.App.AssignAccessControlPolicyToChannels(c.AppContext, policyID, assignments.ChannelIds) @@ -325,10 +324,10 @@ func unassignAccessPolicy(c *Context, w http.ResponseWriter, r *http.Request) { ChannelIds []string `json:"channel_ids"` } - auditRec := c.MakeAuditRecord("unassignAccessPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("unassignAccessPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", policyID) - audit.AddEventParameter(auditRec, "channel_ids", assignments.ChannelIds) + model.AddEventParameterToAuditRec(auditRec, "id", policyID) + model.AddEventParameterToAuditRec(auditRec, "channel_ids", assignments.ChannelIds) err := json.NewDecoder(r.Body).Decode(&assignments) if err != nil { diff --git a/server/channels/api4/audit_logging.go b/server/channels/api4/audit_logging.go index e86c972361a..9272aad2e50 100644 --- a/server/channels/api4/audit_logging.go +++ b/server/channels/api4/audit_logging.go @@ -8,7 +8,6 @@ import ( "net/http" "github.com/mattermost/mattermost/server/public/model" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitAuditLogging() { @@ -50,9 +49,9 @@ func addAuditLogCertificate(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("addAuditLogCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("addAuditLogCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) if err := c.App.AddAuditLogCertificate(c.AppContext, fileData); err != nil { c.Err = err @@ -71,7 +70,7 @@ func removeAuditLogCertificate(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("removeAuditLogCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("removeAuditLogCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RemoveAuditLogCertificate(c.AppContext); err != nil { diff --git a/server/channels/api4/bleve.go b/server/channels/api4/bleve.go index 88c6e01dc6e..34d223f27af 100644 --- a/server/channels/api4/bleve.go +++ b/server/channels/api4/bleve.go @@ -7,7 +7,6 @@ import ( "net/http" "github.com/mattermost/mattermost/server/public/model" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitBleve() { @@ -15,7 +14,7 @@ func (api *API) InitBleve() { } func purgeBleveIndexes(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("purgeBleveIndexes", audit.Fail) + auditRec := c.MakeAuditRecord("purgeBleveIndexes", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionPurgeBleveIndexes) { diff --git a/server/channels/api4/bot.go b/server/channels/api4/bot.go index d686881547d..e111ff402aa 100644 --- a/server/channels/api4/bot.go +++ b/server/channels/api4/bot.go @@ -10,7 +10,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitBot() { @@ -37,9 +36,9 @@ func createBot(c *Context, w http.ResponseWriter, r *http.Request) { } bot.Patch(botPatch) - auditRec := c.MakeAuditRecord("createBot", audit.Fail) + auditRec := c.MakeAuditRecord("createBot", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "bot", bot) + model.AddEventParameterAuditableToAuditRec(auditRec, "bot", bot) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateBot) { c.SetPermissionError(model.PermissionCreateBot) @@ -88,10 +87,10 @@ func patchBot(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchBot", audit.Fail) + auditRec := c.MakeAuditRecord("patchBot", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", botUserId) - audit.AddEventParameterAuditable(auditRec, "bot", botPatch) + model.AddEventParameterToAuditRec(auditRec, "id", botUserId) + model.AddEventParameterAuditableToAuditRec(auditRec, "bot", botPatch) if err := c.App.SessionHasPermissionToManageBot(c.AppContext, *c.AppContext.Session(), botUserId); err != nil { c.Err = err @@ -206,10 +205,10 @@ func updateBotActive(c *Context, w http.ResponseWriter, active bool) { } botUserId := c.Params.BotUserId - auditRec := c.MakeAuditRecord("updateBotActive", audit.Fail) + auditRec := c.MakeAuditRecord("updateBotActive", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", botUserId) - audit.AddEventParameter(auditRec, "enable", active) + model.AddEventParameterToAuditRec(auditRec, "id", botUserId) + model.AddEventParameterToAuditRec(auditRec, "enable", active) if err := c.App.SessionHasPermissionToManageBot(c.AppContext, *c.AppContext.Session(), botUserId); err != nil { c.Err = err @@ -240,10 +239,10 @@ func assignBot(c *Context, w http.ResponseWriter, _ *http.Request) { botUserId := c.Params.BotUserId userId := c.Params.UserId - auditRec := c.MakeAuditRecord("assignBot", audit.Fail) + auditRec := c.MakeAuditRecord("assignBot", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", botUserId) - audit.AddEventParameter(auditRec, "user_id", userId) + model.AddEventParameterToAuditRec(auditRec, "id", botUserId) + model.AddEventParameterToAuditRec(auditRec, "user_id", userId) if err := c.App.SessionHasPermissionToManageBot(c.AppContext, *c.AppContext.Session(), botUserId); err != nil { c.Err = err @@ -293,11 +292,11 @@ func convertBotToUser(c *Context, w http.ResponseWriter, r *http.Request) { systemAdmin, _ := strconv.ParseBool(r.URL.Query().Get("set_system_admin")) - auditRec := c.MakeAuditRecord("convertBotToUser", audit.Fail) + auditRec := c.MakeAuditRecord("convertBotToUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "bot", bot) - audit.AddEventParameterAuditable(auditRec, "user_patch", &userPatch) - audit.AddEventParameter(auditRec, "set_system_admin", systemAdmin) + model.AddEventParameterAuditableToAuditRec(auditRec, "bot", bot) + model.AddEventParameterAuditableToAuditRec(auditRec, "user_patch", &userPatch) + model.AddEventParameterToAuditRec(auditRec, "set_system_admin", systemAdmin) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { c.SetPermissionError(model.PermissionManageSystem) diff --git a/server/channels/api4/brand.go b/server/channels/api4/brand.go index 0d1ff1b23cc..c45e8f1f109 100644 --- a/server/channels/api4/brand.go +++ b/server/channels/api4/brand.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitBrand() { @@ -66,7 +65,7 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("uploadBrandImage", audit.Fail) + auditRec := c.MakeAuditRecord("uploadBrandImage", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionEditBrand) { @@ -87,7 +86,7 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) { } func deleteBrandImage(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("deleteBrandImage", audit.Fail) + auditRec := c.MakeAuditRecord("deleteBrandImage", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionEditBrand) { diff --git a/server/channels/api4/channel.go b/server/channels/api4/channel.go index 76dfe8a4f4f..f6bf2053dde 100644 --- a/server/channels/api4/channel.go +++ b/server/channels/api4/channel.go @@ -13,7 +13,6 @@ import ( "github.com/mattermost/mattermost/server/public/shared/i18n" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) const maxListSize = 1000 @@ -103,9 +102,9 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createChannel", audit.Fail) + auditRec := c.MakeAuditRecord("createChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "channel", channel) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) if channel.Type == model.ChannelTypeOpen && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionCreatePublicChannel) { c.SetPermissionError(model.PermissionCreatePublicChannel) @@ -153,8 +152,8 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateChannel", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "channel", channel) + auditRec := c.MakeAuditRecord("updateChannel", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) defer c.LogAuditRec(auditRec) originalOldChannel, appErr := c.App.GetChannel(c.AppContext, channel.Id) @@ -223,7 +222,7 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { if channel.Name != "" { oldChannel.Name = channel.Name - audit.AddEventParameter(auditRec, "new_channel_name", oldChannel.Name) + model.AddEventParameterToAuditRec(auditRec, "new_channel_name", oldChannel.Name) } if channel.GroupConstrained != nil { @@ -258,8 +257,8 @@ func updateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateChannelPrivacy", audit.Fail) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + auditRec := c.MakeAuditRecord("updateChannelPrivacy", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) defer c.LogAuditRec(auditRec) props := model.StringInterfaceFromJSON(r.Body) @@ -269,7 +268,7 @@ func updateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameter(auditRec, "privacy", privacy) + model.AddEventParameterToAuditRec(auditRec, "privacy", privacy) channel, err := c.App.GetChannel(c.AppContext, c.Params.ChannelId) if err != nil { @@ -337,9 +336,9 @@ func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { } oldChannel := originalOldChannel.DeepCopy() - auditRec := c.MakeAuditRecord("patchChannel", audit.Fail) + auditRec := c.MakeAuditRecord("patchChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "channel", patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", patch) auditRec.AddEventPriorState(oldChannel) switch oldChannel.Type { @@ -429,7 +428,7 @@ func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { } teamId := channel.TeamId - auditRec := c.MakeAuditRecord("restoreChannel", audit.Fail) + auditRec := c.MakeAuditRecord("restoreChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) auditRec.AddEventPriorState(channel) @@ -483,8 +482,8 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { } } - auditRec := c.MakeAuditRecord("createDirectChannel", audit.Fail) - audit.AddEventParameter(auditRec, "user_ids", userIds) + auditRec := c.MakeAuditRecord("createDirectChannel", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_ids", userIds) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateDirectChannel) { @@ -502,7 +501,7 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { otherUserId = userIds[1] } - audit.AddEventParameter(auditRec, "user_id", otherUserId) + model.AddEventParameterToAuditRec(auditRec, "user_id", otherUserId) canSee, appErr := c.App.UserCanSeeOtherUser(c.AppContext, c.AppContext.Session().UserId, otherUserId) if appErr != nil { @@ -575,8 +574,8 @@ func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { userIds = append(userIds, c.AppContext.Session().UserId) } - auditRec := c.MakeAuditRecord("createGroupChannel", audit.Fail) - audit.AddEventParameter(auditRec, "user_ids", userIds) + auditRec := c.MakeAuditRecord("createGroupChannel", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_ids", userIds) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateGroupChannel) { @@ -1374,8 +1373,8 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteChannel", audit.Fail) - audit.AddEventParameter(auditRec, "id", c.Params.ChannelId) + auditRec := c.MakeAuditRecord("deleteChannel", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "id", c.Params.ChannelId) auditRec.AddEventPriorState(channel) defer c.LogAuditRec(auditRec) @@ -1711,10 +1710,10 @@ func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("updateChannelMemberRoles", audit.Fail) + auditRec := c.MakeAuditRecord("updateChannelMemberRoles", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "props", props) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "props", props) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionManageChannelRoles) { c.SetPermissionError(model.PermissionManageChannelRoles) @@ -1743,10 +1742,10 @@ func updateChannelMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.R return } - auditRec := c.MakeAuditRecord("updateChannelMemberSchemeRoles", audit.Fail) + auditRec := c.MakeAuditRecord("updateChannelMemberSchemeRoles", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameterAuditable(auditRec, "roles", &schemeRoles) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterAuditableToAuditRec(auditRec, "roles", &schemeRoles) if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionManageChannelRoles) { c.SetPermissionError(model.PermissionManageChannelRoles) @@ -1775,10 +1774,10 @@ func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.R return } - auditRec := c.MakeAuditRecord("updateChannelMemberNotifyProps", audit.Fail) + auditRec := c.MakeAuditRecord("updateChannelMemberNotifyProps", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "props", props) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "props", props) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) @@ -1912,11 +1911,11 @@ func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { continue } - auditRec := c.MakeAuditRecord("addChannelMember", audit.Fail) + auditRec := c.MakeAuditRecord("addChannelMember", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", userId) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "post_root_id", postRootId) + model.AddEventParameterToAuditRec(auditRec, "user_id", userId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "post_root_id", postRootId) member := &model.ChannelMember{ ChannelId: c.Params.ChannelId, @@ -2003,10 +2002,10 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("removeChannelMember", audit.Fail) + auditRec := c.MakeAuditRecord("removeChannelMember", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) channel, err := c.App.GetChannel(c.AppContext, c.Params.ChannelId) if err != nil { @@ -2059,8 +2058,8 @@ func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateChannelScheme", audit.Fail) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + auditRec := c.MakeAuditRecord("updateChannelScheme", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) defer c.LogAuditRec(auditRec) var p model.SchemeIDPatch @@ -2070,7 +2069,7 @@ func updateChannelScheme(c *Context, w http.ResponseWriter, r *http.Request) { } schemeID := p.SchemeID - audit.AddEventParameter(auditRec, "scheme_id", *schemeID) + model.AddEventParameterToAuditRec(auditRec, "scheme_id", *schemeID) if c.App.Channels().License() == nil { c.Err = model.NewAppError("Api4.UpdateChannelScheme", "api.channel.update_channel_scheme.license.error", nil, "", http.StatusForbidden) @@ -2254,7 +2253,7 @@ func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("patchChannelModerations", audit.Fail) + auditRec := c.MakeAuditRecord("patchChannelModerations", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementChannels) { @@ -2267,7 +2266,7 @@ func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request) c.Err = appErr return } - audit.AddEventParameterAuditable(auditRec, "channel", channel) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) var channelModerationsPatch []*model.ChannelModerationPatch err := json.NewDecoder(r.Body).Decode(&channelModerationsPatch) @@ -2281,7 +2280,7 @@ func patchChannelModerations(c *Context, w http.ResponseWriter, r *http.Request) c.Err = appErr return } - audit.AddEventParameterAuditableArray(auditRec, "channel_moderations_patch", channelModerationsPatch) + model.AddEventParameterAuditableArrayToAuditRec(auditRec, "channel_moderations_patch", channelModerationsPatch) b, err := json.Marshal(channelModerations) if err != nil { @@ -2326,11 +2325,11 @@ func moveChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("moveChannel", audit.Fail) + auditRec := c.MakeAuditRecord("moveChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "team_id", teamId) - audit.AddEventParameter(auditRec, "force", force) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "team_id", teamId) + model.AddEventParameterToAuditRec(auditRec, "force", force) auditRec.AddEventPriorState(channel) // TODO check and verify if the below three things are parameters or prior state if any @@ -2451,11 +2450,11 @@ func convertGroupMessageToChannel(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("convertGroupMessageToChannel", audit.Fail) + auditRec := c.MakeAuditRecord("convertGroupMessageToChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", gmConversionRequest.ChannelID) - audit.AddEventParameter(auditRec, "team_id", gmConversionRequest.TeamID) - audit.AddEventParameter(auditRec, "user_id", user.Id) + model.AddEventParameterToAuditRec(auditRec, "channel_id", gmConversionRequest.ChannelID) + model.AddEventParameterToAuditRec(auditRec, "team_id", gmConversionRequest.TeamID) + model.AddEventParameterToAuditRec(auditRec, "user_id", user.Id) updatedChannel, appErr := c.App.ConvertGroupMessageToChannel(c.AppContext, c.AppContext.Session().UserId, gmConversionRequest) if appErr != nil { diff --git a/server/channels/api4/channel_bookmark.go b/server/channels/api4/channel_bookmark.go index 4d800f989ac..3203d98266d 100644 --- a/server/channels/api4/channel_bookmark.go +++ b/server/channels/api4/channel_bookmark.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitChannelBookmarks() { @@ -54,9 +53,9 @@ func createChannelBookmark(c *Context, w http.ResponseWriter, r *http.Request) { } channelBookmark.ChannelId = c.Params.ChannelId - auditRec := c.MakeAuditRecord("createChannelBookmark", audit.Fail) + auditRec := c.MakeAuditRecord("createChannelBookmark", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "channelBookmark", channelBookmark) + model.AddEventParameterAuditableToAuditRec(auditRec, "channelBookmark", channelBookmark) switch channel.Type { case model.ChannelTypeOpen: @@ -136,9 +135,9 @@ func updateChannelBookmark(c *Context, w http.ResponseWriter, r *http.Request) { return } patchedBookmark := originalChannelBookmark.Clone() - auditRec := c.MakeAuditRecord("updateChannelBookmark", audit.Fail) + auditRec := c.MakeAuditRecord("updateChannelBookmark", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "channelBookmark", patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "channelBookmark", patch) // The channel bookmark should belong to the same channel specified in the URL if patchedBookmark.ChannelId != c.Params.ChannelId { @@ -236,9 +235,9 @@ func updateChannelBookmarkSortOrder(c *Context, w http.ResponseWriter, r *http.R return } - auditRec := c.MakeAuditRecord("updateChannelBookmarkSortOrder", audit.Fail) + auditRec := c.MakeAuditRecord("updateChannelBookmarkSortOrder", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", c.Params.ChannelBookmarkId) + model.AddEventParameterToAuditRec(auditRec, "id", c.Params.ChannelBookmarkId) channel, appErr := c.App.GetChannel(c.AppContext, c.Params.ChannelId) if appErr != nil { @@ -321,9 +320,9 @@ func deleteChannelBookmark(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteChannelBookmark", audit.Fail) + auditRec := c.MakeAuditRecord("deleteChannelBookmark", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "id", c.Params.ChannelBookmarkId) + model.AddEventParameterToAuditRec(auditRec, "id", c.Params.ChannelBookmarkId) channel, appErr := c.App.GetChannel(c.AppContext, c.Params.ChannelId) if appErr != nil { diff --git a/server/channels/api4/channel_category.go b/server/channels/api4/channel_category.go index fd798e0430a..988614caa59 100644 --- a/server/channels/api4/channel_category.go +++ b/server/channels/api4/channel_category.