shamu 0.0.15 → 0.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/shamu/auditing/auditing_service.rb +27 -1
- data/lib/shamu/auditing/logging_auditing_service.rb +5 -3
- data/lib/shamu/auditing/null_auditing_service.rb +13 -0
- data/lib/shamu/auditing/transaction.rb +7 -2
- data/lib/shamu/version.rb +1 -1
- data/spec/lib/shamu/auditing/logging_auditing_service_spec.rb +17 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f6f49a347f5a63383390bc51b9cba9616d7b7fec
|
|
4
|
+
data.tar.gz: 732419b2df2e8757cc4772f8e03d59411abbbcbe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7355e1c846de3a9c53dbcaa6cc301433a0f901464f92f557ca2c0a439fa2385320e7faf53248b895b7364ea17c8ae71fdac828d14b779b0d31b57434c67b016e
|
|
7
|
+
data.tar.gz: 61c004a0899ae0707d5d6f1a2b21e200cb80622302c9ac0ed77496c79019888d72006e99cd34f5df07d899354066584d04ada782cf8fba1743f0f0c4f1be4500
|
data/Gemfile.lock
CHANGED
|
@@ -12,8 +12,16 @@ module Shamu
|
|
|
12
12
|
# > {Security::Policy} but delegates the actual reading and writing.
|
|
13
13
|
class AuditingService < Services::Service
|
|
14
14
|
|
|
15
|
+
STANDARD_FILTER_KEYS = [
|
|
16
|
+
:password,
|
|
17
|
+
:password_confirmation,
|
|
18
|
+
:access_token,
|
|
19
|
+
:auth_token,
|
|
20
|
+
:token
|
|
21
|
+
].freeze
|
|
22
|
+
|
|
15
23
|
def self.create( scorpion, *args )
|
|
16
|
-
scorpion.fetch Shamu::Auditing::
|
|
24
|
+
scorpion.fetch Shamu::Auditing::NullAuditingService, *args
|
|
17
25
|
end
|
|
18
26
|
|
|
19
27
|
# Records an auditable event in persistent storage.
|
|
@@ -23,6 +31,24 @@ module Shamu
|
|
|
23
31
|
fail NotImplementedError
|
|
24
32
|
end
|
|
25
33
|
|
|
34
|
+
# @!return [Array<Symbol>] the list of keys that should be filtered in
|
|
35
|
+
# the logged changes.
|
|
36
|
+
def filter_keys
|
|
37
|
+
STANDARD_FILTER_KEYS
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
private
|
|
41
|
+
|
|
42
|
+
def filter_changes( changes )
|
|
43
|
+
filter_keys.each_with_object( changes.dup ) do |key, filtered|
|
|
44
|
+
filtered[ key ] = "FILTERED" if filter_key?( key )
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def filter_key?( key )
|
|
49
|
+
filter_keys.include?( key.to_sym )
|
|
50
|
+
end
|
|
51
|
+
|
|
26
52
|
end
|
|
27
53
|
end
|
|
28
54
|
end
|
|
@@ -2,11 +2,13 @@ module Shamu
|
|
|
2
2
|
module Auditing
|
|
3
3
|
|
|
4
4
|
# Writes audit logs to the {Shamu::Logger}.
|
|
5
|
-
class LoggingAuditingService <
|
|
5
|
+
class LoggingAuditingService < AuditingService
|
|
6
6
|
|
|
7
|
-
#
|
|
7
|
+
# Records an auditable event in persistent storage.
|
|
8
|
+
# @param [Transaction] transaction
|
|
9
|
+
# @return [AuditRecord] the persisted record.
|
|
8
10
|
def commit( transaction )
|
|
9
|
-
logger.unknown "AUDIT TRANSACTION action: #{ transaction.action } entity: #{ transaction.entity_path } by user: #{ transaction.user_id_chain } changes: #{ transaction.changes }" # rubocop:disable Metrics/LineLength
|
|
11
|
+
logger.unknown "AUDIT TRANSACTION action: #{ transaction.action } entity: #{ transaction.entity_path } by user: #{ transaction.user_id_chain } changes: #{ filter_changes( transaction.changes ) }" # rubocop:disable Metrics/LineLength
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
end
|
|
@@ -10,7 +10,8 @@ module Shamu
|
|
|
10
10
|
#
|
|
11
11
|
|
|
12
12
|
# @!attribute
|
|
13
|
-
# @return [Array<Object>] the chain of user ids
|
|
13
|
+
# @return [Array<Object>] the chain of user ids from the
|
|
14
|
+
# {Security::Principal} in place at the time of the request.
|
|
14
15
|
attribute :user_id_chain, presence: true
|
|
15
16
|
|
|
16
17
|
# @!attribute
|
|
@@ -44,7 +45,7 @@ module Shamu
|
|
|
44
45
|
# (see Services::Request#apply_to)
|
|
45
46
|
def apply_to( model )
|
|
46
47
|
super.tap do
|
|
47
|
-
model
|
|
48
|
+
assign_changes_to_model model
|
|
48
49
|
end
|
|
49
50
|
end
|
|
50
51
|
|
|
@@ -52,6 +53,10 @@ module Shamu
|
|
|
52
53
|
|
|
53
54
|
attr_reader :entities
|
|
54
55
|
|
|
56
|
+
def assign_changes_to_model( model )
|
|
57
|
+
model.changes_json = changes.to_json if changes.present?
|
|
58
|
+
end
|
|
59
|
+
|
|
55
60
|
end
|
|
56
61
|
end
|
|
57
62
|
end
|
data/lib/shamu/version.rb
CHANGED
|
@@ -15,4 +15,20 @@ describe Shamu::Auditing::LoggingAuditingService do
|
|
|
15
15
|
|
|
16
16
|
service.commit transaction
|
|
17
17
|
end
|
|
18
|
-
|
|
18
|
+
|
|
19
|
+
it "filters protected keys" do
|
|
20
|
+
expect( service.logger ).to receive( :unknown ) do |message|
|
|
21
|
+
expect( message ).not_to match "I'm a secret"
|
|
22
|
+
expect( message ).to match "Mr Penguin"
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
transaction = Shamu::Auditing::Transaction.new \
|
|
26
|
+
user_id_chain: [1, 2, 3],
|
|
27
|
+
action: :change,
|
|
28
|
+
changes: { name: "Mr Penguin", password: "I'm a secret" }
|
|
29
|
+
|
|
30
|
+
transaction.append_entity [ "User", 45 ]
|
|
31
|
+
|
|
32
|
+
service.commit transaction
|
|
33
|
+
end
|
|
34
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shamu
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Paul Alexander
|
|
@@ -242,6 +242,7 @@ files:
|
|
|
242
242
|
- lib/shamu/auditing/auditing_service.rb
|
|
243
243
|
- lib/shamu/auditing/list_scope.rb
|
|
244
244
|
- lib/shamu/auditing/logging_auditing_service.rb
|
|
245
|
+
- lib/shamu/auditing/null_auditing_service.rb
|
|
245
246
|
- lib/shamu/auditing/support.rb
|
|
246
247
|
- lib/shamu/auditing/transaction.rb
|
|
247
248
|
- lib/shamu/entities.rb
|