Skip to content

Commit 244068f

Browse files
Kira-PilotKira-Pilot
authored
feat: audit logout (#5998)
1 parent b19ae71 commit 244068f

File tree

2 files changed

+25
-2
lines changed

2 files changed

+25
-2
lines changed

coderd/userauth.go

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,18 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
133133
// @Success 200 {object} codersdk.Response
134134
// @Router /users/logout [post]
135135
func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
136-
ctx := r.Context()
136+
var (
137+
ctx = r.Context()
138+
auditor = api.Auditor.Load()
139+
aReq, commitAudit = audit.InitRequest[database.APIKey](rw, &audit.RequestParams{
140+
Audit: *auditor,
141+
Log: api.Logger,
142+
Request: r,
143+
Action: database.AuditActionLogout,
144+
})
145+
)
146+
defer commitAudit()
147+
137148
// Get a blank token cookie.
138149
cookie := &http.Cookie{
139150
// MaxAge < 0 means to delete the cookie now.
@@ -145,6 +156,8 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
145156

146157
// Delete the session token from database.
147158
apiKey := httpmw.APIKey(r)
159+
aReq.Old = apiKey
160+
148161
err := api.Database.DeleteAPIKeyByID(ctx, apiKey.ID)
149162
if err != nil {
150163
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
@@ -198,6 +211,8 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
198211
}
199212
}
200213

214+
aReq.New = database.APIKey{}
215+
201216
httpapi.Write(ctx, rw, http.StatusOK, codersdk.Response{
202217
Message: "Logged out!",
203218
})

coderd/users_test.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -327,9 +327,12 @@ func TestPostLogout(t *testing.T) {
327327
// Checks that the cookie is cleared and the API Key is deleted from the database.
328328
t.Run("Logout", func(t *testing.T) {
329329
t.Parallel()
330+
auditor := audit.NewMock()
331+
client := coderdtest.New(t, &coderdtest.Options{Auditor: auditor})
332+
numLogs := len(auditor.AuditLogs)
330333

331-
client := coderdtest.New(t, nil)
332334
admin := coderdtest.CreateFirstUser(t, client)
335+
numLogs++ // add an audit log for login
333336

334337
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
335338
defer cancel()
@@ -343,10 +346,15 @@ func TestPostLogout(t *testing.T) {
343346
require.NoError(t, err, "Server URL should parse successfully")
344347

345348
res, err := client.Request(ctx, http.MethodPost, fullURL.String(), nil)
349+
numLogs++ // add an audit log for logout
350+
346351
require.NoError(t, err, "/logout request should succeed")
347352
res.Body.Close()
348353
require.Equal(t, http.StatusOK, res.StatusCode)
349354

355+
require.Len(t, auditor.AuditLogs, numLogs)
356+
require.Equal(t, database.AuditActionLogout, auditor.AuditLogs[numLogs-1].Action)
357+
350358
cookies := res.Cookies()
351359

352360
var found bool

0 commit comments

Comments
 (0)