[Log] enhances security logs (#1597)

* FeedBack : - change route /logs by /security - change name "service" by "security" - change logo - Turn display to false for event and target - change doer's type from string to user - change doer's column name from doer to user (with translation) - Subscribe to SwitchUserEvent * Fix : - Log SwitchUserEvent on the first switch only * Review : - change event's type in log.jsx (string => translation) - move translations from security.fr to platform.fr - add translations for platform.en - Store the truly event's name in SecurityEventSubscriber instead of storing the translation
claroline · Mar 10, 2021 · 2df2740 · 2df2740
1 parent d30d218
commit 2df2740
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 17 deletions.
diff --git a/src/main/app/Resources/translations/security.en.json b/src/main/app/Resources/translations/security.en.json
@@ -11,5 +11,18 @@
   "newPassword": "User username has changed his password.",
   "viewAs": "User username used the 'view as' feature with Role role.",
   "validateEmail": "User username has validated his email address.",
-  "authenticationFailure": "Failed user authentication username : message"
+  "authenticationFailure": "Failed user authentication username : message",
+  "switchUser": "User username used the 'view as' feature with User target",
+  "event.security.add_role": "Add role",
+  "event.security.remove_role": "Remove role",
+  "event.security.user_login": "User login",
+  "event.security.user_logout": "User logout",
+  "event.security.user_enable": "User enable",
+  "event.security.user_disable": "User disable",
+  "event.security.forgot_password": "Forgot password",
+  "event.security.new_password": "New password",
+  "event.security.view_as": "View as",
+  "security.switch_user": "View as",
+  "event.security.validate_email": "Validate email",
+  "event.security.authentication_failure": "Authentication failure"
 }
diff --git a/src/main/app/Resources/translations/security.fr.json b/src/main/app/Resources/translations/security.fr.json
@@ -11,5 +11,18 @@
   "newPassword": "L'utilisateur username a modifié son mot de passe.",
   "viewAs": "L'utilisateur username a utilisé la fonctionnalité 'voir en tant que' avec le Role role",
   "validateEmail": "L'utilisateur username a validé son adresse email",
-  "authenticationFailure": "Connexion échoué pour l'utilisateur username : message"
+  "authenticationFailure": "Connexion échoué pour l'utilisateur username : message",
+  "switchUser": "L'utilisateur username a utilisé la fonctionnalité 'voir en tant que' avec l'utilisateur target",
+  "event.security.add_role": "Ajout d'un role",
+  "event.security.remove_role": "Suppression d'un role",
+  "event.security.user_login": "Connexion utilisateur",
+  "event.security.user_logout": "Deconnexion utilisateur",
+  "event.security.user_enable": "Activation utilisateur",
+  "event.security.user_disable": "Désactivation utilisateur",
+  "event.security.forgot_password": "Mot de passe oublié",
+  "event.security.new_password": "Nouveau mot de passe",
+  "event.security.view_as": "Voir en tant que",
+  "security.switch_user": "Voir en tant que",
+  "event.security.validate_email": "Validation de l'email",
+  "event.security.authentication_failure": "Authentification échouée"
 }
diff --git a/src/main/core/Event/CatalogEvents/SecurityEvents.php b/src/main/core/Event/CatalogEvents/SecurityEvents.php
@@ -58,4 +58,9 @@ final class SecurityEvents
      * @Event("Claroline\CoreBundle\Event\Security\AuthenticationFailureEvent")
      */
     public const AUTHENTICATION_FAILURE = 'event.security.authentication_failure';
+
+    /**
+     * @Event("Symfony\Component\Security\Http\Event\SwitchUserEvent")
+     */
+    public const SWITCH_USER = 'security.switch_user';
 }
diff --git a/src/main/core/Subscriber/SecurityEventSubscriber.php b/src/main/core/Subscriber/SecurityEventSubscriber.php
@@ -7,7 +7,9 @@
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\Event\SwitchUserEvent;
 use Symfony\Contracts\EventDispatcher\Event;
 use Symfony\Contracts\HttpClient\HttpClientInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
@@ -48,6 +50,7 @@ public static function getSubscribedEvents(): array
             SecurityEvents::VIEW_AS => 'logEvent',
             SecurityEvents::VALIDATE_EMAIL => 'logEvent',
             SecurityEvents::AUTHENTICATION_FAILURE => 'logEvent',
+            SecurityEvents::SWITCH_USER => 'logEventSwitchUser',
         ];
     }
 
@@ -62,4 +65,25 @@ public function logEvent(Event $event, string $eventName): void
         $this->em->persist($logEntry);
         $this->em->flush();
     }
+
+    public function logEventSwitchUser(SwitchUserEvent $event, string $eventName): void
+    {
+        if (!$this->security->getToken() instanceof SwitchUserToken) {
+            $logEntry = new SecurityLog();
+            $logEntry->setDetails($this->translator->trans(
+                'switchUser',
+                [
+                    'username' => $this->security->getUser(),
+                    'target' => $event->getTargetUser(),
+                ],
+                'security'
+            ));
+            $logEntry->setEvent($eventName);
+            $logEntry->setTarget($event->getTargetUser());
+            $logEntry->setDoer($this->security->getUser());
+
+            $this->em->persist($logEntry);
+            $this->em->flush();
+        }
+    }
 }
diff --git a/src/plugin/analytics/Resources/modules/administration/dashboard/components/log.jsx b/src/plugin/analytics/Resources/modules/administration/dashboard/components/log.jsx
@@ -9,7 +9,7 @@ import {selectors} from '#/plugin/analytics/administration/dashboard/store/selec
 
 const DashboardLog = () =>
   <ToolPage
-    subtitle={trans('logs')}
+    subtitle={trans('security')}
   >
     <ListData
       name={selectors.LIST_NAME}
@@ -19,6 +19,11 @@ const DashboardLog = () =>
       }}
       definition={[
         {
+          name: 'doer',
+          type: 'user',
+          label: trans('user'),
+          displayed: true
+        }, {
           name: 'date',
           label: trans('date'),
           type: 'date',
@@ -30,20 +35,18 @@ const DashboardLog = () =>
           label: trans('details'),
           displayed: true
         }, {
-          name: 'doer.name',
-          type: 'string',
-          label: trans('doer'),
-          displayed: true
-        }, {
-          name: 'target.name',
-          type: 'string',
+          name: 'target',
+          type: 'user',
           label: trans('target'),
-          displayed: true
+          displayed: false
         }, {
           name: 'event',
-          type: 'string',
+          type: 'translation',
           label: trans('event'),
-          displayed: true
+          displayed: false,
+          options: {
+            domain: 'security'
+          }
         }
       ]}
     />

diff --git a/src/plugin/analytics/Resources/modules/administration/dashboard/components/menu.jsx b/src/plugin/analytics/Resources/modules/administration/dashboard/components/menu.jsx
@@ -44,9 +44,9 @@ const DashboardMenu = (props) =>
         }, {
           name: 'logs',
           type: LINK_BUTTON,
-          icon: 'fa fa-fw fa-info-circle',
-          label: trans('logs'),
-          target: props.path + '/logs'
+          icon: 'fa fa-fw fa-shield',
+          label: trans('security'),
+          target: props.path + '/security'
         }
       ]}
       onClick={props.autoClose}

diff --git a/src/plugin/analytics/Resources/modules/administration/dashboard/components/tool.jsx b/src/plugin/analytics/Resources/modules/administration/dashboard/components/tool.jsx
@@ -51,7 +51,7 @@ const DashboardTool = (props) =>
           return Community
         }
       }, {
-        path: '/logs',
+        path: '/security',
         component: DashboardLog
       }
     ]}