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func getCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.Request) { @@ -61,7 +60,7 @@ func createCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("createCategoryForTeamForUser", audit.Fail) + auditRec := c.MakeAuditRecord("createCategoryForTeamForUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var categoryCreateRequest model.SidebarCategoryWithChannels @@ -139,7 +138,7 @@ func updateCategoryOrderForTeamForUser(c *Context, w http.ResponseWriter, r *htt return } - auditRec := c.MakeAuditRecord("updateCategoryOrderForTeamForUser", audit.Fail) + auditRec := c.MakeAuditRecord("updateCategoryOrderForTeamForUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) categoryOrder, err := model.NonSortedArrayFromJSON(r.Body) @@ -217,7 +216,7 @@ func updateCategoriesForTeamForUser(c *Context, w http.ResponseWriter, r *http.R return } - auditRec := c.MakeAuditRecord("updateCategoriesForTeamForUser", audit.Fail) + auditRec := c.MakeAuditRecord("updateCategoriesForTeamForUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var categoriesUpdateRequest []*model.SidebarCategoryWithChannels @@ -331,7 +330,7 @@ func updateCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("updateCategoryForTeamForUser", audit.Fail) + auditRec := c.MakeAuditRecord("updateCategoryForTeamForUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var categoryUpdateRequest model.SidebarCategoryWithChannels @@ -382,7 +381,7 @@ func deleteCategoryForTeamForUser(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("deleteCategoryForTeamForUser", audit.Fail) + auditRec := c.MakeAuditRecord("deleteCategoryForTeamForUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) appErr := c.App.DeleteSidebarCategory(c.AppContext, c.Params.UserId, c.Params.TeamId, c.Params.CategoryId) diff --git a/server/channels/api4/channel_local.go b/server/channels/api4/channel_local.go index e1f7a186440..a3b176777bc 100644 --- a/server/channels/api4/channel_local.go +++ b/server/channels/api4/channel_local.go @@ -10,7 +10,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitChannelLocal() { @@ -45,9 +44,9 @@ func localCreateChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localCreateChannel", audit.Fail) + auditRec := c.MakeAuditRecord("localCreateChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "channel", channel) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) sc, appErr := c.App.CreateChannel(c.AppContext, channel, false) if appErr != nil { @@ -85,9 +84,9 @@ func localUpdateChannelPrivacy(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("localUpdateChannelPrivacy", audit.Fail) + auditRec := c.MakeAuditRecord("localUpdateChannelPrivacy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "privacy", privacy) + model.AddEventParameterToAuditRec(auditRec, "privacy", privacy) if channel.Name == model.DefaultChannelName && model.ChannelType(privacy) == model.ChannelTypePrivate { c.Err = model.NewAppError("updateChannelPrivacy", "api.channel.update_channel_privacy.default_channel_error", nil, "", http.StatusBadRequest) @@ -123,9 +122,9 @@ func localRestoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localRestoreChannel", audit.Fail) + auditRec := c.MakeAuditRecord("localRestoreChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) channel, err = c.App.RestoreChannel(c.AppContext, channel, "") if err != nil { @@ -149,8 +148,8 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localAddChannelMember", audit.Fail) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + auditRec := c.MakeAuditRecord("localAddChannelMember", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) defer c.LogAuditRec(auditRec) props := model.StringInterfaceFromJSON(r.Body) @@ -160,7 +159,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameter(auditRec, "user_id", userId) + model.AddEventParameterToAuditRec(auditRec, "user_id", userId) member := &model.ChannelMember{ ChannelId: c.Params.ChannelId, @@ -173,7 +172,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameter(auditRec, "post_root_id", postRootId) + model.AddEventParameterToAuditRec(auditRec, "post_root_id", postRootId) if ok && len(postRootId) == 26 { rootPost, err := c.App.GetSinglePost(c.AppContext, postRootId, false) @@ -193,7 +192,7 @@ func localAddChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "channel", channel) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup { c.Err = model.NewAppError("localAddChannelMember", "api.channel.add_user_to_channel.type.app_error", nil, "", http.StatusBadRequest) @@ -264,10 +263,10 @@ func localRemoveChannelMember(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("localRemoveChannelMember", audit.Fail) + auditRec := c.MakeAuditRecord("localRemoveChannelMember", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "remove_user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "remove_user_id", c.Params.UserId) if err = c.App.RemoveUserFromChannel(c.AppContext, c.Params.UserId, "", channel); err != nil { c.Err = err @@ -300,9 +299,9 @@ func localPatchChannel(c *Context, w http.ResponseWriter, r *http.Request) { } channel := originalOldChannel.DeepCopy() - auditRec := c.MakeAuditRecord("localPatchChannel", audit.Fail) + auditRec := c.MakeAuditRecord("localPatchChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "channel_patch", patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel_patch", patch) channel.Patch(patch) rchannel, appErr := c.App.UpdateChannel(c.AppContext, channel) @@ -358,10 +357,10 @@ func localMoveChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localMoveChannel", audit.Fail) + auditRec := c.MakeAuditRecord("localMoveChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", teamId) - audit.AddEventParameter(auditRec, "force", force) + model.AddEventParameterToAuditRec(auditRec, "team_id", teamId) + model.AddEventParameterToAuditRec(auditRec, "force", force) // TODO do we need these? auditRec.AddMeta("channel_id", channel.Id) @@ -417,10 +416,10 @@ func localDeleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localDeleteChannel", audit.Fail) + auditRec := c.MakeAuditRecord("localDeleteChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) auditRec.AddEventPriorState(channel) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup { c.Err = model.NewAppError("localDeleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) diff --git a/server/channels/api4/command.go b/server/channels/api4/command.go index b115d666966..3b0e57a491b 100644 --- a/server/channels/api4/command.go +++ b/server/channels/api4/command.go @@ -11,7 +11,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitCommand() { @@ -36,8 +35,8 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createCommand", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "command", &cmd) + auditRec := c.MakeAuditRecord("createCommand", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "command", &cmd) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -77,14 +76,14 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateCommand", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "command", &cmd) + auditRec := c.MakeAuditRecord("updateCommand", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "command", &cmd) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") oldCmd, err := c.App.GetCommand(c.Params.CommandId) if err != nil { - audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId) + model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId) c.SetCommandNotFoundError() return } @@ -137,8 +136,8 @@ func moveCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("moveCommand", audit.Fail) - audit.AddEventParameter(auditRec, "command_move_request", cmr.TeamId) + auditRec := c.MakeAuditRecord("moveCommand", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "command_move_request", cmr.TeamId) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -147,7 +146,7 @@ func moveCommand(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = appErr return } - audit.AddEventParameterAuditable(auditRec, "team", newTeam) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", newTeam) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), newTeam.Id, model.PermissionManageSlashCommands) { c.LogAudit("fail - inappropriate permissions") @@ -189,8 +188,8 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteCommand", audit.Fail) - audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId) + auditRec := c.MakeAuditRecord("deleteCommand", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -319,9 +318,9 @@ func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("executeCommand", audit.Fail) + auditRec := c.MakeAuditRecord("executeCommand", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "command_args", &commandArgs) + model.AddEventParameterAuditableToAuditRec(auditRec, "command_args", &commandArgs) // Checks that user is a member of the specified channel, and that they have permission to create a post in it. if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), commandArgs.ChannelId, model.PermissionCreatePost) { @@ -450,18 +449,18 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("regenCommandToken", audit.Fail) + auditRec := c.MakeAuditRecord("regenCommandToken", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") cmd, err := c.App.GetCommand(c.Params.CommandId) if err != nil { - audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId) + model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId) c.SetCommandNotFoundError() return } auditRec.AddEventPriorState(cmd) - audit.AddEventParameter(auditRec, "command_id", c.Params.CommandId) + model.AddEventParameterToAuditRec(auditRec, "command_id", c.Params.CommandId) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), cmd.TeamId, model.PermissionManageSlashCommands) { c.LogAudit("fail - inappropriate permissions") diff --git a/server/channels/api4/command_local.go b/server/channels/api4/command_local.go index 249074e6696..d06cfbf6a25 100644 --- a/server/channels/api4/command_local.go +++ b/server/channels/api4/command_local.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitCommandLocal() { @@ -29,8 +28,8 @@ func localCreateCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localCreateCommand", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "command", &cmd) + auditRec := c.MakeAuditRecord("localCreateCommand", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "command", &cmd) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") diff --git a/server/channels/api4/compliance.go b/server/channels/api4/compliance.go index f16e8100270..273a098f843 100644 --- a/server/channels/api4/compliance.go +++ b/server/channels/api4/compliance.go @@ -12,7 +12,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitCompliance() { @@ -29,8 +28,8 @@ func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("createComplianceReport", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "compliance", &job) + auditRec := c.MakeAuditRecord("createComplianceReport", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "compliance", &job) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateComplianceExportJob) { @@ -65,7 +64,7 @@ func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getComplianceReports", audit.Fail) + auditRec := c.MakeAuditRecord("getComplianceReports", model.AuditStatusFail) defer c.LogAuditRec(auditRec) crs, err := c.App.GetComplianceReports(c.Params.Page, c.Params.PerPage) @@ -86,7 +85,7 @@ func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getComplianceReport", audit.Fail) + auditRec := c.MakeAuditRecord("getComplianceReport", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadComplianceExportJob) { @@ -94,7 +93,7 @@ func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameter(auditRec, "report_id", c.Params.ReportId) + model.AddEventParameterToAuditRec(auditRec, "report_id", c.Params.ReportId) job, err := c.App.GetComplianceReport(c.Params.ReportId) if err != nil { c.Err = err @@ -116,9 +115,9 @@ func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("downloadComplianceReport", audit.Fail) + auditRec := c.MakeAuditRecord("downloadComplianceReport", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "compliance_id", c.Params.ReportId) + model.AddEventParameterToAuditRec(auditRec, "compliance_id", c.Params.ReportId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionDownloadComplianceExportResult) { c.SetPermissionError(model.PermissionDownloadComplianceExportResult) diff --git a/server/channels/api4/config.go b/server/channels/api4/config.go index e697176a4c4..8c13da4b6ff 100644 --- a/server/channels/api4/config.go +++ b/server/channels/api4/config.go @@ -14,7 +14,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/i18n" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" "github.com/mattermost/mattermost/server/v8/config" ) @@ -56,7 +55,7 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getConfig", audit.Fail) + auditRec := c.MakeAuditRecord("getConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) cfg, err := config.Merge(&model.Config{}, c.App.GetSanitizedConfig(), &utils.MergeConfig{ @@ -99,7 +98,7 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { } func configReload(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("configReload", audit.Fail) + auditRec := c.MakeAuditRecord("configReload", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionReloadConfig) { @@ -126,9 +125,7 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateConfig", audit.Fail) - - // audit.AddEventParameter(auditRec, "config", cfg) // TODO We can do this but do we want to? + auditRec := c.MakeAuditRecord("updateConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) cfg.SetDefaults() @@ -296,7 +293,7 @@ func patchConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchConfig", audit.Fail) + auditRec := c.MakeAuditRecord("patchConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAny(*c.AppContext.Session(), model.SysconsoleWritePermissions) { diff --git a/server/channels/api4/config_local.go b/server/channels/api4/config_local.go index 79059905bd0..35afa6c5756 100644 --- a/server/channels/api4/config_local.go +++ b/server/channels/api4/config_local.go @@ -11,7 +11,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" "github.com/mattermost/mattermost/server/v8/config" ) @@ -26,7 +25,7 @@ func (api *API) InitConfigLocal() { } func localGetConfig(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("localGetConfig", audit.Fail) + auditRec := c.MakeAuditRecord("localGetConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) filterMasked, _ := strconv.ParseBool(r.URL.Query().Get("remove_masked")) filterDefaults, _ := strconv.ParseBool(r.URL.Query().Get("remove_defaults")) @@ -58,7 +57,7 @@ func localUpdateConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localUpdateConfig", audit.Fail) + auditRec := c.MakeAuditRecord("localUpdateConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) cfg.SetDefaults() @@ -111,7 +110,7 @@ func localPatchConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localPatchConfig", audit.Fail) + auditRec := c.MakeAuditRecord("localPatchConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) appCfg := c.App.Config() @@ -172,7 +171,7 @@ func localMigrateConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("migrateConfig", audit.Fail) + auditRec := c.MakeAuditRecord("migrateConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { @@ -191,7 +190,7 @@ func localMigrateConfig(c *Context, w http.ResponseWriter, r *http.Request) { } func localGetClientConfig(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("localGetClientConfig", audit.Fail) + auditRec := c.MakeAuditRecord("localGetClientConfig", model.AuditStatusFail) defer c.LogAuditRec(auditRec) format := r.URL.Query().Get("format") diff --git a/server/channels/api4/custom_profile_attributes.go b/server/channels/api4/custom_profile_attributes.go index 277680fe4ce..5796a3a35ef 100644 --- a/server/channels/api4/custom_profile_attributes.go +++ b/server/channels/api4/custom_profile_attributes.go @@ -10,7 +10,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitCustomProfileAttributes() { @@ -62,9 +61,9 @@ func createCPAField(c *Context, w http.ResponseWriter, r *http.Request) { pf.Name = strings.TrimSpace(pf.Name) - auditRec := c.MakeAuditRecord("createCPAField", audit.Fail) + auditRec := c.MakeAuditRecord("createCPAField", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "property_field", pf) + model.AddEventParameterAuditableToAuditRec(auditRec, "property_field", pf) createdField, appErr := c.App.CreateCPAField(pf) if appErr != nil { @@ -117,9 +116,9 @@ func patchCPAField(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchCPAField", audit.Fail) + auditRec := c.MakeAuditRecord("patchCPAField", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "property_field_patch", patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "property_field_patch", patch) originalField, appErr := c.App.GetCPAField(c.Params.FieldId) if appErr != nil { @@ -160,9 +159,9 @@ func deleteCPAField(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteCPAField", audit.Fail) + auditRec := c.MakeAuditRecord("deleteCPAField", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "field_id", c.Params.FieldId) + model.AddEventParameterToAuditRec(auditRec, "field_id", c.Params.FieldId) field, appErr := c.App.GetCPAField(c.Params.FieldId) if appErr != nil { @@ -220,9 +219,9 @@ func patchCPAValues(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchCPAValues", audit.Fail) + auditRec := c.MakeAuditRecord("patchCPAValues", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", userID) + model.AddEventParameterToAuditRec(auditRec, "user_id", userID) results := make(map[string]json.RawMessage, len(updates)) for fieldID, rawValue := range updates { diff --git a/server/channels/api4/data_retention.go b/server/channels/api4/data_retention.go index 7452685a3cf..9e641d2250b 100644 --- a/server/channels/api4/data_retention.go +++ b/server/channels/api4/data_retention.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitDataRetention() { @@ -126,9 +125,9 @@ func createPolicy(c *Context, w http.ResponseWriter, r *http.Request) { c.SetInvalidParamWithErr("policy", jsonErr) return } - auditRec := c.MakeAuditRecord("createPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("createPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "policy", &policy) + model.AddEventParameterAuditableToAuditRec(auditRec, "policy", &policy) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) @@ -164,9 +163,9 @@ func patchPolicy(c *Context, w http.ResponseWriter, r *http.Request) { c.RequirePolicyId() patch.ID = c.Params.PolicyId - auditRec := c.MakeAuditRecord("patchPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("patchPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "patch", &patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "patch", &patch) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) @@ -197,9 +196,9 @@ func deletePolicy(c *Context, w http.ResponseWriter, r *http.Request) { c.RequirePolicyId() policyId := c.Params.PolicyId - auditRec := c.MakeAuditRecord("deletePolicy", audit.Fail) + auditRec := c.MakeAuditRecord("deletePolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "policy_id", policyId) + model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) return @@ -283,10 +282,10 @@ func addTeamsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("addTeamsToPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err) return } - auditRec := c.MakeAuditRecord("addTeamsToPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("addTeamsToPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "policy_id", policyId) - audit.AddEventParameter(auditRec, "team_ids", teamIDs) + model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId) + model.AddEventParameterToAuditRec(auditRec, "team_ids", teamIDs) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) return @@ -310,10 +309,10 @@ func removeTeamsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("removeTeamsFromPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err) return } - auditRec := c.MakeAuditRecord("removeTeamsFromPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("removeTeamsFromPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "policy_id", policyId) - audit.AddEventParameter(auditRec, "team_ids", teamIDs) + model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId) + model.AddEventParameterToAuditRec(auditRec, "team_ids", teamIDs) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) @@ -406,10 +405,10 @@ func addChannelsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("addChannelsToPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err) return } - auditRec := c.MakeAuditRecord("addChannelsToPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("addChannelsToPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "policy_id", policyId) - audit.AddEventParameter(auditRec, "channel_ids", channelIDs) + model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId) + model.AddEventParameterToAuditRec(auditRec, "channel_ids", channelIDs) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) @@ -434,10 +433,10 @@ func removeChannelsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request c.Err = model.NewAppError("removeChannelsFromPolicy", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err) return } - auditRec := c.MakeAuditRecord("removeChannelsFromPolicy", audit.Fail) + auditRec := c.MakeAuditRecord("removeChannelsFromPolicy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "policy_id", policyId) - audit.AddEventParameter(auditRec, "channel_ids", channelIDs) + model.AddEventParameterToAuditRec(auditRec, "policy_id", policyId) + model.AddEventParameterToAuditRec(auditRec, "channel_ids", channelIDs) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) { c.SetPermissionError(model.PermissionSysconsoleWriteComplianceDataRetentionPolicy) diff --git a/server/channels/api4/elasticsearch.go b/server/channels/api4/elasticsearch.go index a247a74a553..7a45d6938a8 100644 --- a/server/channels/api4/elasticsearch.go +++ b/server/channels/api4/elasticsearch.