Skip to content

Commit 6e6e0f9

Browse files
authored
feat(audit): add auth source to login audit events (#3041)
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
1 parent 80dea40 commit 6e6e0f9

6 files changed

Lines changed: 17 additions & 7 deletions

File tree

app/controlplane/internal/service/auth.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -317,6 +317,7 @@ func callbackHandler(svc *AuthService, w http.ResponseWriter, r *http.Request) *
317317
FirstName: &claims.GivenName,
318318
LastName: &claims.FamilyName,
319319
SSOGroups: claims.Groups,
320+
Source: "oidc",
320321
})
321322
if err != nil {
322323
return newOauthResp(http.StatusInternalServerError, fmt.Errorf("failed to find or create user: %w", err), false)

app/controlplane/pkg/auditor/events/testdata/users/user_logs_in.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@
1111
"Info": {
1212
"user_id": "1089bb36-e27b-428b-8009-d015c8737c54",
1313
"email": "john@cyberdyne.io",
14+
"source": "oidc",
1415
"LoggedIn": "2024-01-01T00:00:00Z"
1516
},
16-
"Digest": "sha256:9a2d11d9423700c50b7a9b1d6e40b3327b3fa3afe4e33f72d1c8b20d733717bd"
17+
"Digest": "sha256:7b4b4d0f771dc72191d794a4db780b84762e48c2912d3b5f69691bda0841f6a8"
1718
}

app/controlplane/pkg/auditor/events/testdata/users/user_signs_up.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@
1010
"Description": "John Connor has signed up",
1111
"Info": {
1212
"user_id": "1089bb36-e27b-428b-8009-d015c8737c54",
13-
"email": "john@cyberdyne.io"
13+
"email": "john@cyberdyne.io",
14+
"source": "oidc"
1415
},
15-
"Digest": "sha256:d4d9f5e46478c99fef178ac4cc2cc9e01001063ccff9353d038632480ade6786"
16+
"Digest": "sha256:6f55a8b133568683a867ef22ca27d25750cd18e5675fefe08044068ef9c17560"
1617
}

app/controlplane/pkg/auditor/events/user.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright 2024-2025 The Chainloop Authors.
2+
// Copyright 2024-2026 The Chainloop Authors.
33
//
44
// Licensed under the Apache License, Version 2.0 (the "License");
55
// you may not use this file except in compliance with the License.
@@ -37,11 +37,12 @@ const (
3737
UserRoleChangedActionType string = "RoleChanged"
3838
)
3939

40-
// UserBase is the base struct for policy events
40+
// UserBase is the base struct for user audit events
4141
type UserBase struct {
4242
UserID *uuid.UUID `json:"user_id,omitempty"`
4343
Email string `json:"email,omitempty"`
4444
SSOGroups []string `json:"sso_groups,omitempty"`
45+
Source string `json:"source,omitempty"`
4546
}
4647

4748
func (p *UserBase) RequiresActor() bool {

app/controlplane/pkg/auditor/events/user_test.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright 2024-2025 The Chainloop Authors.
2+
// Copyright 2024-2026 The Chainloop Authors.
33
//
44
// Licensed under the Apache License, Version 2.0 (the "License");
55
// you may not use this file except in compliance with the License.
@@ -49,6 +49,7 @@ func TestUserEvents(t *testing.T) {
4949
UserBase: &events.UserBase{
5050
UserID: uuidPtr(userUUID),
5151
Email: testEmail,
52+
Source: "oidc",
5253
},
5354
},
5455
expected: "testdata/users/user_signs_up.json",
@@ -59,6 +60,7 @@ func TestUserEvents(t *testing.T) {
5960
UserBase: &events.UserBase{
6061
UserID: uuidPtr(userUUID),
6162
Email: testEmail,
63+
Source: "oidc",
6264
},
6365
LoggedIn: time.Date(2024, time.January, 1, 0, 0, 0, 0, time.UTC),
6466
},

app/controlplane/pkg/biz/user.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
//
2-
// Copyright 2024-2025 The Chainloop Authors.
2+
// Copyright 2024-2026 The Chainloop Authors.
33
//
44
// Licensed under the Apache License, Version 2.0 (the "License");
55
// you may not use this file except in compliance with the License.
@@ -141,6 +141,8 @@ type UpsertByEmailOpts struct {
141141
FirstName *string
142142
LastName *string
143143
SSOGroups []string
144+
// Source indicates the authentication method used (e.g., "oidc", "saml")
145+
Source string
144146
}
145147

146148
// UpsertByEmail finds or creates a user by email. By default, it will auto-onboard the user
@@ -171,6 +173,7 @@ func (uc *UserUseCase) UpsertByEmail(ctx context.Context, email string, opts *Up
171173
UserID: ToPtr(uuid.MustParse(u.ID)),
172174
Email: u.Email,
173175
SSOGroups: opts.SSOGroups,
176+
Source: opts.Source,
174177
},
175178
}, nil)
176179
} else {
@@ -181,6 +184,7 @@ func (uc *UserUseCase) UpsertByEmail(ctx context.Context, email string, opts *Up
181184
UserID: ToPtr(uuid.MustParse(u.ID)),
182185
Email: u.Email,
183186
SSOGroups: opts.SSOGroups,
187+
Source: opts.Source,
184188
},
185189
LoggedIn: time.Now(),
186190
}, nil)

0 commit comments

Comments
 (0)