@@ -23,6 +23,7 @@ | |||
!/apps/provisioning_api | |||
!/apps/systemtags | |||
!/apps/testing | |||
!/apps/admin_audit | |||
!/apps/updatenotification | |||
/apps/files_external/3rdparty/irodsphp/PHPUnitTest | |||
/apps/files_external/3rdparty/irodsphp/web |
@@ -20,123 +20,8 @@ | |||
*/ | |||
$logger = \OC::$server->getLogger(); | |||
$userSession = \OC::$server->getUserSession(); | |||
$groupManager = \OC::$server->getGroupManager(); | |||
logUserManagement( | |||
$logger, | |||
\OC::$server->getUserSession() | |||
); | |||
logFileActions($logger); | |||
logAuthEvents($logger); | |||
logShareEvents($logger); | |||
/** | |||
* Logs sharing events | |||
* | |||
* @param \OCP\ILogger $logger | |||
*/ | |||
function logShareEvents($logger) { | |||
$shareActions = new \OCA\Admin_Audit\Actions\Sharing( | |||
$logger | |||
); | |||
OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared'); | |||
OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare'); | |||
OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions'); | |||
OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword'); | |||
OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate'); | |||
OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed'); | |||
} | |||
/** | |||
* Log authentication event related actions | |||
* | |||
* @param \OCP\ILogger $logger | |||
*/ | |||
function logAuthEvents($logger) { | |||
$authActions = new \OCA\Admin_Audit\Actions\Auth( | |||
$logger | |||
); | |||
OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt'); | |||
OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful'); | |||
OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout'); | |||
} | |||
/** | |||
* Log user management related actions | |||
* | |||
* @param \OCP\ILogger $logger | |||
* @param \OC\User\Session $userSession | |||
*/ | |||
function logUserManagement($logger, $userSession) { | |||
$userActions = new \OCA\Admin_Audit\Actions\UserManagement( | |||
$logger | |||
); | |||
OCP\Util::connectHook( | |||
'OC_User', | |||
'post_createUser', | |||
$userActions, | |||
'create' | |||
); | |||
OCP\Util::connectHook( | |||
'OC_User', | |||
'post_deleteUser', | |||
$userActions, | |||
'delete' | |||
); | |||
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']); | |||
} | |||
/** | |||
* Log file related actions | |||
* | |||
* @param \OCP\ILogger $logger | |||
*/ | |||
function logFileActions($logger) { | |||
$fileActions = new \OCA\Admin_Audit\Actions\Files( | |||
$logger | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_post_rename, | |||
$fileActions, | |||
'rename' | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_post_create, | |||
$fileActions, | |||
'create' | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_post_copy, | |||
$fileActions, | |||
'copy' | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_post_write, | |||
$fileActions, | |||
'write' | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_post_update, | |||
$fileActions, | |||
'update' | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_read, | |||
$fileActions, | |||
'read' | |||
); | |||
OCP\Util::connectHook( | |||
OC\Files\Filesystem::CLASSNAME, | |||
OC\Files\Filesystem::signal_delete, | |||
$fileActions, | |||
'delete' | |||
); | |||
} | |||
$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager); | |||
$auditLogger->registerHooks(); |
@@ -0,0 +1,73 @@ | |||
<?php | |||
/** | |||
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OCA\Admin_Audit\Actions; | |||
use OCA\Admin_Audit\Actions\Action; | |||
use OCP\IGroup; | |||
use OCP\IUser; | |||
/** | |||
* Class GroupManagement logs all group manager related events | |||
* | |||
* @package OCA\Admin_Audit | |||
*/ | |||
class GroupManagement extends Action { | |||
/** | |||
* log add user to group event | |||
* | |||
* @param IGroup $group | |||
* @param IUser $user | |||
*/ | |||
public function addUser(IGroup $group, IUser $user) { | |||
$this->log('User "%s" added to group "%s"', | |||
[ | |||
'group' => $group->getGID(), | |||
'user' => $user->getUID() | |||
], | |||
[ | |||
'user', 'group' | |||
] | |||
); | |||
} | |||
/** | |||
* log remove user from group event | |||
* | |||
* @param IGroup $group | |||
* @param IUser $user | |||
*/ | |||
public function removeUser(IGroup $group, IUser $user) { | |||
$this->log('User "%s" removed from group "%s"', | |||
[ | |||
'group' => $group->getGID(), | |||
'user' => $user->getUID() | |||
], | |||
[ | |||
'user', 'group' | |||
] | |||
); | |||
} | |||
} |
@@ -0,0 +1,69 @@ | |||
<?php | |||
/** | |||
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OCA\Admin_Audit\Actions; | |||
use OCP\ILogger; | |||
use OCP\IUserSession; | |||
class Trashbin extends Action { | |||
/** @var IUserSession */ | |||
private $userSession; | |||
/** | |||
* Trashbin constructor. | |||
* | |||
* @param ILogger $logger | |||
* @param IUserSession $userSession | |||
*/ | |||
public function __construct(ILogger $logger, IUserSession $userSession) { | |||
parent::__construct($logger); | |||
$this->userSession = $userSession; | |||
} | |||
public function delete($params) { | |||
$this->log('File "%s" deleted from trash bin by "%s"', | |||
[ | |||
