diff options
Diffstat (limited to 'apps/admin_audit')
61 files changed, 1230 insertions, 970 deletions
diff --git a/apps/admin_audit/appinfo/info.xml b/apps/admin_audit/appinfo/info.xml index ab1905b90fd..6bdacf96a2c 100644 --- a/apps/admin_audit/appinfo/info.xml +++ b/apps/admin_audit/appinfo/info.xml @@ -10,7 +10,7 @@ <name>Auditing / Logging</name> <summary>Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions.</summary> <description>Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions.</description> - <version>1.20.0</version> + <version>1.22.0</version> <licence>agpl</licence> <author>Nextcloud</author> <namespace>AdminAudit</namespace> @@ -20,7 +20,7 @@ <category>monitoring</category> <bugs>https://github.com/nextcloud/server/issues</bugs> <dependencies> - <nextcloud min-version="30" max-version="30"/> + <nextcloud min-version="32" max-version="32"/> </dependencies> <background-jobs> <job>OCA\AdminAudit\BackgroundJobs\Rotate</job> diff --git a/apps/admin_audit/composer/composer/autoload_classmap.php b/apps/admin_audit/composer/composer/autoload_classmap.php index fc4be52ebbb..b67d90e7689 100644 --- a/apps/admin_audit/composer/composer/autoload_classmap.php +++ b/apps/admin_audit/composer/composer/autoload_classmap.php @@ -8,19 +8,22 @@ $baseDir = $vendorDir; return array( 'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php', 'OCA\\AdminAudit\\Actions\\Action' => $baseDir . '/../lib/Actions/Action.php', - 'OCA\\AdminAudit\\Actions\\AppManagement' => $baseDir . '/../lib/Actions/AppManagement.php', - 'OCA\\AdminAudit\\Actions\\Auth' => $baseDir . '/../lib/Actions/Auth.php', - 'OCA\\AdminAudit\\Actions\\Console' => $baseDir . '/../lib/Actions/Console.php', 'OCA\\AdminAudit\\Actions\\Files' => $baseDir . '/../lib/Actions/Files.php', - 'OCA\\AdminAudit\\Actions\\GroupManagement' => $baseDir . '/../lib/Actions/GroupManagement.php', - 'OCA\\AdminAudit\\Actions\\Security' => $baseDir . '/../lib/Actions/Security.php', 'OCA\\AdminAudit\\Actions\\Sharing' => $baseDir . '/../lib/Actions/Sharing.php', + 'OCA\\AdminAudit\\Actions\\TagManagement' => $baseDir . '/../lib/Actions/TagManagement.php', 'OCA\\AdminAudit\\Actions\\Trashbin' => $baseDir . '/../lib/Actions/Trashbin.php', - 'OCA\\AdminAudit\\Actions\\UserManagement' => $baseDir . '/../lib/Actions/UserManagement.php', 'OCA\\AdminAudit\\Actions\\Versions' => $baseDir . '/../lib/Actions/Versions.php', 'OCA\\AdminAudit\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php', 'OCA\\AdminAudit\\AuditLogger' => $baseDir . '/../lib/AuditLogger.php', 'OCA\\AdminAudit\\BackgroundJobs\\Rotate' => $baseDir . '/../lib/BackgroundJobs/Rotate.php', 'OCA\\AdminAudit\\IAuditLogger' => $baseDir . '/../lib/IAuditLogger.php', + 'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => $baseDir . '/../lib/Listener/AppManagementEventListener.php', + 'OCA\\AdminAudit\\Listener\\AuthEventListener' => $baseDir . '/../lib/Listener/AuthEventListener.php', + 'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => $baseDir . '/../lib/Listener/ConsoleEventListener.php', 'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => $baseDir . '/../lib/Listener/CriticalActionPerformedEventListener.php', + 'OCA\\AdminAudit\\Listener\\FileEventListener' => $baseDir . '/../lib/Listener/FileEventListener.php', + 'OCA\\AdminAudit\\Listener\\GroupManagementEventListener' => $baseDir . '/../lib/Listener/GroupManagementEventListener.php', + 'OCA\\AdminAudit\\Listener\\SecurityEventListener' => $baseDir . '/../lib/Listener/SecurityEventListener.php', + 'OCA\\AdminAudit\\Listener\\SharingEventListener' => $baseDir . '/../lib/Listener/SharingEventListener.php', + 'OCA\\AdminAudit\\Listener\\UserManagementEventListener' => $baseDir . '/../lib/Listener/UserManagementEventListener.php', ); diff --git a/apps/admin_audit/composer/composer/autoload_static.php b/apps/admin_audit/composer/composer/autoload_static.php index 38518c8a9ba..f8fd457edd8 100644 --- a/apps/admin_audit/composer/composer/autoload_static.php +++ b/apps/admin_audit/composer/composer/autoload_static.php @@ -23,21 +23,24 @@ class ComposerStaticInitAdminAudit public static $classMap = array ( 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', 'OCA\\AdminAudit\\Actions\\Action' => __DIR__ . '/..' . '/../lib/Actions/Action.php', - 'OCA\\AdminAudit\\Actions\\AppManagement' => __DIR__ . '/..' . '/../lib/Actions/AppManagement.php', - 'OCA\\AdminAudit\\Actions\\Auth' => __DIR__ . '/..' . '/../lib/Actions/Auth.php', - 