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitElasticsearch() { @@ -53,7 +52,7 @@ func testElasticsearch(c *Context, w http.ResponseWriter, r *http.Request) { } func purgeElasticsearchIndexes(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("purgeElasticsearchIndexes", audit.Fail) + auditRec := c.MakeAuditRecord("purgeElasticsearchIndexes", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionPurgeElasticsearchIndexes) { diff --git a/server/channels/api4/emoji.go b/server/channels/api4/emoji.go index daf37d815d9..cb964a7c56a 100644 --- a/server/channels/api4/emoji.go +++ b/server/channels/api4/emoji.go @@ -11,7 +11,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/web" ) @@ -54,7 +53,7 @@ func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createEmoji", audit.Fail) + auditRec := c.MakeAuditRecord("createEmoji", model.AuditStatusFail) defer c.LogAuditRec(auditRec) // Allow any user with CREATE_EMOJIS permission at Team level to create emojis at system level @@ -137,12 +136,12 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteEmoji", audit.Fail) + auditRec := c.MakeAuditRecord("deleteEmoji", model.AuditStatusFail) defer c.LogAuditRec(auditRec) emoji, err := c.App.GetEmoji(c.AppContext, c.Params.EmojiId) if err != nil { - audit.AddEventParameter(auditRec, "emoji_id", c.Params.EmojiId) + model.AddEventParameterToAuditRec(auditRec, "emoji_id", c.Params.EmojiId) c.Err = err return } diff --git a/server/channels/api4/export.go b/server/channels/api4/export.go index be25f153ac7..4ce8213378d 100644 --- a/server/channels/api4/export.go +++ b/server/channels/api4/export.go @@ -11,7 +11,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitExport() { @@ -45,9 +44,9 @@ func listExports(c *Context, w http.ResponseWriter, r *http.Request) { } func deleteExport(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("deleteExport", audit.Fail) + auditRec := c.MakeAuditRecord("deleteExport", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "export_name", c.Params.ExportName) + model.AddEventParameterToAuditRec(auditRec, "export_name", c.Params.ExportName) if !c.IsSystemAdmin() { c.SetPermissionError(model.PermissionManageSystem) @@ -90,10 +89,10 @@ func downloadExport(c *Context, w http.ResponseWriter, r *http.Request) { } func generatePresignURLExport(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("generatePresignURLExport", audit.Fail) + auditRec := c.MakeAuditRecord("generatePresignURLExport", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "export_name", c.Params.ExportName) + model.AddEventParameterToAuditRec(auditRec, "export_name", c.Params.ExportName) if !c.IsSystemAdmin() { c.SetPermissionError(model.PermissionManageSystem) diff --git a/server/channels/api4/file.go b/server/channels/api4/file.go index 3bafe051efe..10d0aca05d7 100644 --- a/server/channels/api4/file.go +++ b/server/channels/api4/file.go @@ -17,7 +17,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" "github.com/mattermost/mattermost/server/v8/platform/shared/web" ) @@ -139,9 +138,9 @@ func uploadFileSimple(c *Context, r *http.Request, timestamp time.Time) *model.F return nil } - auditRec := c.MakeAuditRecord("uploadFileSimple", audit.Fail) + auditRec := c.MakeAuditRecord("uploadFileSimple", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionUploadFile) { c.SetPermissionError(model.PermissionUploadFile) @@ -149,12 +148,12 @@ func uploadFileSimple(c *Context, r *http.Request, timestamp time.Time) *model.F } clientId := r.Form.Get("client_id") - audit.AddEventParameter(auditRec, "client_id", clientId) + model.AddEventParameterToAuditRec(auditRec, "client_id", clientId) creatorId := c.AppContext.Session().UserId if isBookmark, err := strconv.ParseBool(r.URL.Query().Get(model.BookmarkFileOwner)); err == nil && isBookmark { creatorId = model.BookmarkFileOwner - audit.AddEventParameter(auditRec, model.BookmarkFileOwner, true) + model.AddEventParameterToAuditRec(auditRec, model.BookmarkFileOwner, true) } info, appErr := c.App.UploadFileX(c.AppContext, c.Params.ChannelId, c.Params.Filename, r.Body, @@ -167,7 +166,7 @@ func uploadFileSimple(c *Context, r *http.Request, timestamp time.Time) *model.F c.Err = appErr return nil } - audit.AddEventParameterAuditable(auditRec, "file", info) + model.AddEventParameterAuditableToAuditRec(auditRec, "file", info) fileUploadResponse := &model.FileUploadResponse{ FileInfos: []*model.FileInfo{info}, @@ -320,14 +319,14 @@ NextPart: clientId = clientIds[nFiles] } - auditRec := c.MakeAuditRecord("uploadFileMultipart", audit.Fail) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "client_id", clientId) + auditRec := c.MakeAuditRecord("uploadFileMultipart", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "client_id", clientId) creatorId := c.AppContext.Session().UserId if isBookmark { creatorId = model.BookmarkFileOwner - audit.AddEventParameter(auditRec, model.BookmarkFileOwner, true) + model.AddEventParameterToAuditRec(auditRec, model.BookmarkFileOwner, true) } info, appErr := c.App.UploadFileX(c.AppContext, c.Params.ChannelId, filename, part, @@ -341,7 +340,7 @@ NextPart: c.LogAuditRec(auditRec) return nil } - audit.AddEventParameterAuditable(auditRec, "file", info) + model.AddEventParameterAuditableToAuditRec(auditRec, "file", info) auditRec.Success() c.LogAuditRec(auditRec) @@ -427,15 +426,15 @@ func uploadFileMultipartLegacy(c *Context, mr *multipart.Reader, clientId = clientIds[i] } - auditRec := c.MakeAuditRecord("uploadFileMultipartLegacy", audit.Fail) + auditRec := c.MakeAuditRecord("uploadFileMultipartLegacy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "channel_id", channelId) - audit.AddEventParameter(auditRec, "client_id", clientId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", channelId) + model.AddEventParameterToAuditRec(auditRec, "client_id", clientId) creatorId := c.AppContext.Session().UserId if isBookmark { creatorId = model.BookmarkFileOwner - audit.AddEventParameter(auditRec, model.BookmarkFileOwner, true) + model.AddEventParameterToAuditRec(auditRec, model.BookmarkFileOwner, true) } info, appErr := c.App.UploadFileX(c.AppContext, c.Params.ChannelId, fileHeader.Filename, f, @@ -450,7 +449,7 @@ func uploadFileMultipartLegacy(c *Context, mr *multipart.Reader, c.LogAuditRec(auditRec) return nil } - audit.AddEventParameterAuditable(auditRec, "file", info) + model.AddEventParameterAuditableToAuditRec(auditRec, "file", info) auditRec.Success() c.LogAuditRec(auditRec) @@ -472,9 +471,9 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { forceDownload, _ := strconv.ParseBool(r.URL.Query().Get("download")) - auditRec := c.MakeAuditRecord("getFile", audit.Fail) + auditRec := c.MakeAuditRecord("getFile", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "force_download", forceDownload) + model.AddEventParameterToAuditRec(auditRec, "force_download", forceDownload) info, err := c.App.GetFileInfo(c.AppContext, c.Params.FileId) if err != nil { @@ -482,7 +481,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { setInaccessibleFileHeader(w, err) return } - audit.AddEventParameterAuditable(auditRec, "file", info) + model.AddEventParameterAuditableToAuditRec(auditRec, "file", info) channel, err := c.App.GetChannel(c.AppContext, info.ChannelId) if err != nil { @@ -570,7 +569,7 @@ func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getFileLink", audit.Fail) + auditRec := c.MakeAuditRecord("getFileLink", model.AuditStatusFail) defer c.LogAuditRec(auditRec) info, err := c.App.GetFileInfo(c.AppContext, c.Params.FileId) @@ -579,7 +578,7 @@ func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) { setInaccessibleFileHeader(w, err) return } - audit.AddEventParameterAuditable(auditRec, "file", info) + model.AddEventParameterAuditableToAuditRec(auditRec, "file", info) channel, err := c.App.GetChannel(c.AppContext, info.ChannelId) if err != nil { diff --git a/server/channels/api4/group.go b/server/channels/api4/group.go index 661c80ecb1c..d3bb0c4813c 100644 --- a/server/channels/api4/group.go +++ b/server/channels/api4/group.go @@ -15,7 +15,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/store" "github.com/mattermost/mattermost/server/v8/channels/web" "github.com/mattermost/mattermost/server/v8/platform/services/telemetry" @@ -191,9 +190,9 @@ func createGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createGroup", audit.Fail) + auditRec := c.MakeAuditRecord("createGroup", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "group", group) + model.AddEventParameterAuditableToAuditRec(auditRec, "group", group) newGroup, appErr := c.App.CreateGroupWithUserIds(group) if appErr != nil { @@ -261,9 +260,9 @@ func patchGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchGroup", audit.Fail) + auditRec := c.MakeAuditRecord("patchGroup", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "group", group) + model.AddEventParameterAuditableToAuditRec(auditRec, "group", group) if groupPatch.AllowReference != nil && *groupPatch.AllowReference { if groupPatch.Name == nil { @@ -351,11 +350,11 @@ func linkGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("linkGroupSyncable", audit.Fail) + auditRec := c.MakeAuditRecord("linkGroupSyncable", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId) - audit.AddEventParameter(auditRec, "syncable_id", syncableID) - audit.AddEventParameter(auditRec, "syncable_type", string(syncableType)) + model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId) + model.AddEventParameterToAuditRec(auditRec, "syncable_id", syncableID) + model.AddEventParameterToAuditRec(auditRec, "syncable_type", string(syncableType)) var patch *model.GroupSyncablePatch err = json.Unmarshal(body, &patch) @@ -364,7 +363,7 @@ func linkGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "patch", patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "patch", patch) if !*c.App.Channels().License().Features.LDAPGroups { c.Err = model.NewAppError("Api4.createGroupSyncable", "api.ldap_groups.license_error", nil, "", http.StatusForbidden) @@ -533,11 +532,11 @@ func patchGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchGroupSyncable", audit.Fail) + auditRec := c.MakeAuditRecord("patchGroupSyncable", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId) - audit.AddEventParameter(auditRec, "old_syncable_id", syncableID) - audit.AddEventParameter(auditRec, "old_syncable_type", string(syncableType)) + model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId) + model.AddEventParameterToAuditRec(auditRec, "old_syncable_id", syncableID) + model.AddEventParameterToAuditRec(auditRec, "old_syncable_type", string(syncableType)) var patch *model.GroupSyncablePatch err = json.Unmarshal(body, &patch) @@ -546,7 +545,7 @@ func patchGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "patch", patch) + model.AddEventParameterAuditableToAuditRec(auditRec, "patch", patch) if !*c.App.Channels().License().Features.LDAPGroups { c.Err = model.NewAppError("Api4.patchGroupSyncable", "api.ldap_groups.license_error", nil, "", @@ -616,11 +615,11 @@ func unlinkGroupSyncable(c *Context, w http.ResponseWriter, r *http.Request) { } syncableType := c.Params.SyncableType - auditRec := c.MakeAuditRecord("unlinkGroupSyncable", audit.Fail) + auditRec := c.MakeAuditRecord("unlinkGroupSyncable", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId) - audit.AddEventParameter(auditRec, "syncable_id", syncableID) - audit.AddEventParameter(auditRec, "syncable_type", string(syncableType)) + model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId) + model.AddEventParameterToAuditRec(auditRec, "syncable_id", syncableID) + model.AddEventParameterToAuditRec(auditRec, "syncable_type", string(syncableType)) if !*c.App.Channels().License().Features.LDAPGroups { c.Err = model.NewAppError("Api4.unlinkGroupSyncable", "api.ldap_groups.license_error", nil, "", http.StatusForbidden) @@ -1228,9 +1227,9 @@ func deleteGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteGroup", audit.Fail) + auditRec := c.MakeAuditRecord("deleteGroup", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId) + model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId) group, err = c.App.DeleteGroup(c.Params.GroupId) if err != nil { @@ -1283,9 +1282,9 @@ func restoreGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("restoreGroup", audit.Fail) + auditRec := c.MakeAuditRecord("restoreGroup", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "group_id", c.Params.GroupId) + model.AddEventParameterToAuditRec(auditRec, "group_id", c.Params.GroupId) restoredGroup, err := c.App.RestoreGroup(c.Params.GroupId) if err != nil { @@ -1352,9 +1351,9 @@ func addGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) { } } - auditRec := c.MakeAuditRecord("addGroupMembers", audit.Fail) + auditRec := c.MakeAuditRecord("addGroupMembers", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "addGroupMembers_userids", newMembers.UserIds) + model.AddEventParameterToAuditRec(auditRec, "addGroupMembers_userids", newMembers.UserIds) members, appErr := c.App.UpsertGroupMembers(c.Params.GroupId, newMembers.UserIds) if appErr != nil { @@ -1427,9 +1426,9 @@ func deleteGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) { } } - auditRec := c.MakeAuditRecord("deleteGroupMembers", audit.Fail) + auditRec := c.MakeAuditRecord("deleteGroupMembers", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "deleteGroupMembers_userids", deleteBody.UserIds) + model.AddEventParameterToAuditRec(auditRec, "deleteGroupMembers_userids", deleteBody.UserIds) members, appErr := c.App.DeleteGroupMembers(c.Params.GroupId, deleteBody.UserIds) if appErr != nil { diff --git a/server/channels/api4/import.go b/server/channels/api4/import.go index 00098736188..ca90642ab3b 100644 --- a/server/channels/api4/import.go +++ b/server/channels/api4/import.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitImport() { @@ -36,7 +35,7 @@ func listImports(c *Context, w http.ResponseWriter, r *http.Request) { func deleteImport(c *Context, w http.ResponseWriter, r *http.Request) { importName := c.Params.ImportName - auditRec := c.MakeAuditRecord("deleteImport", audit.Fail) + auditRec := c.MakeAuditRecord("deleteImport", model.AuditStatusFail) defer c.LogAuditRec(auditRec) auditRec.AddMeta("import_name", importName) diff --git a/server/channels/api4/ip_filtering.go b/server/channels/api4/ip_filtering.go index a79689c5fa7..8833bcd9b51 100644 --- a/server/channels/api4/ip_filtering.go +++ b/server/channels/api4/ip_filtering.go @@ -10,7 +10,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/einterfaces" ) @@ -64,7 +63,7 @@ func applyIPFilters(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("applyIPFilters", audit.Fail) + auditRec := c.MakeAuditRecord("applyIPFilters", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) allowedRanges := &model.AllowedIPRanges{} // Initialize the allowedRanges variable @@ -73,7 +72,7 @@ func applyIPFilters(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "IPFilter", allowedRanges) + model.AddEventParameterAuditableToAuditRec(auditRec, "IPFilter", allowedRanges) updatedAllowedRanges, err := ipFiltering.ApplyIPFilters(allowedRanges) diff --git a/server/channels/api4/job.go b/server/channels/api4/job.go index b91bd42de0f..9a354d216fb 100644 --- a/server/channels/api4/job.go +++ b/server/channels/api4/job.go @@ -15,7 +15,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/platform/shared/web" ) @@ -149,9 +148,9 @@ func createJob(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createJob", audit.Fail) + auditRec := c.MakeAuditRecord("createJob", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "job", &job) + model.AddEventParameterAuditableToAuditRec(auditRec, "job", &job) hasPermission, permissionRequired := c.App.SessionHasPermissionToCreateJob(*c.AppContext.Session(), &job) if permissionRequired == nil { @@ -291,9 +290,9 @@ func cancelJob(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("cancelJob", audit.Fail) + auditRec := c.MakeAuditRecord("cancelJob", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "job_id", c.Params.JobId) + model.AddEventParameterToAuditRec(auditRec, "job_id", c.Params.JobId) job, err := c.App.GetJob(c.AppContext, c.Params.JobId) if err != nil { @@ -332,9 +331,9 @@ func updateJobStatus(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateJobStatus", audit.Fail) + auditRec := c.MakeAuditRecord("updateJobStatus", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "job_id", c.Params.JobId) + model.AddEventParameterToAuditRec(auditRec, "job_id", c.Params.JobId) props := model.StringInterfaceFromJSON(r.Body) status, ok := props["status"].(string) diff --git a/server/channels/api4/ldap.go b/server/channels/api4/ldap.go index b00d2013efe..c05f573357c 100644 --- a/server/channels/api4/ldap.go +++ b/server/channels/api4/ldap.go @@ -10,7 +10,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) type mixedUnlinkedGroup struct { @@ -65,7 +64,7 @@ func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) { c.Logger.LogM(mlog.MlvlLDAPInfo, "Error decoding LDAP sync options", mlog.Err(err)) } - auditRec := c.MakeAuditRecord("syncLdap", audit.Fail) + auditRec := c.MakeAuditRecord("syncLdap", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.App.SyncLdap(c.AppContext, opts.IncludeRemovedMembers) @@ -223,9 +222,9 @@ func linkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("linkLdapGroup", audit.Fail) + auditRec := c.MakeAuditRecord("linkLdapGroup", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups { c.Err = model.NewAppError("api4.linkLdapGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented) @@ -249,7 +248,7 @@ func linkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } if group != nil { - audit.AddEventParameterAuditable(auditRec, "group", group) + model.AddEventParameterAuditableToAuditRec(auditRec, "group", group) } var status int @@ -320,9 +319,9 @@ func unlinkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("unlinkLdapGroup", audit.Fail) + auditRec := c.MakeAuditRecord("unlinkLdapGroup", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementGroups) { c.SetPermissionError(model.PermissionSysconsoleWriteUserManagementGroups) @@ -363,8 +362,8 @@ func migrateIDLdap(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("idMigrateLdap", audit.Fail) - audit.AddEventParameter(auditRec, "to_attribute", toAttribute) + auditRec := c.MakeAuditRecord("idMigrateLdap", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "to_attribute", toAttribute) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { @@ -418,9 +417,9 @@ func addLdapPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("addLdapPublicCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("addLdapPublicCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) if err := c.App.AddLdapPublicCertificate(fileData); err != nil { c.Err = err @@ -442,9 +441,9 @@ func addLdapPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("addLdapPrivateCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("addLdapPrivateCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) if err := c.App.AddLdapPrivateCertificate(fileData); err != nil { c.Err = err @@ -460,7 +459,7 @@ func removeLdapPublicCertificate(c *Context, w http.ResponseWriter, r *http.Requ return } - auditRec := c.MakeAuditRecord("removeLdapPublicCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("removeLdapPublicCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RemoveLdapPublicCertificate(); err != nil { @@ -478,7 +477,7 @@ func removeLdapPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("removeLdapPrivateCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("removeLdapPrivateCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RemoveLdapPrivateCertificate(); err != nil { @@ -509,7 +508,7 @@ func addUserToGroupSyncables(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("addUserToGroupSyncables", audit.Fail) + auditRec := c.MakeAuditRecord("addUserToGroupSyncables", model.AuditStatusFail) defer c.LogAuditRec(auditRec) params := model.CreateDefaultMembershipParams{Since: 0, ReAddRemovedMembers: true, ScopedUserID: &user.Id} diff --git a/server/channels/api4/license.go b/server/channels/api4/license.go index a113b97b2f2..a2ff1907553 100644 --- a/server/channels/api4/license.go +++ b/server/channels/api4/license.go @@ -15,7 +15,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitLicense() { @@ -54,7 +53,7 @@ func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) { } func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("addLicense", audit.Fail) + auditRec := c.MakeAuditRecord("addLicense", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -83,7 +82,7 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { } fileData := fileArray[0] - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) file, err := fileData.Open() if err != nil { @@ -156,7 +155,7 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { } func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("removeLicense", audit.Fail) + auditRec := c.MakeAuditRecord("removeLicense", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -177,7 +176,7 @@ func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { } func requestTrialLicense(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("requestTrialLicense", audit.Fail) + auditRec := c.MakeAuditRecord("requestTrialLicense", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") diff --git a/server/channels/api4/license_local.go b/server/channels/api4/license_local.go index 524396ec468..20a66bedcbf 100644 --- a/server/channels/api4/license_local.go +++ b/server/channels/api4/license_local.go @@ -11,7 +11,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitLicenseLocal() { @@ -20,7 +19,7 @@ func (api *API) InitLicenseLocal() { } func localAddLicense(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("localAddLicense", audit.Fail) + auditRec := c.MakeAuditRecord("localAddLicense", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -44,7 +43,7 @@ func localAddLicense(c *Context, w http.ResponseWriter, r *http.Request) { } fileData := fileArray[0] - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) file, err := fileData.Open() if err != nil { @@ -81,7 +80,7 @@ func localAddLicense(c *Context, w http.ResponseWriter, r *http.Request) { } func localRemoveLicense(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("localRemoveLicense", audit.Fail) + auditRec := c.MakeAuditRecord("localRemoveLicense", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") diff --git a/server/channels/api4/oauth.go b/server/channels/api4/oauth.go index d65b73f23c5..964a406c7d0 100644 --- a/server/channels/api4/oauth.go +++ b/server/channels/api4/oauth.