'path' => $params['path'], | |||
'user' => $this->userSession->getUser()->getUID() | |||
], | |||
[ | |||
'path', 'user' | |||
] | |||
); | |||
} | |||
public function restore($params) { | |||
$this->log('File "%s" restored from trash bin by "%s"', | |||
[ | |||
'path' => $params['filePath'], | |||
'user' => $this->userSession->getUser()->getUID() | |||
], | |||
[ | |||
'path', 'user' | |||
] | |||
); | |||
} | |||
} |
@@ -19,6 +19,7 @@ | |||
* | |||
*/ | |||
namespace OCA\Admin_Audit\Actions; | |||
use OCP\IUser; | |||
/** | |||
* Class UserManagement logs all user management related actions. | |||
@@ -59,9 +60,9 @@ class UserManagement extends Action { | |||
/** | |||
* Logs changing of the user scope | |||
* | |||
* @param \OCP\IUser $user | |||
* @param IUser $user | |||
*/ | |||
public function setPassword(\OCP\IUser $user) { | |||
public function setPassword(IUser $user) { | |||
if($user->getBackendClassName() === 'Database') { | |||
$this->log( | |||
'Password of user "%s" has been changed', |
@@ -0,0 +1,178 @@ | |||
<?php | |||
/** | |||
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OCA\Admin_Audit; | |||
use OC\Files\Filesystem; | |||
use OCA\Admin_Audit\Actions\Auth; | |||
use OCA\Admin_Audit\Actions\Files; | |||
use OCA\Admin_Audit\Actions\GroupManagement; | |||
use OCA\Admin_Audit\Actions\Sharing; | |||
use OCA\Admin_Audit\Actions\Trashbin; | |||
use OCA\Admin_Audit\Actions\UserManagement; | |||
use OCP\IGroupManager; | |||
use OCP\ILogger; | |||
use OCP\IUserSession; | |||
use OCP\Util; | |||
class AuditLogger { | |||
/** @var ILogger */ | |||
private $logger; | |||
/** @var IUserSession */ | |||
private $userSession; | |||
/** @var IGroupManager */ | |||
private $groupManager; | |||
/** | |||
* AuditLogger constructor. | |||
* | |||
* @param ILogger $logger | |||
* @param IUserSession $userSession | |||
* @param IGroupManager $groupManager | |||
*/ | |||
public function __construct(ILogger $logger, | |||
IUserSession $userSession, | |||
IGroupManager $groupManager) { | |||
$this->logger = $logger; | |||
$this->userSession = $userSession; | |||
$this->groupManager = $groupManager; | |||
} | |||
/** | |||
* register hooks in order to log them | |||
*/ | |||
public function registerHooks() { | |||
$this->userManagementHooks(); | |||
$this->groupHooks(); | |||
$this->sharingHooks(); | |||
$this->authHooks(); | |||
$this->fileHooks(); | |||
$this->trashbinHooks(); | |||
} | |||
/** | |||
* connect to user management hooks | |||
*/ | |||
private function userManagementHooks() { | |||
$userActions = new UserManagement($this->logger); | |||
Util::connectHook('OC_User', 'post_createUser', $userActions, 'create'); | |||
Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete'); | |||
$this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']); | |||
} | |||
private function groupHooks() { | |||
$groupActions = new GroupManagement($this->logger); | |||
$this->groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']); | |||
$this->groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']); | |||
} | |||
/** | |||
* connect to sharing events | |||
*/ | |||
private function sharingHooks() { | |||
$shareActions = new Sharing($this->logger); | |||
Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared'); | |||
Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare'); | |||
Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions'); | |||
Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword'); | |||
Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate'); | |||
Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed'); | |||
} | |||
/** | |||
* connect to authentication event and related actions | |||
*/ | |||
private function authHooks() { | |||
$authActions = new Auth($this->logger); | |||
Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt'); | |||
Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful'); | |||
Util::connectHook('OC_User', 'logout', $authActions, 'logout'); | |||
} | |||
/** | |||
* connect to file hooks | |||
*/ | |||
private function fileHooks() { | |||
$fileActions = new Files($this->logger); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_post_rename, | |||
$fileActions, | |||
'rename' | |||
); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_post_create, | |||
$fileActions, | |||
'create' | |||
); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_post_copy, | |||
$fileActions, | |||
'copy' | |||
); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_post_write, | |||
$fileActions, | |||
'write' | |||
); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_post_update, | |||
$fileActions, | |||
'update' | |||
); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_read, | |||
$fileActions, | |||
'read' | |||
); | |||
Util::connectHook( | |||
Filesystem::CLASSNAME, | |||
Filesystem::signal_delete, | |||
$fileActions, | |||
'delete' | |||
); | |||
} | |||
/** | |||
* connect to trash bin hooks | |||
*/ | |||
private function trashbinHooks() { | |||
$trashActions = new Trashbin($this->logger, $this->userSession); | |||
Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete'); | |||
Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore'); | |||
} | |||
} |