'OCA\\AdminAudit\\Actions\\Console' => __DIR__ . '/..' . '/../lib/Actions/Console.php', 'OCA\\AdminAudit\\Actions\\Files' => __DIR__ . '/..' . '/../lib/Actions/Files.php', - 'OCA\\AdminAudit\\Actions\\GroupManagement' => __DIR__ . '/..' . '/../lib/Actions/GroupManagement.php', - 'OCA\\AdminAudit\\Actions\\Security' => __DIR__ . '/..' . '/../lib/Actions/Security.php', 'OCA\\AdminAudit\\Actions\\Sharing' => __DIR__ . '/..' . '/../lib/Actions/Sharing.php', + 'OCA\\AdminAudit\\Actions\\TagManagement' => __DIR__ . '/..' . '/../lib/Actions/TagManagement.php', 'OCA\\AdminAudit\\Actions\\Trashbin' => __DIR__ . '/..' . '/../lib/Actions/Trashbin.php', - 'OCA\\AdminAudit\\Actions\\UserManagement' => __DIR__ . '/..' . '/../lib/Actions/UserManagement.php', 'OCA\\AdminAudit\\Actions\\Versions' => __DIR__ . '/..' . '/../lib/Actions/Versions.php', 'OCA\\AdminAudit\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php', 'OCA\\AdminAudit\\AuditLogger' => __DIR__ . '/..' . '/../lib/AuditLogger.php', 'OCA\\AdminAudit\\BackgroundJobs\\Rotate' => __DIR__ . '/..' . '/../lib/BackgroundJobs/Rotate.php', 'OCA\\AdminAudit\\IAuditLogger' => __DIR__ . '/..' . '/../lib/IAuditLogger.php', + 'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/AppManagementEventListener.php', + 'OCA\\AdminAudit\\Listener\\AuthEventListener' => __DIR__ . '/..' . '/../lib/Listener/AuthEventListener.php', + 'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => __DIR__ . '/..' . '/../lib/Listener/ConsoleEventListener.php', 'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => __DIR__ . '/..' . '/../lib/Listener/CriticalActionPerformedEventListener.php', + 'OCA\\AdminAudit\\Listener\\FileEventListener' => __DIR__ . '/..' . '/../lib/Listener/FileEventListener.php', + 'OCA\\AdminAudit\\Listener\\GroupManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/GroupManagementEventListener.php', + 'OCA\\AdminAudit\\Listener\\SecurityEventListener' => __DIR__ . '/..' . '/../lib/Listener/SecurityEventListener.php', + 'OCA\\AdminAudit\\Listener\\SharingEventListener' => __DIR__ . '/..' . '/../lib/Listener/SharingEventListener.php', + 'OCA\\AdminAudit\\Listener\\UserManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/UserManagementEventListener.php', ); public static function getInitializer(ClassLoader $loader) diff --git a/apps/admin_audit/l10n/be.js b/apps/admin_audit/l10n/be.js new file mode 100644 index 00000000000..bb52accdf5c --- /dev/null +++ b/apps/admin_audit/l10n/be.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Аўдыт / Журнал", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Прадастаўляе магчымасці вядзення журнала дзенняў для Nextcloud, такіх як доступ да файлаў або іншых канфідэнцыйных дзеянняў." +}, +"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);"); diff --git a/apps/admin_audit/l10n/be.json b/apps/admin_audit/l10n/be.json new file mode 100644 index 00000000000..6b36dae579b --- /dev/null +++ b/apps/admin_audit/l10n/be.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "Аўдыт / Журнал", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Прадастаўляе магчымасці вядзення журнала дзенняў для Nextcloud, такіх як доступ да файлаў або іншых канфідэнцыйных дзеянняў." +},"pluralForm" :"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/bg.js b/apps/admin_audit/l10n/bg.js index cd82e96ec73..2769c6899f8 100644 --- a/apps/admin_audit/l10n/bg.js +++ b/apps/admin_audit/l10n/bg.js @@ -1,7 +1,7 @@ OC.L10N.register( "admin_audit", { - "Auditing / Logging" : "Одитиране/създаване на регистри", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за регистриране в Nextcloud, като например достъп до файлове за регистриране или други чувствителни действия." + "Auditing / Logging" : "Одитиране / Регистри на действията", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за създаване на регистри на действията в \"Nextcloud\", като например кой е осъществил достъп до файл или други действия." }, "nplurals=2; plural=(n != 1);"); diff --git a/apps/admin_audit/l10n/bg.json b/apps/admin_audit/l10n/bg.json index 770ffcbf35a..4d3ac67c0a6 100644 --- a/apps/admin_audit/l10n/bg.json +++ b/apps/admin_audit/l10n/bg.json @@ -1,5 +1,5 @@ { "translations": { - "Auditing / Logging" : "Одитиране/създаване на регистри", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за регистриране в Nextcloud, като например достъп до файлове за регистриране или други чувствителни действия." + "Auditing / Logging" : "Одитиране / Регистри на действията", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за създаване на регистри на действията в \"Nextcloud\", като например кой е осъществил достъп до файл или други действия." },"pluralForm" :"nplurals=2; plural=(n != 1);" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/br.js b/apps/admin_audit/l10n/br.js new file mode 100644 index 00000000000..3190748725a --- /dev/null +++ b/apps/admin_audit/l10n/br.js @@ -0,0 +1,6 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Aodit / Kerzhlevr" +}, +"nplurals=5; plural=((n%10 == 1) && (n%100 != 11) && (n%100 !