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitOAuth() { @@ -31,8 +30,8 @@ func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createOAuthApp", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "oauth_app", &oauthApp) + auditRec := c.MakeAuditRecord("createOAuthApp", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "oauth_app", &oauthApp) defer c.LogAuditRec(auditRec) @@ -70,9 +69,9 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateOAuthApp", audit.Fail) + auditRec := c.MakeAuditRecord("updateOAuthApp", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "oauth_app_id", c.Params.AppId) + model.AddEventParameterToAuditRec(auditRec, "oauth_app_id", c.Params.AppId) c.LogAudit("attempt") if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageOAuth) { @@ -85,7 +84,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { c.SetInvalidParamWithErr("oauth_app", jsonErr) return } - audit.AddEventParameterAuditable(auditRec, "oauth_app", &oauthApp) + model.AddEventParameterAuditableToAuditRec(auditRec, "oauth_app", &oauthApp) // The app being updated in the payload must be the same one as indicated in the URL. if oauthApp.Id != c.Params.AppId { @@ -209,9 +208,9 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteOAuthApp", audit.Fail) + auditRec := c.MakeAuditRecord("deleteOAuthApp", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "oauth_app_id", c.Params.AppId) + model.AddEventParameterToAuditRec(auditRec, "oauth_app_id", c.Params.AppId) c.LogAudit("attempt") if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageOAuth) { @@ -250,9 +249,9 @@ func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("regenerateOAuthAppSecret", audit.Fail) + auditRec := c.MakeAuditRecord("regenerateOAuthAppSecret", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "oauth_app_id", c.Params.AppId) + model.AddEventParameterToAuditRec(auditRec, "oauth_app_id", c.Params.AppId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageOAuth) { c.SetPermissionError(model.PermissionManageOAuth) diff --git a/server/channels/api4/outgoing_oauth_connection.go b/server/channels/api4/outgoing_oauth_connection.go index 26aff650906..b8d1eb8eff5 100644 --- a/server/channels/api4/outgoing_oauth_connection.go +++ b/server/channels/api4/outgoing_oauth_connection.go @@ -12,7 +12,6 @@ import ( "github.com/mattermost/logr/v2" "github.com/mattermost/mattermost/server/public/model" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/einterfaces" ) @@ -205,7 +204,7 @@ func getOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Reque } func createOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("createOutgoingOauthConnection", audit.Fail) + auditRec := c.MakeAuditRecord("createOutgoingOauthConnection", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -224,7 +223,7 @@ func createOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re return } - audit.AddEventParameterAuditable(auditRec, "outgoing_oauth_connection", &inputConnection) + model.AddEventParameterAuditableToAuditRec(auditRec, "outgoing_oauth_connection", &inputConnection) inputConnection.CreatorId = c.AppContext.Session().UserId @@ -249,9 +248,9 @@ func createOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re } func updateOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("updateOutgoingOAuthConnection", audit.Fail) + auditRec := c.MakeAuditRecord("updateOutgoingOAuthConnection", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID) + model.AddEventParameterToAuditRec(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID) c.LogAudit("attempt") if !checkOutgoingOAuthConnectionWritePermissions(c) { @@ -315,9 +314,9 @@ func updateOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re } func deleteOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("deleteOutgoingOAuthConnection", audit.Fail) + auditRec := c.MakeAuditRecord("deleteOutgoingOAuthConnection", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID) + model.AddEventParameterToAuditRec(auditRec, "outgoing_oauth_connection_id", c.Params.OutgoingOAuthConnectionID) c.LogAudit("attempt") if !checkOutgoingOAuthConnectionWritePermissions(c) { @@ -356,7 +355,7 @@ func deleteOutgoingOAuthConnection(c *Context, w http.ResponseWriter, r *http.Re // with the provided connection configuration. If the credentials are valid, the request will return a 200 status code and // if the credentials are invalid, the request will return a 400 status code. func validateOutgoingOAuthConnectionCredentials(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("validateOutgoingOAuthConnectionCredentials", audit.Fail) + auditRec := c.MakeAuditRecord("validateOutgoingOAuthConnectionCredentials", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -392,7 +391,7 @@ func validateOutgoingOAuthConnectionCredentials(c *Context, w http.ResponseWrite inputConnection.ClientSecret = storedConnection.ClientSecret } - audit.AddEventParameterAuditable(auditRec, "outgoing_oauth_connection", inputConnection) + model.AddEventParameterAuditableToAuditRec(auditRec, "outgoing_oauth_connection", inputConnection) resultStatusCode := http.StatusOK diff --git a/server/channels/api4/plugin.go b/server/channels/api4/plugin.go index f5d4374fb8b..4e85f012c90 100644 --- a/server/channels/api4/plugin.go +++ b/server/channels/api4/plugin.go @@ -15,7 +15,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/store" ) @@ -50,7 +49,7 @@ func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("uploadPlugin", audit.Fail) + auditRec := c.MakeAuditRecord("uploadPlugin", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) { @@ -79,7 +78,7 @@ func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("uploadPlugin", "api.plugin.upload.array.app_error", nil, "", http.StatusBadRequest) return } - audit.AddEventParameter(auditRec, "filename", pluginArray[0].Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", pluginArray[0].Filename) file, err := pluginArray[0].Open() if err != nil { @@ -105,7 +104,7 @@ func installPluginFromURL(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("installPluginFromURL", audit.Fail) + auditRec := c.MakeAuditRecord("installPluginFromURL", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) { @@ -115,7 +114,7 @@ func installPluginFromURL(c *Context, w http.ResponseWriter, r *http.Request) { force, _ := strconv.ParseBool(r.URL.Query().Get("force")) downloadURL := r.URL.Query().Get("plugin_download_url") - audit.AddEventParameter(auditRec, "url", downloadURL) + model.AddEventParameterToAuditRec(auditRec, "url", downloadURL) pluginFileBytes, err := c.App.DownloadFromURL(downloadURL) if err != nil { @@ -138,7 +137,7 @@ func installMarketplacePlugin(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("installMarketplacePlugin", audit.Fail) + auditRec := c.MakeAuditRecord("installMarketplacePlugin", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) { @@ -151,7 +150,7 @@ func installMarketplacePlugin(c *Context, w http.ResponseWriter, r *http.Request c.Err = model.NewAppError("installMarketplacePlugin", "app.plugin.marketplace_plugin_request.app_error", nil, "", http.StatusNotImplemented).Wrap(err) return } - audit.AddEventParameter(auditRec, "plugin_id", pluginRequest.Id) + model.AddEventParameterToAuditRec(auditRec, "plugin_id", pluginRequest.Id) // Always install the latest compatible version // https://mattermost.atlassian.net/browse/MM-41981 @@ -228,9 +227,9 @@ func removePlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("removePlugin", audit.Fail) + auditRec := c.MakeAuditRecord("removePlugin", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "plugin_id", c.Params.PluginId) + model.AddEventParameterToAuditRec(auditRec, "plugin_id", c.Params.PluginId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) { c.SetPermissionError(model.PermissionSysconsoleWritePlugins) @@ -332,9 +331,9 @@ func enablePlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("enablePlugin", audit.Fail) + auditRec := c.MakeAuditRecord("enablePlugin", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "plugin_id", c.Params.PluginId) + model.AddEventParameterToAuditRec(auditRec, "plugin_id", c.Params.PluginId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) { c.SetPermissionError(model.PermissionSysconsoleWritePlugins) @@ -361,9 +360,9 @@ func disablePlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("disablePlugin", audit.Fail) + auditRec := c.MakeAuditRecord("disablePlugin", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "plugin_id", c.Params.PluginId) + model.AddEventParameterToAuditRec(auditRec, "plugin_id", c.Params.PluginId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWritePlugins) { c.SetPermissionError(model.PermissionSysconsoleWritePlugins) @@ -422,7 +421,7 @@ func installPlugin(c *Context, w http.ResponseWriter, plugin io.ReadSeeker, forc } func setFirstAdminVisitMarketplaceStatus(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("setFirstAdminVisitMarketplaceStatus", audit.Fail) + auditRec := c.MakeAuditRecord("setFirstAdminVisitMarketplaceStatus", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -450,7 +449,7 @@ func setFirstAdminVisitMarketplaceStatus(c *Context, w http.ResponseWriter, r *h } func getFirstAdminVisitMarketplaceStatus(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("getFirstAdminVisitMarketplaceStatus", audit.Fail) + auditRec := c.MakeAuditRecord("getFirstAdminVisitMarketplaceStatus", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") diff --git a/server/channels/api4/post.go b/server/channels/api4/post.go index 7c9b0ad3cb5..96d3437b45b 100644 --- a/server/channels/api4/post.go +++ b/server/channels/api4/post.go @@ -15,7 +15,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/web" ) @@ -81,9 +80,9 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { post.SanitizeInput() post.UserId = c.AppContext.Session().UserId - auditRec := c.MakeAuditRecord("createPost", audit.Fail) + auditRec := c.MakeAuditRecord("createPost", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameterAuditable(auditRec, "post", &post) + model.AddEventParameterAuditableToAuditRec(auditRec, "post", &post) if post.CreateAt != 0 && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { post.CreateAt = 0 @@ -583,10 +582,10 @@ func deletePost(c *Context, w http.ResponseWriter, _ *http.Request) { permanent := c.Params.Permanent - auditRec := c.MakeAuditRecord("deletePost", audit.Fail) + auditRec := c.MakeAuditRecord("deletePost", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameter(auditRec, "post_id", c.Params.PostId) - audit.AddEventParameter(auditRec, "permanent", permanent) + model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId) + model.AddEventParameterToAuditRec(auditRec, "permanent", permanent) includeDeleted := permanent @@ -819,9 +818,9 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request, teamId stri includeDeletedChannels = *params.IncludeDeletedChannels } - auditRec := c.MakeAuditRecord("searchPosts", audit.Fail) + auditRec := c.MakeAuditRecord("searchPosts", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelAPI) - audit.AddEventParameterAuditable(auditRec, "search_params", params) + model.AddEventParameterAuditableToAuditRec(auditRec, "search_params", params) startTime := time.Now() @@ -847,7 +846,7 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request, teamId stri } results = model.MakePostSearchResults(clientPostList, results.Matches) - audit.AddEventParameterAuditable(auditRec, "search_results", results) + model.AddEventParameterAuditableToAuditRec(auditRec, "search_results", results) auditRec.Success() w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") @@ -868,8 +867,8 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updatePost", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "post", &post) + auditRec := c.MakeAuditRecord("updatePost", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "post", &post) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) // The post being updated in the payload must be the same one as indicated in the URL. @@ -943,9 +942,9 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchPost", audit.Fail) - audit.AddEventParameter(auditRec, "id", c.Params.PostId) - audit.AddEventParameterAuditable(auditRec, "patch", &post) + auditRec := c.MakeAuditRecord("patchPost", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "id", c.Params.PostId) + model.AddEventParameterAuditableToAuditRec(auditRec, "patch", &post) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) if post.Props != nil { @@ -974,7 +973,7 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) { } } -func postPatchChecks(c *Context, auditRec *audit.Record, message *string) { +func postPatchChecks(c *Context, auditRec *model.AuditRecord, message *string) { originalPost, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false) if err != nil { c.SetPermissionError(model.PermissionEditPost) @@ -1066,8 +1065,8 @@ func saveIsPinnedPost(c *Context, w http.ResponseWriter, isPinned bool) { return } - auditRec := c.MakeAuditRecord("saveIsPinnedPost", audit.Fail) - audit.AddEventParameter(auditRec, "post_id", c.Params.PostId) + auditRec := c.MakeAuditRecord("saveIsPinnedPost", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) post, err := c.App.GetSinglePost(c.AppContext, c.Params.PostId, false) @@ -1203,10 +1202,10 @@ func moveThread(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("moveThread", audit.Fail) + auditRec := c.MakeAuditRecord("moveThread", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameter(auditRec, "original_post_id", c.Params.PostId) - audit.AddEventParameter(auditRec, "to_channel_id", moveThreadParams.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "original_post_id", c.Params.PostId) + model.AddEventParameterToAuditRec(auditRec, "to_channel_id", moveThreadParams.ChannelId) user, err := c.App.GetUser(c.AppContext.Session().UserId) if err != nil { @@ -1344,9 +1343,9 @@ func restorePostVersion(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("restorePostVersion", audit.Fail) - audit.AddEventParameter(auditRec, "id", c.Params.PostId) - audit.AddEventParameter(auditRec, "restore_version_id", restoreVersionId) + auditRec := c.MakeAuditRecord("restorePostVersion", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "id", c.Params.PostId) + model.AddEventParameterToAuditRec(auditRec, "restore_version_id", restoreVersionId) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) toRestorePost, err := c.App.GetSinglePost(c.AppContext, restoreVersionId, true) diff --git a/server/channels/api4/post_local.go b/server/channels/api4/post_local.go index 15562f82dc4..df5ff8c781e 100644 --- a/server/channels/api4/post_local.go +++ b/server/channels/api4/post_local.go @@ -6,8 +6,8 @@ package api4 import ( "net/http" + "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitPostLocal() { @@ -24,10 +24,10 @@ func localDeletePost(c *Context, w http.ResponseWriter, r *http.Request) { permanent := c.Params.Permanent - auditRec := c.MakeAuditRecord("localDeletePost", audit.Fail) + auditRec := c.MakeAuditRecord("localDeletePost", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameter(auditRec, "post_id", c.Params.PostId) - audit.AddEventParameter(auditRec, "permanent", permanent) + model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId) + model.AddEventParameterToAuditRec(auditRec, "permanent", permanent) includeDeleted := permanent diff --git a/server/channels/api4/preference.go b/server/channels/api4/preference.go index a6cc24bbf81..89021409253 100644 --- a/server/channels/api4/preference.go +++ b/server/channels/api4/preference.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) const maxUpdatePreferences = 100 @@ -94,7 +93,7 @@ func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updatePreferences", audit.Fail) + auditRec := c.MakeAuditRecord("updatePreferences", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { @@ -156,7 +155,7 @@ func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deletePreferences", audit.Fail) + auditRec := c.MakeAuditRecord("deletePreferences", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { diff --git a/server/channels/api4/remote_cluster.go b/server/channels/api4/remote_cluster.go index 186b47163e3..e5b26d41b04 100644 --- a/server/channels/api4/remote_cluster.go +++ b/server/channels/api4/remote_cluster.go @@ -12,7 +12,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" "github.com/mattermost/mattermost/server/v8/platform/services/remotecluster" ) @@ -100,8 +99,8 @@ func remoteClusterAcceptMessage(c *Context, w http.ResponseWriter, r *http.Reque return } - auditRec := c.MakeAuditRecord("remoteClusterAcceptMessage", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "remote_cluster_frame", &frame) + auditRec := c.MakeAuditRecord("remoteClusterAcceptMessage", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster_frame", &frame) defer c.LogAuditRec(auditRec) remoteId := c.GetRemoteID(r) @@ -115,7 +114,7 @@ func remoteClusterAcceptMessage(c *Context, w http.ResponseWriter, r *http.Reque c.SetInvalidRemoteIdError(frame.RemoteId) return } - audit.AddEventParameterAuditable(auditRec, "remote_cluster", rc) + model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster", rc) // pass message to Remote Cluster Service and write response resp := service.ReceiveIncomingMsg(rc, frame.Msg) @@ -150,8 +149,8 @@ func remoteClusterConfirmInvite(c *Context, w http.ResponseWriter, r *http.Reque return } - auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "remote_cluster_frame", &frame) + auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster_frame", &frame) defer c.LogAuditRec(auditRec) remoteId := c.GetRemoteID(r) @@ -165,7 +164,7 @@ func remoteClusterConfirmInvite(c *Context, w http.ResponseWriter, r *http.Reque c.SetInvalidRemoteIdError(frame.RemoteId) return } - audit.AddEventParameterAuditable(auditRec, "remote_cluster", rc) + model.AddEventParameterAuditableToAuditRec(auditRec, "remote_cluster", rc) // check if the invitation has expired if time.Since(model.GetTimeForMillis(rc.CreateAt)) > remotecluster.InviteExpiresAfter { @@ -201,9 +200,9 @@ func uploadRemoteData(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("uploadRemoteData", audit.Fail) + auditRec := c.MakeAuditRecord("uploadRemoteData", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "upload_id", c.Params.UploadId) + model.AddEventParameterToAuditRec(auditRec, "upload_id", c.Params.UploadId) c.AppContext = c.AppContext.With(app.RequestContextWithMaster) us, err := c.App.GetUploadSession(c.AppContext, c.Params.UploadId) @@ -282,10 +281,10 @@ func remoteSetProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("remoteUploadProfileImage", audit.Fail) + auditRec := c.MakeAuditRecord("remoteUploadProfileImage", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if imageArray[0] != nil { - audit.AddEventParameter(auditRec, "filename", imageArray[0].Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", imageArray[0].Filename) } user, err := c.App.GetUser(c.Params.UserId) @@ -302,7 +301,7 @@ func remoteSetProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) imageData := imageArray[0] if err := c.App.SetProfileImage(c.AppContext, c.Params.UserId, imageData); err != nil { @@ -374,7 +373,7 @@ func createRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createRemoteCluster", audit.Fail) + auditRec := c.MakeAuditRecord("createRemoteCluster", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var rcWithTeamAndPassword model.RemoteClusterWithPassword @@ -408,7 +407,7 @@ func createRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) { CreatorId: c.AppContext.Session().UserId, } - audit.AddEventParameterAuditable(auditRec, "remotecluster", rc) + model.AddEventParameterAuditableToAuditRec(auditRec, "remotecluster", rc) rcSaved, appErr := c.App.AddRemoteCluster(rc) if appErr != nil { @@ -462,7 +461,7 @@ func remoteClusterAcceptInvite(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", audit.Fail) + auditRec := c.MakeAuditRecord("remoteClusterAcceptInvite", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var rcAcceptInvite model.RemoteClusterAcceptInvite @@ -481,8 +480,8 @@ func remoteClusterAcceptInvite(c *Context, w http.ResponseWriter, r *http.Reques return } - audit.AddEventParameter(auditRec, "name", rcAcceptInvite.Name) - audit.AddEventParameter(auditRec, "display_name", rcAcceptInvite.DisplayName) + model.AddEventParameterToAuditRec(auditRec, "name", rcAcceptInvite.Name) + model.AddEventParameterToAuditRec(auditRec, "display_name", rcAcceptInvite.DisplayName) if rcAcceptInvite.DisplayName == "" { rcAcceptInvite.DisplayName = rcAcceptInvite.Name @@ -494,7 +493,7 @@ func remoteClusterAcceptInvite(c *Context, w http.ResponseWriter, r *http.Reques return } - audit.AddEventParameter(auditRec, "site_url", invite.SiteURL) + model.AddEventParameterToAuditRec(auditRec, "site_url", invite.SiteURL) url := c.App.GetSiteURL() if url == "" { @@ -545,9 +544,9 @@ func generateRemoteClusterInvite(c *Context, w http.ResponseWriter, r *http.Requ return } - auditRec := c.MakeAuditRecord("generateRemoteClusterInvite", audit.Fail) + auditRec := c.MakeAuditRecord("generateRemoteClusterInvite", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) props := model.MapFromJSON(r.Body) password := props["password"] @@ -636,9 +635,9 @@ func patchRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchRemoteCluster", audit.Fail) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) - audit.AddEventParameterAuditable(auditRec, "remotecluster_patch", &patch) + auditRec := c.MakeAuditRecord("patchRemoteCluster", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) + model.AddEventParameterAuditableToAuditRec(auditRec, "remotecluster_patch", &patch) defer c.LogAuditRec(auditRec) orc, err := c.App.GetRemoteCluster(c.Params.RemoteId, false) @@ -681,8 +680,8 @@ func deleteRemoteCluster(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteRemoteCluster", audit.Fail) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) + auditRec := c.MakeAuditRecord("deleteRemoteCluster", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) defer c.LogAuditRec(auditRec) orc, err := c.App.GetRemoteCluster(c.Params.RemoteId, false) diff --git a/server/channels/api4/role.go b/server/channels/api4/role.go index a4009a902e6..bfc1088ad53 100644 --- a/server/channels/api4/role.go +++ b/server/channels/api4/role.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) const GetRolesByNamesMax = 100 @@ -140,8 +139,8 @@ func patchRole(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchRole", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "role_patch", &patch) + auditRec := c.MakeAuditRecord("patchRole", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "role_patch", &patch) defer c.LogAuditRec(auditRec) oldRole, appErr := c.App.GetRole(c.Params.RoleId) diff --git a/server/channels/api4/saml.go b/server/channels/api4/saml.go index 15bbdae79f3..1dbae6c61ed 100644 --- a/server/channels/api4/saml.go +++ b/server/channels/api4/saml.go @@ -12,7 +12,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitSaml() { @@ -83,9 +82,9 @@ func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("addSamlPublicCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("addSamlPublicCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) if err := c.App.AddSamlPublicCertificate(fileData); err != nil { c.Err = err @@ -107,9 +106,9 @@ func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("addSamlPrivateCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("addSamlPrivateCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) if err := c.App.AddSamlPrivateCertificate(fileData); err != nil { c.Err = err @@ -136,7 +135,7 @@ func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("addSamlIdpCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("addSamlIdpCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) auditRec.AddMeta("type", d) @@ -157,7 +156,7 @@ func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } - audit.AddEventParameter(auditRec, "filename", fileData.Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", fileData.Filename) if err := c.App.AddSamlIdpCertificate(fileData); err != nil { c.Err = err @@ -178,7 +177,7 @@ func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Requ return } - auditRec := c.MakeAuditRecord("removeSamlPublicCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("removeSamlPublicCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RemoveSamlPublicCertificate(); err != nil { @@ -196,7 +195,7 @@ func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("removeSamlPrivateCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("removeSamlPrivateCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RemoveSamlPrivateCertificate(); err != nil { @@ -214,7 +213,7 @@ func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("removeSamlIdpCertificate", audit.Fail) + auditRec := c.MakeAuditRecord("removeSamlIdpCertificate", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RemoveSamlIdpCertificate(); err != nil { diff --git a/server/channels/api4/scheduled_post.go b/server/channels/api4/scheduled_post.go index 5712766e101..58dc665abdb 100644 --- a/server/channels/api4/scheduled_post.go +++ b/server/channels/api4/scheduled_post.go @@ -10,7 +10,6 @@ import ( "github.com/gorilla/mux" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" @@ -71,9 +70,9 @@ func createSchedulePost(c *Context, w http.ResponseWriter, r *http.Request) { scheduledPost.UserId = c.AppContext.Session().UserId scheduledPost.SanitizeInput() - auditRec := c.MakeAuditRecord("createSchedulePost", audit.Fail) + auditRec := c.MakeAuditRecord("createSchedulePost", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameterAuditable(auditRec, "scheduledPost", &scheduledPost) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheduledPost", &scheduledPost) scheduledPostChecks("Api4.createSchedulePost", c, &scheduledPost) if c.Err != nil { @@ -166,9 +165,9 @@ func updateScheduledPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateScheduledPost", audit.Fail) + auditRec := c.MakeAuditRecord("updateScheduledPost", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameterAuditable(auditRec, "scheduledPost", &scheduledPost) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheduledPost", &scheduledPost) scheduledPostChecks("Api4.updateScheduledPost", c, &scheduledPost) if c.Err != nil { @@ -205,9 +204,9 @@ func deleteScheduledPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteScheduledPost", audit.Fail) + auditRec := c.MakeAuditRecord("deleteScheduledPost", model.AuditStatusFail) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - audit.AddEventParameter(auditRec, "scheduledPostId", scheduledPostId) + model.AddEventParameterToAuditRec(auditRec, "scheduledPostId", scheduledPostId) userId := c.AppContext.Session().UserId connectionID := r.Header.Get(model.ConnectionId) diff --git a/server/channels/api4/scheme.go b/server/channels/api4/scheme.go index 820893fd706..8ba79589f98 100644 --- a/server/channels/api4/scheme.go +++ b/server/channels/api4/scheme.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitScheme() { @@ -29,9 +28,9 @@ func createScheme(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createScheme", audit.Fail) + auditRec := c.MakeAuditRecord("createScheme", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "scheme", &scheme) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheme", &scheme) if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) { c.Err = model.NewAppError("Api4.CreateScheme", "api.scheme.create_scheme.license.error", nil, "", http.StatusNotImplemented) @@ -194,8 +193,8 @@ func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchScheme", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "scheme_patch", &patch) + auditRec := c.MakeAuditRecord("patchScheme", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_patch", &patch) defer c.LogAuditRec(auditRec) if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) { @@ -203,7 +202,7 @@ func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameter(auditRec, "scheme_id", c.Params.SchemeId) + model.AddEventParameterToAuditRec(auditRec, "scheme_id", c.Params.SchemeId) scheme, err := c.App.GetScheme(c.Params.SchemeId) if err != nil { @@ -239,8 +238,8 @@ func deleteScheme(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteScheme", audit.Fail) - audit.AddEventParameter(auditRec, "scheme_id", c.Params.SchemeId) + auditRec := c.MakeAuditRecord("deleteScheme", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "scheme_id", c.Params.SchemeId) defer c.LogAuditRec(auditRec) if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) { diff --git a/server/channels/api4/shared_channel.go b/server/channels/api4/shared_channel.go index b200e5cda38..9f1bd04a23b 100644 --- a/server/channels/api4/shared_channel.go +++ b/server/channels/api4/shared_channel.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitSharedChannels() { @@ -171,11 +170,11 @@ func inviteRemoteClusterToChannel(c *Context, w http.ResponseWriter, r *http.Req return } - auditRec := c.MakeAuditRecord("inviteRemoteClusterToChannel", audit.Fail) + auditRec := c.MakeAuditRecord("inviteRemoteClusterToChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) - audit.AddEventParameter(auditRec, "user_id", c.AppContext.Session().UserId) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.AppContext.Session().UserId) if err := c.App.InviteRemoteToChannel(c.Params.ChannelId, c.Params.RemoteId, c.AppContext.Session().UserId, true); err != nil { if appErr, ok := err.(*model.AppError); ok { @@ -222,10 +221,10 @@ func uninviteRemoteClusterToChannel(c *Context, w http.ResponseWriter, r *http.R return } - auditRec := c.MakeAuditRecord("uninviteRemoteClusterToChannel", audit.Fail) + auditRec := c.MakeAuditRecord("uninviteRemoteClusterToChannel", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "remote_id", c.Params.RemoteId) - audit.AddEventParameter(auditRec, "channel_id", c.Params.ChannelId) + model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId) + model.AddEventParameterToAuditRec(auditRec, "channel_id", c.Params.ChannelId) hasRemote, err := c.App.HasRemote(c.Params.ChannelId, c.Params.RemoteId) if err != nil { diff --git a/server/channels/api4/system.go b/server/channels/api4/system.go index 6e82f467bea..67efc595a2a 100644 --- a/server/channels/api4/system.go +++ b/server/channels/api4/system.go @@ -21,7 +21,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/public/utils" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/config" "github.com/mattermost/mattermost/server/v8/platform/services/cache" "github.com/mattermost/mattermost/server/v8/platform/services/upgrader" @@ -297,7 +296,7 @@ func testSiteURL(c *Context, w http.ResponseWriter, r *http.Request) { } func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("getAudits", audit.Fail) + auditRec := c.MakeAuditRecord("getAudits", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadAudits) { @@ -312,8 +311,8 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { } auditRec.Success() - audit.AddEventParameter(auditRec, "page", c.Params.Page) - audit.AddEventParameter(auditRec, "audits_per_page", c.Params.LogsPerPage) + model.AddEventParameterToAuditRec(auditRec, "page", c.Params.Page) + model.AddEventParameterToAuditRec(auditRec, "audits_per_page", c.Params.LogsPerPage) if err := json.NewEncoder(w).Encode(audits); err != nil { c.Logger.Warn("Error while writing response", mlog.Err(err)) @@ -326,7 +325,7 @@ func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("databaseRecycle", audit.Fail) + auditRec := c.MakeAuditRecord("databaseRecycle", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.App.RecycleDatabaseConnection(c.AppContext) @@ -341,7 +340,7 @@ func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("invalidateCaches", audit.Fail) + auditRec := c.MakeAuditRecord("invalidateCaches", model.AuditStatusFail) defer c.LogAuditRec(auditRec) appErr := c.App.Srv().InvalidateAllCaches() @@ -357,7 +356,7 @@ func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) { } func queryLogs(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("queryLogs", audit.Fail) + auditRec := c.MakeAuditRecord("queryLogs", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) { @@ -400,7 +399,7 @@ func queryLogs(c *Context, w http.ResponseWriter, r *http.Request) { } func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("getLogs", audit.Fail) + auditRec := c.MakeAuditRecord("getLogs", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) { @@ -414,8 +413,8 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameter(auditRec, "page", c.Params.Page) - audit.AddEventParameter(auditRec, "logs_per_page", c.Params.LogsPerPage) + model.AddEventParameterToAuditRec(auditRec, "page", c.Params.Page) + model.AddEventParameterToAuditRec(auditRec, "logs_per_page", c.Params.LogsPerPage) if _, err := w.Write([]byte(model.ArrayToJSON(lines))); err != nil { c.Logger.Warn("Error while writing response", mlog.Err(err)) @@ -423,7 +422,7 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { } func downloadLogs(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("downloadLogs", audit.Fail) + auditRec := c.MakeAuditRecord("downloadLogs", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) { @@ -790,9 +789,9 @@ func setServerBusy(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("setServerBusy", audit.Fail) + auditRec := c.MakeAuditRecord("setServerBusy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "seconds", i) + model.AddEventParameterToAuditRec(auditRec, "seconds", i) c.App.Srv().Platform().Busy.Set(time.Second * time.Duration(i)) c.Logger.Warn("server busy state activated - non-critical services disabled", mlog.Int("seconds", i)) @@ -807,7 +806,7 @@ func clearServerBusy(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("clearServerBusy", audit.Fail) + auditRec := c.MakeAuditRecord("clearServerBusy", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.App.Srv().Platform().Busy.Clear() @@ -836,7 +835,7 @@ func getServerBusyExpires(c *Context, w http.ResponseWriter, r *http.Request) { } func upgradeToEnterprise(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("upgradeToEnterprise", audit.Fail) + auditRec := c.MakeAuditRecord("upgradeToEnterprise", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { @@ -925,7 +924,7 @@ func upgradeToEnterpriseStatus(c *Context, w http.ResponseWriter, r *http.Reques } func restart(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("restartServer", audit.Fail) + auditRec := c.MakeAuditRecord("restartServer", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { @@ -969,7 +968,7 @@ func getProductNotices(c *Context, w http.ResponseWriter, r *http.Request) { } func updateViewedProductNotices(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("updateViewedProductNotices", audit.Fail) + auditRec := c.MakeAuditRecord("updateViewedProductNotices", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -989,7 +988,7 @@ func updateViewedProductNotices(c *Context, w http.ResponseWriter, r *http.Reque } func getOnboarding(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("getOnboarding", audit.Fail) + auditRec := c.MakeAuditRecord("getOnboarding", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -1016,7 +1015,7 @@ func completeOnboarding(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("completeOnboarding", audit.Fail) + auditRec := c.MakeAuditRecord("completeOnboarding", model.AuditStatusFail) defer c.LogAuditRec(auditRec) onboardingRequest, err := model.CompleteOnboardingRequestFromReader(r.Body) @@ -1024,8 +1023,8 @@ func completeOnboarding(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("completeOnboarding", "app.system.complete_onboarding_request.app_error", nil, "", http.StatusBadRequest).Wrap(err) return } - audit.AddEventParameter(auditRec, "install_plugin", onboardingRequest.InstallPlugins) - audit.AddEventParameterAuditable(auditRec, "onboarding_request", onboardingRequest) + model.AddEventParameterToAuditRec(auditRec, "install_plugin", onboardingRequest.InstallPlugins) + model.AddEventParameterAuditableToAuditRec(auditRec, "onboarding_request", onboardingRequest) appErr := c.App.CompleteOnboarding(c.AppContext, onboardingRequest) if appErr != nil { @@ -1043,7 +1042,7 @@ func getAppliedSchemaMigrations(c *Context, w http.ResponseWriter, r *http.Reque return } - auditRec := c.MakeAuditRecord("getAppliedSchemaMigrations", audit.Fail) + auditRec := c.MakeAuditRecord("getAppliedSchemaMigrations", model.AuditStatusFail) defer c.LogAuditRec(auditRec) migrations, appErr := c.App.GetAppliedSchemaMigrations() diff --git a/server/channels/api4/system_local.go b/server/channels/api4/system_local.go index eb0c8914121..1771600f33c 100644 --- a/server/channels/api4/system_local.go +++ b/server/channels/api4/system_local.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitSystemLocal() { @@ -24,7 +23,7 @@ func (api *API) InitSystemLocal() { } func localCheckIntegrity(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("localCheckIntegrity", audit.Fail) + auditRec := c.MakeAuditRecord("localCheckIntegrity", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var results []model.IntegrityCheckResult diff --git a/server/channels/api4/team.go b/server/channels/api4/team.go index 7f9630d9e81..a2f1f6da23c 100644 --- a/server/channels/api4/team.go +++ b/server/channels/api4/team.go @@ -16,7 +16,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) const ( @@ -84,9 +83,9 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { } team.Email = strings.ToLower(team.Email) - auditRec := c.MakeAuditRecord("createTeam", audit.Fail) + auditRec := c.MakeAuditRecord("createTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "team", &team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", &team) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateTeam) { c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden) @@ -214,9 +213,9 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateTeam", audit.Fail) + auditRec := c.MakeAuditRecord("updateTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "team", &team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", &team) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) { c.SetPermissionError(model.PermissionManageTeam) @@ -251,8 +250,8 @@ func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchTeam", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "team_patch", &team) + auditRec := c.MakeAuditRecord("patchTeam", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "team_patch", &team) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) { @@ -304,9 +303,9 @@ func restoreTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("restoreTeam", audit.Fail) + auditRec := c.MakeAuditRecord("restoreTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) { c.SetPermissionError(model.PermissionManageTeam) @@ -381,12 +380,12 @@ func updateTeamPrivacy(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateTeamPrivacy", audit.Fail) - audit.AddEventParameter(auditRec, "privacy", privacy) + auditRec := c.MakeAuditRecord("updateTeamPrivacy", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "privacy", privacy) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) { - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) c.SetPermissionError(model.PermissionManageTeam) return } @@ -432,8 +431,8 @@ func regenerateTeamInviteId(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("regenerateTeamInviteId", audit.Fail) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + auditRec := c.MakeAuditRecord("regenerateTeamInviteId", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) defer c.LogAuditRec(auditRec) patchedTeam, err := c.App.RegenerateTeamInviteId(c.Params.TeamId) @@ -465,11 +464,11 @@ func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteTeam", audit.Fail) + auditRec := c.MakeAuditRecord("deleteTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if team, err := c.App.GetTeam(c.Params.TeamId); err == nil { - audit.AddEventParameterAuditable(auditRec, "team", team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", team) } var err *model.AppError @@ -733,8 +732,8 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("addTeamMember", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "member", &member) + auditRec := c.MakeAuditRecord("addTeamMember", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "member", &member) defer c.LogAuditRec(auditRec) if member.UserId == c.AppContext.Session().UserId { @@ -778,7 +777,7 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } - audit.AddEventParameterAuditable(auditRec, "team", team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", team) if team.IsGroupConstrained() { nonMembers, err := c.App.FilterNonGroupTeamMembers([]string{member.UserId}, team) @@ -820,9 +819,9 @@ func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) var member *model.TeamMember var err *model.AppError - auditRec := c.MakeAuditRecord("addUserToTeamFromInvite", audit.Fail) + auditRec := c.MakeAuditRecord("addUserToTeamFromInvite", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "invite_id", inviteId) + model.AddEventParameterToAuditRec(auditRec, "invite_id", inviteId) if tokenId != "" { member, err = c.App.AddTeamMemberByToken(c.AppContext, c.AppContext.Session().UserId, tokenId) @@ -878,8 +877,8 @@ func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("addTeamMembers", audit.Fail) - audit.AddEventParameterAuditableArray(auditRec, "members", members) + auditRec := c.MakeAuditRecord("addTeamMembers", model.AuditStatusFail) + model.AddEventParameterAuditableArrayToAuditRec(auditRec, "members", members) defer c.LogAuditRec(auditRec) auditRec.AddMeta("count", len(members)) @@ -894,7 +893,7 @@ func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = appErr return } - audit.AddEventParameterAuditable(auditRec, "team", team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", team) if team.IsGroupConstrained() { nonMembers, err := c.App.FilterNonGroupTeamMembers(memberIDs, team) @@ -990,7 +989,7 @@ func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("removeTeamMember", audit.Fail) + auditRec := c.MakeAuditRecord("removeTeamMember", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if c.AppContext.Session().UserId != c.Params.UserId { @@ -1000,22 +999,22 @@ func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { } } - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) team, err := c.App.GetTeam(c.Params.TeamId) if err != nil { c.Err = err return } - audit.AddEventParameterAuditable(auditRec, "team", team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", team) user, err := c.App.GetUser(c.Params.UserId) if err != nil { c.Err = err return } - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) if team.IsGroupConstrained() && (c.Params.UserId != c.AppContext.Session().UserId) && !user.IsBot { c.Err = model.NewAppError("removeTeamMember", "api.team.remove_member.group_constrained.app_error", nil, "", http.StatusBadRequest) @@ -1100,9 +1099,9 @@ func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateTeamMemberRoles", audit.Fail) + auditRec := c.MakeAuditRecord("updateTeamMemberRoles", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "roles", newRoles) + model.AddEventParameterToAuditRec(auditRec, "roles", newRoles) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeamRoles) { c.SetPermissionError(model.PermissionManageTeamRoles) @@ -1134,9 +1133,9 @@ func updateTeamMemberSchemeRoles(c *Context, w http.ResponseWriter, r *http.Requ return } - auditRec := c.MakeAuditRecord("updateTeamMemberSchemeRoles", audit.Fail) + auditRec := c.MakeAuditRecord("updateTeamMemberSchemeRoles", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "scheme_roles", &schemeRoles) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_roles", &schemeRoles) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeamRoles) { c.SetPermissionError(model.PermissionManageTeamRoles) @@ -1372,9 +1371,9 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("importTeam", audit.Fail) + auditRec := c.MakeAuditRecord("importTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) fileInfo := fileInfoArray[0] @@ -1384,9 +1383,9 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } defer fileData.Close() - audit.AddEventParameter(auditRec, "filename", fileInfo.Filename) - audit.AddEventParameter(auditRec, "filesize", fileSize) - audit.AddEventParameter(auditRec, "from", importFrom) + model.AddEventParameterToAuditRec(auditRec, "filename", fileInfo.Filename) + model.AddEventParameterToAuditRec(auditRec, "filesize", fileSize) + model.AddEventParameterToAuditRec(auditRec, "from", importFrom) var log *bytes.Buffer data := map[string]string{} @@ -1448,10 +1447,10 @@ func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) { emailList[i] = strings.ToLower(emailList[i]) } - auditRec := c.MakeAuditRecord("inviteUsersToTeam", audit.Fail) + auditRec := c.MakeAuditRecord("inviteUsersToTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "member_invite", memberInvite) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterAuditableToAuditRec(auditRec, "member_invite", memberInvite) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) auditRec.AddMeta("count", len(emailList)) auditRec.AddMeta("emails", emailList) @@ -1542,9 +1541,9 @@ func inviteGuestsToChannels(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("inviteGuestsToChannels", audit.Fail) + auditRec := c.MakeAuditRecord("inviteGuestsToChannels", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionInviteGuest) { c.SetPermissionError(model.PermissionInviteGuest) @@ -1563,7 +1562,7 @@ func inviteGuestsToChannels(c *Context, w http.ResponseWriter, r *http.Request) c.Err = model.NewAppError("Api4.inviteGuestsToChannels", "api.team.invite_guests_to_channels.invalid_body.app_error", nil, "", http.StatusBadRequest).Wrap(err) return } - audit.AddEventParameterAuditable(auditRec, "guests_invite", &guestsInvite) + model.AddEventParameterAuditableToAuditRec(auditRec, "guests_invite", &guestsInvite) for i, email := range guestsInvite.Emails { guestsInvite.Emails[i] = strings.ToLower(email) @@ -1659,7 +1658,7 @@ func invalidateAllEmailInvites(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("invalidateAllEmailInvites", audit.Fail) + auditRec := c.MakeAuditRecord("invalidateAllEmailInvites", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.InvalidateAllEmailInvites(c.AppContext); err != nil { @@ -1721,9 +1720,9 @@ func setTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("setTeamIcon", audit.Fail) + auditRec := c.MakeAuditRecord("setTeamIcon", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) { c.SetPermissionError(model.PermissionManageTeam) @@ -1772,9 +1771,9 @@ func removeTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("removeTeamIcon", audit.Fail) + auditRec := c.MakeAuditRecord("removeTeamIcon", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionManageTeam) { c.SetPermissionError(model.PermissionManageTeam) @@ -1810,8 +1809,8 @@ func updateTeamScheme(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateTeamScheme", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "scheme_id_patch", &p) + auditRec := c.MakeAuditRecord("updateTeamScheme", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_id_patch", &p) defer c.LogAuditRec(auditRec) if c.App.Channels().License() == nil { @@ -1830,7 +1829,7 @@ func updateTeamScheme(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } - audit.AddEventParameterAuditable(auditRec, "scheme", scheme) + model.AddEventParameterAuditableToAuditRec(auditRec, "scheme", scheme) if scheme.Scope != model.SchemeScopeTeam { c.Err = model.NewAppError("Api4.UpdateTeamScheme", "api.team.update_team_scheme.scheme_scope.error", nil, "", http.StatusBadRequest) @@ -1843,7 +1842,7 @@ func updateTeamScheme(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } - audit.AddEventParameterAuditable(auditRec, "team", team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", team) team.SchemeId = schemeID diff --git a/server/channels/api4/team_local.go b/server/channels/api4/team_local.go index f6d2cbb14b4..3ae3bad770d 100644 --- a/server/channels/api4/team_local.go +++ b/server/channels/api4/team_local.go @@ -14,7 +14,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app/email" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/store" ) @@ -42,8 +41,8 @@ func localDeleteTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("localDeleteTeam", audit.Fail) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + auditRec := c.MakeAuditRecord("localDeleteTeam", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) defer c.LogAuditRec(auditRec) if team, err := c.App.GetTeam(c.Params.TeamId); err == nil { @@ -100,10 +99,10 @@ func localInviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) emailList[i] = email } - auditRec := c.MakeAuditRecord("localInviteUsersToTeam", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "member_invite", memberInvite) + auditRec := c.MakeAuditRecord("localInviteUsersToTeam", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "member_invite", memberInvite) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) auditRec.AddMeta("count", len(emailList)) auditRec.AddMeta("emails", emailList) @@ -248,9 +247,9 @@ func localCreateTeam(c *Context, w http.ResponseWriter, r *http.Request) { team.Email = strings.ToLower(team.Email) - auditRec := c.MakeAuditRecord("localCreateTeam", audit.Fail) + auditRec := c.MakeAuditRecord("localCreateTeam", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "team", &team) + model.AddEventParameterAuditableToAuditRec(auditRec, "team", &team) rteam, err := c.App.CreateTeam(c.AppContext, &team) if err != nil { diff --git a/server/channels/api4/terms_of_service.go b/server/channels/api4/terms_of_service.go index fc759dfdb75..1e01321fef4 100644 --- a/server/channels/api4/terms_of_service.go +++ b/server/channels/api4/terms_of_service.go @@ -10,7 +10,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitTermsOfService() { @@ -41,7 +40,7 @@ func createTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createTermsOfService", audit.Fail) + auditRec := c.MakeAuditRecord("createTermsOfService", model.AuditStatusFail) defer c.LogAuditRec(auditRec) props := model.MapFromJSON(r.Body) diff --git a/server/channels/api4/upload.go b/server/channels/api4/upload.go index 03c8f608490..b2e13806424 100644 --- a/server/channels/api4/upload.go +++ b/server/channels/api4/upload.go @@ -13,7 +13,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitUpload() { @@ -40,9 +39,9 @@ func createUpload(c *Context, w http.ResponseWriter, r *http.Request) { us.RemoteId = "" us.ReqFileId = "" - auditRec := c.MakeAuditRecord("createUpload", audit.Fail) + auditRec := c.MakeAuditRecord("createUpload", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "upload", &us) + model.AddEventParameterAuditableToAuditRec(auditRec, "upload", &us) if us.Type == model.UploadTypeImport { if !c.IsSystemAdmin() { @@ -119,9 +118,9 @@ func uploadData(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("uploadData", audit.Fail) + auditRec := c.MakeAuditRecord("uploadData", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "upload_id", c.Params.UploadId) + model.AddEventParameterToAuditRec(auditRec, "upload_id", c.Params.UploadId) c.AppContext = c.AppContext.With(app.RequestContextWithMaster) us, err := c.App.GetUploadSession(c.AppContext, c.Params.UploadId) diff --git a/server/channels/api4/user.go b/server/channels/api4/user.go index 712656c6baa..e067dec0cdf 100644 --- a/server/channels/api4/user.go +++ b/server/channels/api4/user.go @@ -18,7 +18,6 @@ import ( "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/store" "github.com/mattermost/mattermost/server/v8/channels/utils" ) @@ -124,11 +123,11 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { inviteId := r.URL.Query().Get("iid") redirect := r.URL.Query().Get("r") - auditRec := c.MakeAuditRecord("createUser", audit.Fail) + auditRec := c.MakeAuditRecord("createUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "invite_id", inviteId) - audit.AddEventParameter(auditRec, "redirect", redirect) - audit.AddEventParameterAuditable(auditRec, "user", &user) + model.AddEventParameterToAuditRec(auditRec, "invite_id", inviteId) + model.AddEventParameterToAuditRec(auditRec, "redirect", redirect) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", &user) // No permission check required @@ -471,10 +470,10 @@ func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("setProfileImage", audit.Fail) + auditRec := c.MakeAuditRecord("setProfileImage", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if imageArray[0] != nil { - audit.AddEventParameter(auditRec, "filename", imageArray[0].Filename) + model.AddEventParameterToAuditRec(auditRec, "filename", imageArray[0].Filename) } user, err := c.App.GetUser(c.Params.UserId) @@ -520,8 +519,8 @@ func setDefaultProfileImage(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("setDefaultProfileImage", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + auditRec := c.MakeAuditRecord("setDefaultProfileImage", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) defer c.LogAuditRec(auditRec) user, err := c.App.GetUser(c.Params.UserId) @@ -529,7 +528,7 @@ func setDefaultProfileImage(c *Context, w http.ResponseWriter, r *http.Request) c.Err = err return } - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) if err := c.App.SetDefaultProfileImage(c.AppContext, user); err != nil { c.Err = err @@ -1248,7 +1247,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateUser", audit.Fail) + auditRec := c.MakeAuditRecord("updateUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var user model.User @@ -1257,7 +1256,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "user", &user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", &user) // The user being updated in the payload must be the same one as indicated in the URL. if user.Id != c.Params.UserId { c.SetInvalidParam("user_id") @@ -1337,8 +1336,8 @@ func patchUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("patchUser", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "user_patch", &patch) + auditRec := c.MakeAuditRecord("patchUser", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "user_patch", &patch) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), c.Params.UserId) { @@ -1416,9 +1415,9 @@ func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) { userId := c.Params.UserId permanent := c.Params.Permanent - auditRec := c.MakeAuditRecord("deleteUser", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", userId) - audit.AddEventParameter(auditRec, "permanent", permanent) + auditRec := c.MakeAuditRecord("deleteUser", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", userId) + model.AddEventParameterToAuditRec(auditRec, "permanent", permanent) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), userId) { @@ -1490,8 +1489,8 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { } } - auditRec := c.MakeAuditRecord("updateUserRoles", audit.Fail) - audit.AddEventParameter(auditRec, "roles", newRoles) + auditRec := c.MakeAuditRecord("updateUserRoles", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "roles", newRoles) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageRoles) { @@ -1527,9 +1526,9 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateUserActive", audit.Fail) + auditRec := c.MakeAuditRecord("updateUserActive", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "active", active) + model.AddEventParameterToAuditRec(auditRec, "active", active) // true when you're trying to de-activate yourself isSelfDeactivate := !active && c.Params.UserId == c.AppContext.Session().UserId @@ -1601,7 +1600,7 @@ func updateUserAuth(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateUserAuth", audit.Fail) + auditRec := c.MakeAuditRecord("updateUserAuth", model.AuditStatusFail) defer c.LogAuditRec(auditRec) var userAuth model.UserAuth @@ -1610,7 +1609,7 @@ func updateUserAuth(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "user_auth", &userAuth) + model.AddEventParameterAuditableToAuditRec(auditRec, "user_auth", &userAuth) if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" { c.Err = model.NewAppError("updateUserAuth", "api.user.update_user_auth.invalid_request", nil, "", http.StatusBadRequest) @@ -1643,7 +1642,7 @@ func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateUserMfa", audit.Fail) + auditRec := c.MakeAuditRecord("updateUserMfa", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if c.AppContext.Session().IsOAuth { @@ -1663,7 +1662,7 @@ func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { } if user, appErr := c.App.GetUser(c.Params.UserId); appErr == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) } props := model.StringInterfaceFromJSON(r.Body) @@ -1736,13 +1735,13 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJSON(r.Body) newPassword := props["new_password"] - auditRec := c.MakeAuditRecord("updatePassword", audit.Fail) + auditRec := c.MakeAuditRecord("updatePassword", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempted") var canUpdatePassword bool if user, err := c.App.GetUser(c.Params.UserId); err == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) if user.IsSystemAdmin() { canUpdatePassword = c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) @@ -1802,7 +1801,7 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) { newPassword := props["new_password"] - auditRec := c.MakeAuditRecord("resetPassword", audit.Fail) + auditRec := c.MakeAuditRecord("resetPassword", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt - token=" + token) @@ -1828,9 +1827,9 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("sendPasswordReset", audit.Fail) + auditRec := c.MakeAuditRecord("sendPasswordReset", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "email", email) + model.AddEventParameterToAuditRec(auditRec, "email", email) sent, err := c.App.SendPasswordReset(c.AppContext, email, c.App.GetSiteURL()) if err != nil { @@ -1937,10 +1936,10 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { } } - auditRec := c.MakeAuditRecord("login", audit.Fail) + auditRec := c.MakeAuditRecord("login", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "login_id", loginId) - audit.AddEventParameter(auditRec, "device_id", deviceId) + model.AddEventParameterToAuditRec(auditRec, "login_id", loginId) + model.AddEventParameterToAuditRec(auditRec, "device_id", deviceId) c.LogAuditWithUserId(id, "attempt - login_id="+loginId) @@ -2065,9 +2064,9 @@ func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) { } } - auditRec := c.MakeAuditRecord("login", audit.Fail) + auditRec := c.MakeAuditRecord("login", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "login_id", loginID) + model.AddEventParameterToAuditRec(auditRec, "login_id", loginID) user, err := c.App.AuthenticateUserForLogin(c.AppContext, "", loginID, "", "", token, false) if err != nil { c.LogAuditWithUserId("", "failure - login_id="+loginID) @@ -2075,7 +2074,7 @@ func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, *c.App.Config().ServiceSettings.SiteURL, http.StatusFound) return } - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) c.LogAuditWithUserId(user.Id, "authenticated") isMobileDevice := utils.IsMobileRequest(r) session, err := c.App.DoLogin(c.AppContext, w, r, user, "", isMobileDevice, false, false) @@ -2108,7 +2107,7 @@ func logout(c *Context, w http.ResponseWriter, r *http.Request) { } func Logout(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("Logout", audit.Fail) + auditRec := c.MakeAuditRecord("Logout", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("") @@ -2162,7 +2161,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("revokeSession", audit.Fail) + auditRec := c.MakeAuditRecord("revokeSession", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { @@ -2176,7 +2175,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { c.SetInvalidParam("session_id") return } - audit.AddEventParameter(auditRec, "session_id", sessionId) + model.AddEventParameterToAuditRec(auditRec, "session_id", sessionId) session, err := c.App.GetSessionById(c.AppContext, sessionId) if err != nil { @@ -2209,9 +2208,9 @@ func revokeAllSessionsForUser(c *Context, w http.ResponseWriter, r *http.Request return } - auditRec := c.MakeAuditRecord("revokeAllSessionsForUser", audit.Fail) + auditRec := c.MakeAuditRecord("revokeAllSessionsForUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) @@ -2235,7 +2234,7 @@ func revokeAllSessionsAllUsers(c *Context, w http.ResponseWriter, r *http.Reques return } - auditRec := c.MakeAuditRecord("revokeAllSessionsAllUsers", audit.Fail) + auditRec := c.MakeAuditRecord("revokeAllSessionsAllUsers", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.RevokeSessionsFromAllUsers(); err != nil { @@ -2292,9 +2291,9 @@ func handleDeviceProps(c *Context, w http.ResponseWriter, r *http.Request) { } func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request, deviceId string) { - auditRec := c.MakeAuditRecord("attachDeviceId", audit.Fail) + auditRec := c.MakeAuditRecord("attachDeviceId", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "device_id", deviceId) + model.AddEventParameterToAuditRec(auditRec, "device_id", deviceId) // A special case where we logout of all other sessions with the same device id if err := c.App.RevokeSessionsForDeviceId(c.AppContext, c.AppContext.Session().UserId, deviceId, c.AppContext.Session().Id); err != nil { @@ -2347,12 +2346,12 @@ func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getUserAudits", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + auditRec := c.MakeAuditRecord("getUserAudits", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) defer c.LogAuditRec(auditRec) if user, err := c.App.GetUser(c.Params.UserId); err == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) } if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { @@ -2384,7 +2383,7 @@ func verifyUserEmail(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("verifyUserEmail", audit.Fail) + auditRec := c.MakeAuditRecord("verifyUserEmail", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.VerifyEmailFromToken(c.AppContext, token); err != nil { @@ -2409,10 +2408,10 @@ func sendVerificationEmail(c *Context, w http.ResponseWriter, r *http.Request) { } redirect := r.URL.Query().Get("r") - auditRec := c.MakeAuditRecord("sendVerificationEmail", audit.Fail) + auditRec := c.MakeAuditRecord("sendVerificationEmail", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "email", email) - audit.AddEventParameter(auditRec, "redirect", redirect) + model.AddEventParameterToAuditRec(auditRec, "email", email) + model.AddEventParameterToAuditRec(auditRec, "redirect", redirect) user, err := c.App.GetUserForLogin(c.AppContext, "", email) if err != nil { @@ -2440,9 +2439,9 @@ func switchAccountType(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("switchAccountType", audit.Fail) + auditRec := c.MakeAuditRecord("switchAccountType", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "switch_request", &switchRequest) + model.AddEventParameterAuditableToAuditRec(auditRec, "switch_request", &switchRequest) link := "" var err *model.AppError @@ -2484,8 +2483,8 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createUserAccessToken", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + auditRec := c.MakeAuditRecord("createUserAccessToken", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) defer c.LogAuditRec(auditRec) user, err := c.App.GetUser(c.Params.UserId) @@ -2494,7 +2493,7 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) if user.IsRemote() { // remote/synthetic users cannot have access tokens @@ -2679,9 +2678,9 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.SetInvalidParam("token_id") } - auditRec := c.MakeAuditRecord("revokeUserAccessToken", audit.Fail) + auditRec := c.MakeAuditRecord("revokeUserAccessToken", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "token_id", tokenId) + model.AddEventParameterToAuditRec(auditRec, "token_id", tokenId) c.LogAudit("") if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionRevokeUserAccessToken) { @@ -2696,7 +2695,7 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { } if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) } if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), accessToken.UserId) { @@ -2723,8 +2722,8 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) c.SetInvalidParam("token_id") } - auditRec := c.MakeAuditRecord("disableUserAccessToken", audit.Fail) - audit.AddEventParameter(auditRec, "token_id", tokenId) + auditRec := c.MakeAuditRecord("disableUserAccessToken", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "token_id", tokenId) defer c.LogAuditRec(auditRec) c.LogAudit("") @@ -2741,7 +2740,7 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) } if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) } if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), accessToken.UserId) { @@ -2768,9 +2767,9 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.SetInvalidParam("token_id") } - auditRec := c.MakeAuditRecord("enableUserAccessToken", audit.Fail) + auditRec := c.MakeAuditRecord("enableUserAccessToken", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "token_id", tokenId) + model.AddEventParameterToAuditRec(auditRec, "token_id", tokenId) c.LogAudit("") // No separate permission for this action for now @@ -2786,7 +2785,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { } if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) } if !c.App.SessionHasPermissionToUserOrBot(c.AppContext, *c.AppContext.Session(), accessToken.UserId) { @@ -2808,7 +2807,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { func saveUserTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) { props := model.StringInterfaceFromJSON(r.Body) - auditRec := c.MakeAuditRecord("saveUserTermsOfService", audit.Fail) + auditRec := c.MakeAuditRecord("saveUserTermsOfService", model.AuditStatusFail) defer c.LogAuditRec(auditRec) userId := c.AppContext.Session().UserId @@ -2817,16 +2816,16 @@ func saveUserTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) c.SetInvalidParam("termsOfServiceId") return } - audit.AddEventParameter(auditRec, "terms_of_service_id", termsOfServiceId) + model.AddEventParameterToAuditRec(auditRec, "terms_of_service_id", termsOfServiceId) accepted, ok := props["accepted"].