Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit logging #6339

Merged
merged 62 commits into from
Aug 15, 2019
Merged

Audit logging #6339

merged 62 commits into from
Aug 15, 2019

Conversation

woodruffw
Copy link
Member

@woodruffw woodruffw commented Aug 1, 2019

Adds UserEvent and ProjectEvent models, as well as corresponding helpers for recording events.

A shortlist of loggable events (not all of which need to be part of this PR):

Users:

  • Login (+ whether a 2FA method was used)
  • Token creation/deletion
  • 2FA method creation/deletion
  • Email addition/removal/verification/deverification
  • Password change

Projects:

  • Version upload/removal
  • Change in owner/maintainers
  • Token creation by a user with the project in scope

TODO:

  • Add asserts to record_event calls in unit tests, where appropriate.
  • Restrict retrieval of user events to a recent timespan (last two weeks?)
  • Allow Warehouse admins to view the events for a user/project

Summary of events added:

Users:

  • account:email:add (New email added to account)
  • account:email:remove (Email removed from account)
  • account:email:primary:change (Primary email changed or added)
  • account:email:reverify (Email reverified)
  • account:password:change (Account password changed)
  • account:two_factor:method_added (Two factor method added)
  • account:two_factor:method_removed (Two factor method removed)
  • account:api_token:added (API token added)
  • account:api_token:removed (API token removed)
  • account:create (Account created)
  • account:password:reset:request (Password reset request sent)
  • account:password:reset (Password reset request completed)
  • account:email:verified (Email address verified)
  • account:login:success (Successful login)

Projects:

  • project:create (Project created)
  • project:release:added (New project release added)
  • project:release:removed (Project release removed)
  • project:release:file:removed (Project release file removed)
  • project:api_token:added (API token added w/ project in scope)
  • project:api_token:removed (API token removed w/ project in scope)
  • project:role:add (New role added to project)
  • project:role:delete (Role removed from project)
  • project:role:change (Role changed in project)

cc @brainwane @ewdurbin @di @dstufft @nlhkabu

Closes #5863.

@woodruffw woodruffw changed the title [WIP] Audit logging Audit logging Aug 6, 2019
@woodruffw
Copy link
Member Author

@nlhkabu this should be ready for your input on UI/X 😄

@nlhkabu
Copy link
Contributor

nlhkabu commented Aug 15, 2019

Thanks @woodruffw

I've formatted the new events in the security history page - but I wasn't sure how I could test these... Would you be able to generate a screenshot on your side?

Also, I was wondering - is there a technical reason why we don't capture/expose data re: the user who has created the release, removed the release and removed the file? I would have thought this is pretty useful information to expose.

@woodruffw
Copy link
Member Author

but I wasn't sure how I could test these... Would you be able to generate a screenshot on your side?

For project:create and project:release:add, you should be able to test them by creating a token and uploading a new project to your local instance. For project:release:remove and project:release:file:remove, you should be able to use the management view to delete an extant release or particular file, which should trigger the event. I'll also take a screenshot in a bit 🙂

Also, I was wondering - is there a technical reason why we don't capture/expose data re: the user who has created the release, removed the release and removed the file? I would have thought this is pretty useful information to expose.

Nope, just an oversight on my part. I'll expose this information.

@woodruffw
Copy link
Member Author

Here's what the new events look like:

Screen Shot 2019-08-15 at 10 53 20 AM

@nlhkabu nlhkabu requested a review from ewdurbin August 15, 2019 16:22
warehouse/templates/manage/account.html Outdated Show resolved Hide resolved
warehouse/templates/manage/account.html Outdated Show resolved Hide resolved
warehouse/templates/manage/account.html Outdated Show resolved Hide resolved
warehouse/templates/manage/account.html Outdated Show resolved Hide resolved
woodruffw and others added 5 commits August 15, 2019 17:24
Co-Authored-By: Dustin Ingram <di@users.noreply.github.com>
Co-Authored-By: Dustin Ingram <di@users.noreply.github.com>
Co-Authored-By: Dustin Ingram <di@users.noreply.github.com>
Co-Authored-By: Dustin Ingram <di@users.noreply.github.com>
Co-Authored-By: Dustin Ingram <di@users.noreply.github.com>
@ewdurbin ewdurbin merged commit 4a00ed9 into pypi:master Aug 15, 2019
@woodruffw
Copy link
Member Author

Woot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Audit trail: implement auditable event logging for sensitive actions
5 participants