Merge pull request #26467 from nextcloud/feature/noid/allow-apps-to-log-to-audit

Allow apps to log actions into the audit_log

7 files changed, 136 insertions, 0 deletions

diff --git a/apps/admin_audit/composer/composer/autoload_classmap.php b/apps/admin_audit/composer/composer/autoload_classmap.php
index a08bab93724..e52032ca3ea 100644
--- a/apps/admin_audit/composer/composer/autoload_classmap.php
+++ b/apps/admin_audit/composer/composer/autoload_classmap.php
@@ -20,4 +20,5 @@ return array(
     'OCA\\AdminAudit\\Actions\\Versions' => $baseDir . '/../lib/Actions/Versions.php',
     'OCA\\AdminAudit\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php',
     'OCA\\AdminAudit\\BackgroundJobs\\Rotate' => $baseDir . '/../lib/BackgroundJobs/Rotate.php',
+    'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => $baseDir . '/../lib/Listener/CriticalActionPerformedEventListener.php',
 );
diff --git a/apps/admin_audit/composer/composer/autoload_static.php b/apps/admin_audit/composer/composer/autoload_static.php
index cbced7b5625..829bc2ab049 100644
--- a/apps/admin_audit/composer/composer/autoload_static.php
+++ b/apps/admin_audit/composer/composer/autoload_static.php
@@ -35,6 +35,7 @@ class ComposerStaticInitAdminAudit
         'OCA\\AdminAudit\\Actions\\Versions' => __DIR__ . '/..' . '/../lib/Actions/Versions.php',
         'OCA\\AdminAudit\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php',
         'OCA\\AdminAudit\\BackgroundJobs\\Rotate' => __DIR__ . '/..' . '/../lib/BackgroundJobs/Rotate.php',
+        'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => __DIR__ . '/..' . '/../lib/Listener/CriticalActionPerformedEventListener.php',
     );
 
     public static function getInitializer(ClassLoader $loader)
diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
index d7afb96ea87..4ee49e7129b 100644
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -49,6 +49,7 @@ use OCA\AdminAudit\Actions\Sharing;
 use OCA\AdminAudit\Actions\Trashbin;
 use OCA\AdminAudit\Actions\UserManagement;
 use OCA\AdminAudit\Actions\Versions;
+use OCA\AdminAudit\Listener\CriticalActionPerformedEventListener;
 use OCP\App\ManagerEvent;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
@@ -61,6 +62,7 @@ use OCP\IGroupManager;
 use OCP\IPreview;
 use OCP\IServerContainer;
 use OCP\IUserSession;
+use OCP\Log\Audit\CriticalActionPerformedEvent;
 use OCP\Log\ILogFactory;
 use OCP\Share;
 use OCP\Util;
@@ -78,6 +80,7 @@ class Application extends App implements IBootstrap {
 	}
 
 	public function register(IRegistrationContext $context): void {
+		$context->registerEventListener(CriticalActionPerformedEvent::class, CriticalActionPerformedEventListener::class);
 	}
 
 	public function boot(IBootContext $context): void {
diff --git a/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php b/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php
new file mode 100644
index 00000000000..75f7d86d421
--- /dev/null
+++ b/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php
@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2021 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\AdminAudit\Listener;
+
+use OCA\AdminAudit\Actions\Action;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Log\Audit\CriticalActionPerformedEvent;
+
+class CriticalActionPerformedEventListener extends Action implements IEventListener {
+	public function handle(Event $event): void {
+		if (!($event instanceof CriticalActionPerformedEvent)) {
+			return;
+		}
+
+		$this->log(
+			$event->getLogMessage(),
+			$event->getParameters(),
+			array_keys($event->getParameters()),
+			$event->getObfuscateParameters()
+		);
+	}
+}
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index ebb36e48ea8..3033c0f69e5 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -422,6 +422,7 @@ return array(
     'OCP\\Lock\\LockedException' => $baseDir . '/lib/public/Lock/LockedException.php',
     'OCP\\Lock\\ManuallyLockedException' => $baseDir . '/lib/public/Lock/ManuallyLockedException.php',
     'OCP\\Lockdown\\ILockdownManager' => $baseDir . '/lib/public/Lockdown/ILockdownManager.php',
+    'OCP\\Log\\Audit\\CriticalActionPerformedEvent' => $baseDir . '/lib/public/Log/Audit/CriticalActionPerformedEvent.php',
     'OCP\\Log\\IDataLogger' => $baseDir . '/lib/public/Log/IDataLogger.php',
     'OCP\\Log\\IFileBased' => $baseDir . '/lib/public/Log/IFileBased.php',
     'OCP\\Log\\ILogFactory' => $baseDir . '/lib/public/Log/ILogFactory.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 185f6fafa17..dafae4aa46e 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -451,6 +451,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OCP\\Lock\\LockedException' => __DIR__ . '/../../..' . '/lib/public/Lock/LockedException.php',
         'OCP\\Lock\\ManuallyLockedException' => __DIR__ . '/../../..' . '/lib/public/Lock/ManuallyLockedException.php',
         'OCP\\Lockdown\\ILockdownManager' => __DIR__ . '/../../..' . '/lib/public/Lockdown/ILockdownManager.php',
+        'OCP\\Log\\Audit\\CriticalActionPerformedEvent' => __DIR__ . '/../../..' . '/lib/public/Log/Audit/CriticalActionPerformedEvent.php',
         'OCP\\Log\\IDataLogger' => __DIR__ . '/../../..' . '/lib/public/Log/IDataLogger.php',
         'OCP\\Log\\IFileBased' => __DIR__ . '/../../..' . '/lib/public/Log/IFileBased.php',
         'OCP\\Log\\ILogFactory' => __DIR__ . '/../../..' . '/lib/public/Log/ILogFactory.php',
diff --git a/lib/public/Log/Audit/CriticalActionPerformedEvent.php b/lib/public/Log/Audit/CriticalActionPerformedEvent.php
new file mode 100644
index 00000000000..98e46757b93
--- /dev/null
+++ b/lib/public/Log/Audit/CriticalActionPerformedEvent.php
@@ -0,0 +1,85 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2021 Joas Schilling <coding@schilljs.com>
+ *
+ * @author Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Log\Audit;
+
+use OCP\EventDispatcher\Event;
+
+/**
+ * Emitted when the admin_audit app should log an entry
+ *
+ * @since 22.0.0
+ */
+class CriticalActionPerformedEvent extends Event {
+
+	/** @var string */
+	private $logMessage;
+
+	/** @var array */
+	private $parameters;
+
+	/** @var bool */
+	private $obfuscateParameters;
+
+	/**
+	 * @param string $logMessage
+	 * @param array $parameters
+	 * @param bool $obfuscateParameters
+	 * @since 22.0.0
+	 */
+	public function __construct(string $logMessage,
+								array $parameters = [],
+								bool $obfuscateParameters = false) {
+		parent::__construct();
+		$this->logMessage = $logMessage;
+		$this->parameters = $parameters;
+		$this->obfuscateParameters = $obfuscateParameters;
+	}
+
+	/**
+	 * @return string
+	 * @since 22.0.0
+	 */
+	public function getLogMessage(): string {
+		return $this->logMessage;
+	}
+
+	/**
+	 * @return array
+	 * @since 22.0.0
+	 */
+	public function getParameters(): array {
+		return $this->parameters;
+	}
+
+	/**
+	 * @return bool
+	 * @since 22.0.0
+	 */
+	public function getObfuscateParameters(): bool {
+		return $this->obfuscateParameters;
+	}
+}