(bool) if !ok { c.SetInvalidParam("accepted") return } - audit.AddEventParameter(auditRec, "accepted", accepted) + model.AddEventParameterToAuditRec(auditRec, "accepted", accepted) if user, err := c.App.GetUser(userId); err == nil { - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) } if _, err := c.App.GetTermsOfService(termsOfServiceId); err != nil { @@ -2863,9 +2862,9 @@ func promoteGuestToUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("promoteGuestToUser", audit.Fail) + auditRec := c.MakeAuditRecord("promoteGuestToUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionPromoteGuest) { c.SetPermissionError(model.PermissionPromoteGuest) @@ -2916,8 +2915,8 @@ func demoteUserToGuest(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("demoteUserToGuest", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + auditRec := c.MakeAuditRecord("demoteUserToGuest", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionDemoteToGuest) { @@ -2994,8 +2993,8 @@ func verifyUserEmailWithoutToken(c *Context, w http.ResponseWriter, r *http.Requ return } - auditRec := c.MakeAuditRecord("verifyUserEmailWithoutToken", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + auditRec := c.MakeAuditRecord("verifyUserEmailWithoutToken", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) defer c.LogAuditRec(auditRec) auditRec.AddMeta("user_id", user.Id) @@ -3029,10 +3028,10 @@ func convertUserToBot(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("convertUserToBot", audit.Fail) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + auditRec := c.MakeAuditRecord("convertUserToBot", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "user", user) + model.AddEventParameterAuditableToAuditRec(auditRec, "user", user) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { c.SetPermissionError(model.PermissionManageSystem) @@ -3183,11 +3182,11 @@ func migrateAuthToLDAP(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("migrateAuthToLdap", audit.Fail) + auditRec := c.MakeAuditRecord("migrateAuthToLdap", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "from", from) - audit.AddEventParameter(auditRec, "force", force) - audit.AddEventParameter(auditRec, "match_field", matchField) + model.AddEventParameterToAuditRec(auditRec, "from", from) + model.AddEventParameterToAuditRec(auditRec, "force", force) + model.AddEventParameterToAuditRec(auditRec, "match_field", matchField) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { c.SetPermissionError(model.PermissionManageSystem) @@ -3242,11 +3241,11 @@ func migrateAuthToSaml(c *Context, w http.ResponseWriter, r *http.Request) { } usersMap := model.MapFromJSON(strings.NewReader(model.StringInterfaceToJSON(matches))) - auditRec := c.MakeAuditRecord("migrateAuthToSaml", audit.Fail) + auditRec := c.MakeAuditRecord("migrateAuthToSaml", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "from", from) - audit.AddEventParameter(auditRec, "auto", auto) - audit.AddEventParameter(auditRec, "users_map", usersMap) + model.AddEventParameterToAuditRec(auditRec, "from", from) + model.AddEventParameterToAuditRec(auditRec, "auto", auto) + model.AddEventParameterToAuditRec(auditRec, "users_map", usersMap) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) { c.SetPermissionError(model.PermissionManageSystem) @@ -3393,12 +3392,12 @@ func updateReadStateThreadByUser(c *Context, w http.ResponseWriter, r *http.Requ return } - auditRec := c.MakeAuditRecord("updateReadStateThreadByUser", audit.Fail) + auditRec := c.MakeAuditRecord("updateReadStateThreadByUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) - audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) - audit.AddEventParameter(auditRec, "timestamp", c.Params.Timestamp) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "timestamp", c.Params.Timestamp) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) return @@ -3427,12 +3426,12 @@ func setUnreadThreadByPostId(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("setUnreadThreadByPostId", audit.Fail) + auditRec := c.MakeAuditRecord("setUnreadThreadByPostId", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) - audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) - audit.AddEventParameter(auditRec, "post_id", c.Params.PostId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "post_id", c.Params.PostId) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) @@ -3471,11 +3470,11 @@ func unfollowThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("unfollowThreadByUser", audit.Fail) + auditRec := c.MakeAuditRecord("unfollowThreadByUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) - audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) @@ -3503,11 +3502,11 @@ func followThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("followThreadByUser", audit.Fail) + auditRec := c.MakeAuditRecord("followThreadByUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) - audit.AddEventParameter(auditRec, "thread_id", c.Params.ThreadId) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "thread_id", c.Params.ThreadId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) @@ -3535,10 +3534,10 @@ func updateReadStateAllThreadsByUser(c *Context, w http.ResponseWriter, r *http. return } - auditRec := c.MakeAuditRecord("updateReadStateAllThreadsByUser", audit.Fail) + auditRec := c.MakeAuditRecord("updateReadStateAllThreadsByUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) - audit.AddEventParameter(auditRec, "team_id", c.Params.TeamId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "team_id", c.Params.TeamId) if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) { c.SetPermissionError(model.PermissionEditOtherUsers) @@ -3589,7 +3588,7 @@ func resetPasswordFailedAttempts(c *Context, w http.ResponseWriter, r *http.Requ } errParams := map[string]any{"userID": c.Params.UserId} - auditRec := c.MakeAuditRecord("resetPasswordFailedAttempts", audit.Fail) + auditRec := c.MakeAuditRecord("resetPasswordFailedAttempts", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementUsers) { diff --git a/server/channels/api4/user_local.go b/server/channels/api4/user_local.go index eb494980944..edb0e9d9617 100644 --- a/server/channels/api4/user_local.go +++ b/server/channels/api4/user_local.go @@ -13,7 +13,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/store" "github.com/mattermost/mattermost/server/v8/channels/utils" ) @@ -320,7 +319,7 @@ func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) { userId := c.Params.UserId - auditRec := c.MakeAuditRecord("localDeleteUser", audit.Fail) + auditRec := c.MakeAuditRecord("localDeleteUser", model.AuditStatusFail) defer c.LogAuditRec(auditRec) user, err := c.App.GetUser(userId) @@ -328,7 +327,7 @@ func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } - audit.AddEventParameter(auditRec, "user_id", c.Params.UserId) + model.AddEventParameterToAuditRec(auditRec, "user_id", c.Params.UserId) auditRec.AddEventPriorState(user) auditRec.AddEventObjectType("user") @@ -347,7 +346,7 @@ func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) { } func localPermanentDeleteAllUsers(c *Context, w http.ResponseWriter, r *http.Request) { - auditRec := c.MakeAuditRecord("localPermanentDeleteAllUsers", audit.Fail) + auditRec := c.MakeAuditRecord("localPermanentDeleteAllUsers", model.AuditStatusFail) defer c.LogAuditRec(auditRec) if err := c.App.PermanentDeleteAllUsers(c.AppContext); err != nil { diff --git a/server/channels/api4/webhook.go b/server/channels/api4/webhook.go index fc30ae62c4f..0e63a2acac9 100644 --- a/server/channels/api4/webhook.go +++ b/server/channels/api4/webhook.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitWebhook() { @@ -40,10 +39,10 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createIncomingHook", audit.Fail) + auditRec := c.MakeAuditRecord("createIncomingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "incoming_webhook", &hook) - audit.AddEventParameterAuditable(auditRec, "channel", channel) + model.AddEventParameterAuditableToAuditRec(auditRec, "incoming_webhook", &hook) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) c.LogAudit("attempt") if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionManageIncomingWebhooks) { @@ -108,9 +107,9 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateIncomingHook", audit.Fail) - audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId) - audit.AddEventParameterAuditable(auditRec, "updated_hook", &updatedHook) + auditRec := c.MakeAuditRecord("updateIncomingHook", model.AuditStatusFail) + model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId) + model.AddEventParameterAuditableToAuditRec(auditRec, "updated_hook", &updatedHook) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -261,9 +260,9 @@ func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getIncomingHook", audit.Fail) + auditRec := c.MakeAuditRecord("getIncomingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId) + model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId) auditRec.AddMeta("hook_id", hook.Id) auditRec.AddMeta("hook_display", hook.DisplayName) auditRec.AddMeta("channel_id", hook.ChannelId) @@ -321,9 +320,9 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteIncomingHook", audit.Fail) + auditRec := c.MakeAuditRecord("deleteIncomingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId) + model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId) auditRec.AddMeta("hook_id", hook.Id) auditRec.AddMeta("hook_display", hook.DisplayName) auditRec.AddMeta("channel_id", channel.Id) @@ -372,9 +371,9 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("updateOutgoingHook", audit.Fail) + auditRec := c.MakeAuditRecord("updateOutgoingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "updated_hook", &updatedHook) + model.AddEventParameterAuditableToAuditRec(auditRec, "updated_hook", &updatedHook) c.LogAudit("attempt") oldHook, err := c.App.GetOutgoingWebhook(c.Params.HookId) @@ -426,8 +425,8 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("createOutgoingHook", audit.Fail) - audit.AddEventParameterAuditable(auditRec, "hook", &hook) + auditRec := c.MakeAuditRecord("createOutgoingHook", model.AuditStatusFail) + model.AddEventParameterAuditableToAuditRec(auditRec, "hook", &hook) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -547,9 +546,9 @@ func getOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("getOutgoingHook", audit.Fail) + auditRec := c.MakeAuditRecord("getOutgoingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId) + model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId) auditRec.AddMeta("hook_id", hook.Id) auditRec.AddMeta("hook_display", hook.DisplayName) auditRec.AddMeta("channel_id", hook.ChannelId) @@ -587,7 +586,7 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("regenOutgoingHookToken", audit.Fail) + auditRec := c.MakeAuditRecord("regenOutgoingHookToken", model.AuditStatusFail) defer c.LogAuditRec(auditRec) auditRec.AddMeta("hook_id", hook.Id) auditRec.AddMeta("hook_display", hook.DisplayName) @@ -634,9 +633,9 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deleteOutgoingHook", audit.Fail) + auditRec := c.MakeAuditRecord("deleteOutgoingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "hook_id", c.Params.HookId) + model.AddEventParameterToAuditRec(auditRec, "hook_id", c.Params.HookId) auditRec.AddMeta("hook_id", hook.Id) auditRec.AddMeta("hook_display", hook.DisplayName) auditRec.AddMeta("channel_id", hook.ChannelId) diff --git a/server/channels/api4/webhook_local.go b/server/channels/api4/webhook_local.go index 6ab58c943a5..bc36e8e3794 100644 --- a/server/channels/api4/webhook_local.go +++ b/server/channels/api4/webhook_local.go @@ -9,7 +9,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) func (api *API) InitWebhookLocal() { @@ -49,10 +48,10 @@ func localCreateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("localCreateIncomingHook", audit.Fail) + auditRec := c.MakeAuditRecord("localCreateIncomingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "hook", &hook) - audit.AddEventParameterAuditable(auditRec, "channel", channel) + model.AddEventParameterAuditableToAuditRec(auditRec, "hook", &hook) + model.AddEventParameterAuditableToAuditRec(auditRec, "channel", channel) c.LogAudit("attempt") incomingHook, err := c.App.CreateIncomingWebhookForChannel(hook.UserId, channel, &hook) @@ -79,9 +78,9 @@ func localCreateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) return } - auditRec := c.MakeAuditRecord("createOutgoingHook", audit.Fail) + auditRec := c.MakeAuditRecord("createOutgoingHook", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameterAuditable(auditRec, "hook", &hook) + model.AddEventParameterAuditableToAuditRec(auditRec, "hook", &hook) c.LogAudit("attempt") if hook.CreatorId == "" { diff --git a/server/channels/app/audit.go b/server/channels/app/audit.go index beaf0de56d6..4bcd96a9899 100644 --- a/server/channels/app/audit.go +++ b/server/channels/app/audit.go @@ -63,12 +63,12 @@ func (a *App) GetAuditsPage(rctx request.CTX, userID string, page int, perPage i } // LogAuditRec logs an audit record using default LvlAuditCLI. -func (a *App) LogAuditRec(rctx request.CTX, rec *audit.Record, err error) { +func (a *App) LogAuditRec(rctx request.CTX, rec *model.AuditRecord, err error) { a.LogAuditRecWithLevel(rctx, rec, mlog.LvlAuditCLI, err) } // LogAuditRecWithLevel logs an audit record using specified Level. -func (a *App) LogAuditRecWithLevel(rctx request.CTX, rec *audit.Record, level mlog.Level, err error) { +func (a *App) LogAuditRecWithLevel(rctx request.CTX, rec *model.AuditRecord, level mlog.Level, err error) { if rec == nil { return } @@ -84,28 +84,28 @@ func (a *App) LogAuditRecWithLevel(rctx request.CTX, rec *audit.Record, level ml } // MakeAuditRecord creates a audit record pre-populated with defaults. -func (a *App) MakeAuditRecord(rctx request.CTX, event string, initialStatus string) *audit.Record { +func (a *App) MakeAuditRecord(rctx request.CTX, event string, initialStatus string) *model.AuditRecord { var userID string user, err := user.Current() if err == nil { userID = fmt.Sprintf("%s:%s", user.Uid, user.Username) } - rec := &audit.Record{ + rec := &model.AuditRecord{ EventName: event, Status: initialStatus, Meta: map[string]any{ - audit.KeyAPIPath: "", - audit.KeyClusterID: a.GetClusterId(), + model.AuditKeyAPIPath: "", + model.AuditKeyClusterID: a.GetClusterId(), }, - Actor: audit.EventActor{ + Actor: model.AuditEventActor{ UserId: userID, SessionId: "", Client: fmt.Sprintf("server %s-%s", model.BuildNumber, model.BuildHash), IpAddress: "", XForwardedFor: "", }, - EventData: audit.EventData{ + EventData: model.AuditEventData{ Parameters: map[string]any{}, PriorState: map[string]any{}, ResultState: map[string]any{}, diff --git a/server/channels/app/plugin_api.go b/server/channels/app/plugin_api.go index eca3cef22cc..20d369b6e6b 100644 --- a/server/channels/app/plugin_api.go +++ b/server/channels/app/plugin_api.go @@ -197,6 +197,21 @@ func (api *PluginAPI) GetTeamsForUser(userID string) ([]*model.Team, *model.AppE return api.app.GetTeamsForUser(userID) } +func (api *PluginAPI) LogAuditRec(rec *model.AuditRecord) { + api.LogAuditRecWithLevel(rec, mlog.LvlAuditCLI) +} + +func (api *PluginAPI) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) { + if rec == nil { + return + } + + // Ensure the plugin_id is always logged with the correct ID + model.AddEventParameterToAuditRec(rec, "plugin_id", api.id) + + api.app.Srv().Audit.LogRecord(level, *rec) +} + func (api *PluginAPI) CreateTeamMember(teamID, userID string) (*model.TeamMember, *model.AppError) { return api.app.AddTeamMember(api.ctx, teamID, userID) } diff --git a/server/channels/app/session.go b/server/channels/app/session.go index 30bd18ea457..fd85973e77b 100644 --- a/server/channels/app/session.go +++ b/server/channels/app/session.go @@ -15,7 +15,6 @@ import ( "github.com/mattermost/mattermost/server/public/shared/request" "github.com/mattermost/mattermost/server/v8/channels/app/platform" "github.com/mattermost/mattermost/server/v8/channels/app/users" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/store" ) @@ -346,7 +345,7 @@ func (a *App) ExtendSessionExpiryIfNeeded(rctx request.CTX, session *model.Sessi return false } - auditRec := a.MakeAuditRecord(rctx, "extendSessionExpiry", audit.Fail) + auditRec := a.MakeAuditRecord(rctx, "extendSessionExpiry", model.AuditStatusFail) defer a.LogAuditRec(rctx, auditRec, nil) auditRec.AddEventPriorState(session) diff --git a/server/channels/audit/audit.go b/server/channels/audit/audit.go index 95969a7840b..7f0feeda879 100644 --- a/server/channels/audit/audit.go +++ b/server/channels/audit/audit.go @@ -6,9 +6,12 @@ package audit import ( "fmt" + "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/mlog" ) +const DefMaxQueueSize = 1000 + type Audit struct { logger *mlog.Logger @@ -30,14 +33,14 @@ func (a *Audit) Init(maxQueueSize int) { } // LogRecord emits an audit record with complete info. -func (a *Audit) LogRecord(level mlog.Level, rec Record) { +func (a *Audit) LogRecord(level mlog.Level, rec model.AuditRecord) { flds := []mlog.Field{ - mlog.String(KeyEventName, rec.EventName), - mlog.String(KeyStatus, rec.Status), - mlog.Any(KeyActor, rec.Actor), - mlog.Any(KeyEvent, rec.EventData), - mlog.Any(KeyMeta, rec.Meta), - mlog.Any(KeyError, rec.Error), + mlog.String(model.AuditKeyEventName, rec.EventName), + mlog.String(model.AuditKeyStatus, rec.Status), + mlog.Any(model.AuditKeyActor, rec.Actor), + mlog.Any(model.AuditKeyEvent, rec.EventData), + mlog.Any(model.AuditKeyMeta, rec.Meta), + mlog.Any(model.AuditKeyError, rec.Error), } a.logger.Log(level, "", flds...) diff --git a/server/channels/audit/audit_test.go b/server/channels/audit/audit_test.go index c46d2a81552..88c69f2d57d 100644 --- a/server/channels/audit/audit_test.go +++ b/server/channels/audit/audit_test.go @@ -18,7 +18,7 @@ import ( "github.com/mattermost/mattermost/server/public/shared/mlog" ) -func TestAudit_LogRecord(t *testing.T) { +func TestAudit_LogAuditRecord(t *testing.T) { userId := model.NewId() testCases := []struct { description string @@ -28,7 +28,7 @@ func TestAudit_LogRecord(t *testing.T) { { "empty record", func(audit Audit) { - rec := Record{} + rec := model.AuditRecord{} audit.LogRecord(mlog.LvlAuditAPI, rec) }, []string{ @@ -43,7 +43,7 @@ func TestAudit_LogRecord(t *testing.T) { usr.Username = "TestABC" usr.Password = "hello_world" - rec := Record{} + rec := model.AuditRecord{} rec.AddEventObjectType("user") rec.EventName = "User.Update" rec.AddEventPriorState(usr) diff --git a/server/channels/audit/const.go b/server/channels/audit/const.go deleted file mode 100644 index d2a4fa5cdc9..00000000000 --- a/server/channels/audit/const.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. -// See LICENSE.txt for license information. - -package audit - -const ( - DefMaxQueueSize = 1000 - - KeyActor = "actor" - KeyAPIPath = "api_path" - KeyEvent = "event" - KeyEventData = "event_data" - KeyEventName = "event_name" - KeyMeta = "meta" - KeyError = "error" - KeyStatus = "status" - KeyUserID = "user_id" - KeySessionID = "session_id" - KeyClient = "client" - KeyIPAddress = "ip_address" - KeyClusterID = "cluster_id" - - Success = "success" - Attempt = "attempt" - Fail = "fail" -) diff --git a/server/channels/web/context.go b/server/channels/web/context.go index 1437b76ab0f..81fc9ec00ab 100644 --- a/server/channels/web/context.go +++ b/server/channels/web/context.go @@ -13,7 +13,6 @@ import ( "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/public/shared/request" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" ) @@ -27,7 +26,7 @@ type Context struct { } // LogAuditRec logs an audit record using default LevelAPI. -func (c *Context) LogAuditRec(rec *audit.Record) { +func (c *Context) LogAuditRec(rec *model.AuditRecord) { // finish populating the context data, in case the session wasn't available during MakeAuditRecord // (e.g., api4/user.go login) if rec.Actor.UserId == "" { @@ -43,7 +42,7 @@ func (c *Context) LogAuditRec(rec *audit.Record) { // LogAuditRecWithLevel logs an audit record using specified Level. // If the context is flagged with a permissions error then `level` // is ignored and the audit record is emitted with `LevelPerms`. -func (c *Context) LogAuditRecWithLevel(rec *audit.Record, level mlog.Level) { +func (c *Context) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) { if rec == nil { return } @@ -59,11 +58,11 @@ func (c *Context) LogAuditRecWithLevel(rec *audit.Record, level mlog.Level) { } // MakeAuditRecord creates an audit record pre-populated with data from this context. -func (c *Context) MakeAuditRecord(event string, initialStatus string) *audit.Record { - rec := &audit.Record{ +func (c *Context) MakeAuditRecord(event string, initialStatus string) *model.AuditRecord { + rec := &model.AuditRecord{ EventName: event, Status: initialStatus, - Actor: audit.EventActor{ + Actor: model.AuditEventActor{ UserId: c.AppContext.Session().UserId, SessionId: c.AppContext.Session().Id, Client: c.AppContext.UserAgent(), @@ -71,10 +70,10 @@ func (c *Context) MakeAuditRecord(event string, initialStatus string) *audit.Rec XForwardedFor: c.AppContext.XForwardedFor(), }, Meta: map[string]any{ - audit.KeyAPIPath: c.AppContext.Path(), - audit.KeyClusterID: c.App.GetClusterId(), + model.AuditKeyAPIPath: c.AppContext.Path(), + model.AuditKeyClusterID: c.App.GetClusterId(), }, - EventData: audit.EventData{ + EventData: model.AuditEventData{ Parameters: map[string]any{}, PriorState: map[string]any{}, ResultState: map[string]any{}, diff --git a/server/channels/web/oauth.go b/server/channels/web/oauth.go index b0a22413286..44f94a8612a 100644 --- a/server/channels/web/oauth.go +++ b/server/channels/web/oauth.go @@ -17,7 +17,6 @@ import ( "github.com/mattermost/mattermost/server/public/shared/i18n" "github.com/mattermost/mattermost/server/public/shared/mlog" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" "github.com/mattermost/mattermost/server/v8/channels/utils/fileutils" ) @@ -65,7 +64,7 @@ func authorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("authorizeOAuthApp", audit.Fail) + auditRec := c.MakeAuditRecord("authorizeOAuthApp", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") @@ -93,7 +92,7 @@ func deauthorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("deauthorizeOAuthApp", audit.Fail) + auditRec := c.MakeAuditRecord("deauthorizeOAuthApp", model.AuditStatusFail) auditRec.AddMeta("client_id", clientId) defer c.LogAuditRec(auditRec) @@ -135,7 +134,7 @@ func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("authorizeOAuthPage", audit.Fail) + auditRec := c.MakeAuditRecord("authorizeOAuthPage", model.AuditStatusFail) auditRec.AddMeta("client_id", authRequest.ClientId) auditRec.AddMeta("scope", authRequest.Scope) defer c.LogAuditRec(auditRec) @@ -243,7 +242,7 @@ func getAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { redirectURI := r.FormValue("redirect_uri") - auditRec := c.MakeAuditRecord("getAccessToken", audit.Fail) + auditRec := c.MakeAuditRecord("getAccessToken", model.AuditStatusFail) defer c.LogAuditRec(auditRec) auditRec.AddMeta("grant_type", grantType) auditRec.AddMeta("client_id", clientId) @@ -275,9 +274,9 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) { service := c.Params.Service - auditRec := c.MakeAuditRecord("completeOAuth", audit.Fail) + auditRec := c.MakeAuditRecord("completeOAuth", model.AuditStatusFail) defer c.LogAuditRec(auditRec) - audit.AddEventParameter(auditRec, "service", service) + model.AddEventParameterToAuditRec(auditRec, "service", service) oauthError := r.URL.Query().Get("error") if oauthError == "access_denied" { @@ -440,7 +439,7 @@ func loginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("loginWithOAuth", audit.Fail) + auditRec := c.MakeAuditRecord("loginWithOAuth", model.AuditStatusFail) auditRec.AddMeta("service", c.Params.Service) defer c.LogAuditRec(auditRec) @@ -476,7 +475,7 @@ func mobileLoginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("mobileLoginWithOAuth", audit.Fail) + auditRec := c.MakeAuditRecord("mobileLoginWithOAuth", model.AuditStatusFail) auditRec.AddMeta("service", c.Params.Service) defer c.LogAuditRec(auditRec) @@ -511,7 +510,7 @@ func signupWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) { return } - auditRec := c.MakeAuditRecord("signupWithOAuth", audit.Fail) + auditRec := c.MakeAuditRecord("signupWithOAuth", model.AuditStatusFail) auditRec.AddMeta("service", c.Params.Service) defer c.LogAuditRec(auditRec) diff --git a/server/channels/web/saml.go b/server/channels/web/saml.go index 632ef7e323f..13d8502f49e 100644 --- a/server/channels/web/saml.go +++ b/server/channels/web/saml.go @@ -13,7 +13,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/plugin" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/channels/utils" ) @@ -104,7 +103,7 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) { relayProps = model.MapFromJSON(strings.NewReader(stateStr)) } - auditRec := c.MakeAuditRecord("completeSaml", audit.Fail) + auditRec := c.MakeAuditRecord("completeSaml", model.AuditStatusFail) defer c.LogAuditRec(auditRec) c.LogAudit("attempt") diff --git a/server/cmd/mattermost/commands/export.go b/server/cmd/mattermost/commands/export.go index ece6eebacfe..52031747ca3 100644 --- a/server/cmd/mattermost/commands/export.go +++ b/server/cmd/mattermost/commands/export.go @@ -12,7 +12,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/request" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -112,7 +111,7 @@ func scheduleExportCmdF(command *cobra.Command, args []string) error { } else { CommandPrettyPrintln("SUCCESS: Message export job complete") - auditRec := a.MakeAuditRecord(rctx, "scheduleExport", audit.Success) + auditRec := a.MakeAuditRecord(rctx, "scheduleExport", model.AuditStatusSuccess) auditRec.AddMeta("format", format) auditRec.AddMeta("start", startTime) a.LogAuditRec(rctx, auditRec, nil) @@ -179,7 +178,7 @@ func bulkExportCmdF(command *cobra.Command, args []string) error { return err } - auditRec := a.MakeAuditRecord(rctx, "bulkExport", audit.Success) + auditRec := a.MakeAuditRecord(rctx, "bulkExport", model.AuditStatusSuccess) auditRec.AddMeta("all_teams", allTeams) auditRec.AddMeta("file", args[0]) a.LogAuditRec(rctx, auditRec, nil) diff --git a/server/cmd/mattermost/commands/import.go b/server/cmd/mattermost/commands/import.go index 434403d830b..b2fd9a7ecbd 100644 --- a/server/cmd/mattermost/commands/import.go +++ b/server/cmd/mattermost/commands/import.go @@ -13,7 +13,6 @@ import ( "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/request" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" ) var ImportCmd = &cobra.Command{ @@ -94,7 +93,7 @@ func slackImportCmdF(command *cobra.Command, args []string) error { CommandPrettyPrintln("Finished Slack Import.") CommandPrettyPrintln("") - auditRec := a.MakeAuditRecord(rctx, "slackImport", audit.Success) + auditRec := a.MakeAuditRecord(rctx, "slackImport", model.AuditStatusSuccess) auditRec.AddMeta("team", team) auditRec.AddMeta("file", args[1]) a.LogAuditRec(rctx, auditRec, nil) @@ -166,7 +165,7 @@ func bulkImportCmdF(command *cobra.Command, args []string) error { if apply { CommandPrettyPrintln("Finished Bulk Import.") - auditRec := a.MakeAuditRecord(rctx, "bulkImport", audit.Success) + auditRec := a.MakeAuditRecord(rctx, "bulkImport", model.AuditStatusSuccess) auditRec.AddMeta("file", args[0]) a.LogAuditRec(rctx, auditRec, nil) } else { diff --git a/server/cmd/mattermost/commands/jobserver.go b/server/cmd/mattermost/commands/jobserver.go index 60b570bea6c..4ffe0c980d2 100644 --- a/server/cmd/mattermost/commands/jobserver.go +++ b/server/cmd/mattermost/commands/jobserver.go @@ -10,9 +10,9 @@ import ( "github.com/spf13/cobra" + "github.com/mattermost/mattermost/server/public/model" "github.com/mattermost/mattermost/server/public/shared/request" "github.com/mattermost/mattermost/server/v8/channels/app" - "github.com/mattermost/mattermost/server/v8/channels/audit" "github.com/mattermost/mattermost/server/v8/config" ) @@ -59,7 +59,7 @@ func jobserverCmdF(command *cobra.Command, args []string) error { } if !noJobs || !noSchedule { - auditRec := a.MakeAuditRecord(rctx, "jobServer", audit.Success) + auditRec := a.MakeAuditRecord(rctx, "jobServer", model.AuditStatusSuccess) a.LogAuditRec(rctx, auditRec, nil) } diff --git a/server/channels/audit/record.go b/server/public/model/audit_record.go similarity index 54% rename from server/channels/audit/record.go rename to server/public/model/audit_record.go index 607308f4b76..e2a47b265d3 100644 --- a/server/channels/audit/record.go +++ b/server/public/model/audit_record.go @@ -1,28 +1,48 @@ // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. // See LICENSE.txt for license information. -package audit +package model -// Record provides a consistent set of fields used for all audit logging. -type Record struct { - EventName string `json:"event_name"` - Status string `json:"status"` - EventData EventData `json:"event"` - Actor EventActor `json:"actor"` - Meta map[string]any `json:"meta"` - Error EventError `json:"error,omitempty"` +const ( + AuditKeyActor = "actor" + AuditKeyAPIPath = "api_path" + AuditKeyEvent = "event" + AuditKeyEventData = "event_data" + AuditKeyEventName = "event_name" + AuditKeyMeta = "meta" + AuditKeyError = "error" + AuditKeyStatus = "status" + AuditKeyUserID = "user_id" + AuditKeySessionID = "session_id" + AuditKeyClient = "client" + AuditKeyIPAddress = "ip_address" + AuditKeyClusterID = "cluster_id" + + AuditStatusSuccess = "success" + AuditStatusAttempt = "attempt" + AuditStatusFail = "fail" +) + +// AuditRecord provides a consistent set of fields used for all audit logging. +type AuditRecord struct { + EventName string `json:"event_name"` + Status string `json:"status"` + EventData AuditEventData `json:"event"` + Actor AuditEventActor `json:"actor"` + Meta map[string]any `json:"meta"` + Error AuditEventError `json:"error,omitempty"` } -// EventData contains all event specific data about the modified entity -type EventData struct { +// AuditEventData contains all event specific data about the modified entity +type AuditEventData struct { Parameters map[string]any `json:"parameters"` // Payload and parameters being processed as part of the request PriorState map[string]any `json:"prior_state"` // Prior state of the object being modified, nil if no prior state ResultState map[string]any `json:"resulting_state"` // Resulting object after creating or modifying it ObjectType string `json:"object_type"` // String representation of the object type. eg. "post" } -// EventActor is the subject triggering the event -type EventActor struct { +// AuditEventActor is the subject triggering the event +type AuditEventActor struct { UserId string `json:"user_id"` SessionId string `json:"session_id"` Client string `json:"client"` @@ -36,8 +56,8 @@ type EventMeta struct { ClusterId string `json:"cluster_id"` } -// EventError contains error information in case of failure of the event -type EventError struct { +// AuditEventError contains error information in case of failure of the event +type AuditEventError struct { Description string `json:"description,omitempty"` Code int `json:"status_code,omitempty"` } @@ -50,17 +70,17 @@ type Auditable interface { } // Success marks the audit record status as successful. -func (rec *Record) Success() { - rec.Status = Success +func (rec *AuditRecord) Success() { + rec.Status = AuditStatusSuccess } // Fail marks the audit record status as failed. -func (rec *Record) Fail() { - rec.Status = Fail +func (rec *AuditRecord) Fail() { + rec.Status = AuditStatusFail } -// AddEventParameter adds a parameter, e.g. query or post body, to the event -func AddEventParameter[T string | bool | int | int64 | []string | map[string]string](rec *Record, key string, val T) { +// AddEventParameterToAuditRec adds a parameter, e.g. query or post body, to the event +func AddEventParameterToAuditRec[T string | bool | int | int64 | []string | map[string]string](rec *AuditRecord, key string, val T) { if rec.EventData.Parameters == nil { rec.EventData.Parameters = make(map[string]any) } @@ -68,8 +88,8 @@ func AddEventParameter[T string | bool | int | int64 | []string | map[string]str rec.EventData.Parameters[key] = val } -// AddEventParameterAuditable adds an object that is of type Auditable to the event -func AddEventParameterAuditable(rec *Record, key string, val Auditable) { +// AddEventParameterAuditableToAuditRec adds an object that is of type Auditable to the event +func AddEventParameterAuditableToAuditRec(rec *AuditRecord, key string, val Auditable) { if rec.EventData.Parameters == nil { rec.EventData.Parameters = make(map[string]any) } @@ -77,8 +97,8 @@ func AddEventParameterAuditable(rec *Record, key string, val Auditable) { rec.EventData.Parameters[key] = val.Auditable() } -// AddEventParameterAuditableArray adds an array of objects of type Auditable to the event -func AddEventParameterAuditableArray[T Auditable](rec *Record, key string, val []T) { +// AddEventParameterAuditableArrayToAuditRec adds an array of objects of type Auditable to the event +func AddEventParameterAuditableArrayToAuditRec[T Auditable](rec *AuditRecord, key string, val []T) { if rec.EventData.Parameters == nil { rec.EventData.Parameters = make(map[string]any) } @@ -92,32 +112,38 @@ func AddEventParameterAuditableArray[T Auditable](rec *Record, key string, val [ } // AddEventPriorState adds the prior state of the modified object to the audit record -func (rec *Record) AddEventPriorState(object Auditable) { +func (rec *AuditRecord) AddEventPriorState(object Auditable) { rec.EventData.PriorState = object.Auditable() } // AddEventResultState adds the result state of the modified object to the audit record -func (rec *Record) AddEventResultState(object Auditable) { +func (rec *AuditRecord) AddEventResultState(object Auditable) { rec.EventData.ResultState = object.Auditable() } // AddEventObjectType adds the object type of the modified object to the audit record -func (rec *Record) AddEventObjectType(objectType string) { +func (rec *AuditRecord) AddEventObjectType(objectType string) { rec.EventData.ObjectType = objectType } // AddMeta adds a key/value entry to the audit record that can be used for related information not directly related to // the modified object, e.g. authentication method -func (rec *Record) AddMeta(name string, val any) { +func (rec *AuditRecord) AddMeta(name string, val any) { rec.Meta[name] = val } // AddErrorCode adds the error code for a failed event to the audit record -func (rec *Record) AddErrorCode(code int) { +func (rec *AuditRecord) AddErrorCode(code int) { rec.Error.Code = code } // AddErrorDesc adds the error description for a failed event to the audit record -func (rec *Record) AddErrorDesc(description string) { +func (rec *AuditRecord) AddErrorDesc(description string) { rec.Error.Description = description } + +// AddAppError adds an AppError to the audit record +func (rec *AuditRecord) AddAppError(err *AppError) { + rec.AddErrorCode(err.StatusCode) + rec.AddErrorDesc(err.Error()) +} diff --git a/server/public/plugin/api.go b/server/public/plugin/api.go index d0835f063e8..059a9538fdc 100644 --- a/server/public/plugin/api.go +++ b/server/public/plugin/api.go @@ -10,6 +10,7 @@ import ( plugin "github.com/hashicorp/go-plugin" "github.com/mattermost/mattermost/server/public/model" + "github.com/mattermost/mattermost/server/public/shared/mlog" ) // The API can be used to retrieve data or perform actions on behalf of the plugin. Most methods @@ -1537,6 +1538,18 @@ type API interface { // @tag PropertyValue // Minimum server version: 10.10 DeletePropertyValuesForField(groupID, fieldID string) error + + // LogAuditRec logs an audit record using the default audit logger. + // + // @tag Audit + // Minimum server version: 10.10 + LogAuditRec(rec *model.AuditRecord) + + // LogAuditRecWithLevel logs an audit record with a specific log level. + // + // @tag Audit + // Minimum server version: 10.10 + LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) } var handshake = plugin.HandshakeConfig{ diff --git a/server/public/plugin/api_timer_layer_generated.go b/server/public/plugin/api_timer_layer_generated.go index 127924b87fe..7b6476b6b06 100644 --- a/server/public/plugin/api_timer_layer_generated.go +++ b/server/public/plugin/api_timer_layer_generated.go @@ -12,6 +12,7 @@ import ( timePkg "time" "github.com/mattermost/mattermost/server/public/model" + "github.com/mattermost/mattermost/server/public/shared/mlog" ) type apiTimerLayer struct { @@ -1644,3 +1645,15 @@ func (api *apiTimerLayer) DeletePropertyValuesForField(groupID, fieldID string) api.recordTime(startTime, "DeletePropertyValuesForField", _returnsA == nil) return _returnsA } + +func (api *apiTimerLayer) LogAuditRec(rec *model.AuditRecord) { + startTime := timePkg.Now() + api.apiImpl.LogAuditRec(rec) + api.recordTime(startTime, "LogAuditRec", true) +} + +func (api *apiTimerLayer) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) { + startTime := timePkg.Now() + api.apiImpl.LogAuditRecWithLevel(rec, level) + api.recordTime(startTime, "LogAuditRecWithLevel", true) +} diff --git a/server/public/plugin/audit.go b/server/public/plugin/audit.go new file mode 100644 index 00000000000..b117efaaa11 --- /dev/null +++ b/server/public/plugin/audit.go @@ -0,0 +1,70 @@ +// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. +// See LICENSE.txt for license information. + +package plugin + +import ( + "encoding/json" + + "github.com/mattermost/mattermost/server/public/model" +) + +// MakeAuditRecord creates a new audit record with basic information for plugin use. +// This function creates a minimal audit record that can be populated with additional data. +// Use this when you don't have access to request context or want to manually populate fields. +func MakeAuditRecord(event string, initialStatus string) *model.AuditRecord { + return &model.AuditRecord{ + EventName: event, + Status: initialStatus, + Meta: make(map[string]any), + Actor: model.AuditEventActor{ + UserId: "", + SessionId: "", + Client: "", + IpAddress: "", + XForwardedFor: "", + }, + EventData: model.AuditEventData{ + Parameters: map[string]any{}, + PriorState: make(map[string]any), + ResultState: make(map[string]any), + ObjectType: "", + }, + } +} + +// MakeAuditRecordWithContext creates a new audit record populated with plugin context information. +// This is the recommended way for plugins to create audit records when they have request context. +// The Context should come from plugin hook parameters or HTTP request handlers. +func MakeAuditRecordWithContext(event string, initialStatus string, ctx *Context, userId, apiPath string) *model.AuditRecord { + rec := MakeAuditRecord(event, initialStatus) + rec.AddMeta(model.AuditKeyAPIPath, apiPath) + rec.Actor.UserId = userId + rec.Actor.SessionId = ctx.SessionId + rec.Actor.Client = ctx.UserAgent + rec.Actor.IpAddress = ctx.IPAddress + return rec +} + +func makeAuditRecordGobSafe(record model.AuditRecord) model.AuditRecord { + record.EventData.Parameters = makeMapGobSafe(record.EventData.Parameters) + record.EventData.PriorState = makeMapGobSafe(record.EventData.PriorState) + record.EventData.ResultState = makeMapGobSafe(record.EventData.ResultState) + record.Meta = makeMapGobSafe(record.Meta) + return record +} + +// makeMapGobSafe converts map data to a gob-safe representation via JSON round-trip. +// This eliminates problematic types like nil pointers in interfaces that cause gob +// encoding to fail when sending audit data over RPC via the plugin API. +func makeMapGobSafe(m map[string]any) map[string]any { + jsonBytes, err := json.Marshal(m) + if err != nil { + return map[string]any{"error": "failed to serialize audit data"} + } + var gobSafe map[string]any + if err := json.Unmarshal(jsonBytes, &gobSafe); err != nil { + return map[string]any{"error": "failed to deserialize audit data"} + } + return gobSafe +} diff --git a/server/public/plugin/client_rpc.go b/server/public/plugin/client_rpc.go index cb40ecbefb8..bba1e3265a0 100644 --- a/server/public/plugin/client_rpc.go +++ b/server/public/plugin/client_rpc.go @@ -882,6 +882,62 @@ func (s *apiRPCServer) LogError(args *Z_LogErrorArgs, returns *Z_LogErrorReturns return nil } +type Z_LogAuditRecArgs struct { + A *model.AuditRecord +} + +type Z_LogAuditRecReturns struct { +} + +// Custom audit logging methods with gob safety checks +func (g *apiRPCClient) LogAuditRec(rec *model.AuditRecord) { + gobSafeRec := makeAuditRecordGobSafe(*rec) + _args := &Z_LogAuditRecArgs{&gobSafeRec} + _returns := &Z_LogAuditRecReturns{} + if err := g.client.Call("Plugin.LogAuditRec", _args, _returns); err != nil { + log.Printf("RPC call to LogAuditRec API failed: %s", err.Error()) + } +} + +func (s *apiRPCServer) LogAuditRec(args *Z_LogAuditRecArgs, returns *Z_LogAuditRecReturns) error { + if hook, ok := s.impl.(interface { + LogAuditRec(rec *model.AuditRecord) + }); ok { + hook.LogAuditRec(args.A) + } else { + return encodableError(fmt.Errorf("API LogAuditRec called but not implemented")) + } + return nil +} + +type Z_LogAuditRecWithLevelArgs struct { + A *model.AuditRecord + B mlog.Level +} + +type Z_LogAuditRecWithLevelReturns struct { +} + +func (g *apiRPCClient) LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) { + gobSafeRec := makeAuditRecordGobSafe(*rec) + _args := &Z_LogAuditRecWithLevelArgs{&gobSafeRec, level} + _returns := &Z_LogAuditRecWithLevelReturns{} + if err := g.client.Call("Plugin.LogAuditRecWithLevel", _args, _returns); err != nil { + log.Printf("RPC call to LogAuditRecWithLevel API failed: %s", err.Error()) + } +} + +func (s *apiRPCServer) LogAuditRecWithLevel(args *Z_LogAuditRecWithLevelArgs, returns *Z_LogAuditRecWithLevelReturns) error { + if hook, ok := s.impl.(interface { + LogAuditRecWithLevel(rec *model.AuditRecord, level mlog.Level) + }); ok { + hook.LogAuditRecWithLevel(args.A, args.B) + } else { + return encodableError(fmt.Errorf("API LogAuditRecWithLevel called but not implemented")) + } + return nil +} + type Z_InstallPluginArgs struct { PluginStreamID uint32 B bool diff --git a/server/public/plugin/interface_generator/main.go b/server/public/plugin/interface_generator/main.go index 8367f307391..882224ceb3f 100644 --- a/server/public/plugin/interface_generator/main.go +++ b/server/public/plugin/interface_generator/main.go @@ -26,6 +26,8 @@ var excludedPluginHooks = []string{ "Implemented", "LoadPluginConfiguration", "InstallPlugin", + "LogAuditRec", + "LogAuditRecWithLevel", "LogDebug", "LogError", "LogInfo", diff --git a/server/public/plugin/plugintest/api.go b/server/public/plugin/plugintest/api.go index 8659602e385..30b2b20466f 100644 --- a/server/public/plugin/plugintest/api.go +++ b/server/public/plugin/plugintest/api.go @@ -8,6 +8,8 @@ import ( io "io" http "net/http" + logr "github.com/mattermost/logr/v2" + mock "github.com/stretchr/testify/mock" model "github.com/mattermost/mattermost/server/public/model" @@ -4312,6 +4314,16 @@ func (_m *API) LoadPluginConfiguration(dest interface{}) error { return r0 } +// LogAuditRec provides a mock function with given fields: rec +func (_m *API) LogAuditRec(rec *model.AuditRecord) { + _m.Called(rec) +} + +// LogAuditRecWithLevel provides a mock function with given fields: rec, level +func (_m *API) LogAuditRecWithLevel(rec *model.AuditRecord, level logr.Level) { + _m.Called(rec, level) +} + // LogDebug provides a mock function with given fields: msg, keyValuePairs func (_m *API) LogDebug(msg string, keyValuePairs ...interface{}) { var _ca []interface{}