=71) && (n%100 !=91) ? 0 :(n%10 == 2) && (n%100 != 12) && (n%100 !=72) && (n%100 !=92) ? 1 :(n%10 ==3 || n%10==4 || n%10==9) && (n%100 < 10 || n% 100 > 19) && (n%100 < 70 || n%100 > 79) && (n%100 < 90 || n%100 > 99) ? 2 :(n != 0 && n % 1000000 == 0) ? 3 : 4);"); diff --git a/apps/admin_audit/l10n/br.json b/apps/admin_audit/l10n/br.json new file mode 100644 index 00000000000..b70638a3de0 --- /dev/null +++ b/apps/admin_audit/l10n/br.json @@ -0,0 +1,4 @@ +{ "translations": { + "Auditing / Logging" : "Aodit / Kerzhlevr" +},"pluralForm" :"nplurals=5; plural=((n%10 == 1) && (n%100 != 11) && (n%100 !=71) && (n%100 !=91) ? 0 :(n%10 == 2) && (n%100 != 12) && (n%100 !=72) && (n%100 !=92) ? 1 :(n%10 ==3 || n%10==4 || n%10==9) && (n%100 < 10 || n% 100 > 19) && (n%100 < 70 || n%100 > 79) && (n%100 < 90 || n%100 > 99) ? 2 :(n != 0 && n % 1000000 == 0) ? 3 : 4);" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/eo.js b/apps/admin_audit/l10n/eo.js index 3ab916b0b54..17becacc88e 100644 --- a/apps/admin_audit/l10n/eo.js +++ b/apps/admin_audit/l10n/eo.js @@ -2,6 +2,6 @@ OC.L10N.register( "admin_audit", { "Auditing / Logging" : "Ekzamenado / Protokolado", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Provizi protokolado-kapablojn por Nextcloud, kiel ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj." + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Ebligas protokoladon, ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj." }, "nplurals=2; plural=(n != 1);"); diff --git a/apps/admin_audit/l10n/eo.json b/apps/admin_audit/l10n/eo.json index eef1c6821c5..293d8cce025 100644 --- a/apps/admin_audit/l10n/eo.json +++ b/apps/admin_audit/l10n/eo.json @@ -1,5 +1,5 @@ { "translations": { "Auditing / Logging" : "Ekzamenado / Protokolado", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Provizi protokolado-kapablojn por Nextcloud, kiel ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj." + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Ebligas protokoladon, ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj." },"pluralForm" :"nplurals=2; plural=(n != 1);" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/es_CR.js b/apps/admin_audit/l10n/es_CR.js index 554f249b125..a051b8053d3 100644 --- a/apps/admin_audit/l10n/es_CR.js +++ b/apps/admin_audit/l10n/es_CR.js @@ -1,6 +1,7 @@ OC.L10N.register( "admin_audit", { - "Auditing / Logging" : "Auditoría / Registros" + "Auditing / Logging" : "Auditoría / Registros", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Proporciona capacidades de registro para Nextcloud, como el registro de accesos a archivos o acciones sensibles." }, "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"); diff --git a/apps/admin_audit/l10n/es_CR.json b/apps/admin_audit/l10n/es_CR.json index 772c7486a7b..00a101b11b8 100644 --- a/apps/admin_audit/l10n/es_CR.json +++ b/apps/admin_audit/l10n/es_CR.json @@ -1,4 +1,5 @@ { "translations": { - "Auditing / Logging" : "Auditoría / Registros" + "Auditing / Logging" : "Auditoría / Registros", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Proporciona capacidades de registro para Nextcloud, como el registro de accesos a archivos o acciones sensibles." },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/es_MX.js b/apps/admin_audit/l10n/es_MX.js index e7b24aed581..02a4e01c33d 100644 --- a/apps/admin_audit/l10n/es_MX.js +++ b/apps/admin_audit/l10n/es_MX.js @@ -2,6 +2,6 @@ OC.L10N.register( "admin_audit", { "Auditing / Logging" : "Auditoría / Registros", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Habilita las opciones de bitácora de Nextcloud tales como registro de acceso a archivos o de acciones delicadas." + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Proporciona capacidades de registro para Nextcloud, tales como el registro de accesos a archivos o de acciones delicadas." }, "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"); diff --git a/apps/admin_audit/l10n/es_MX.json b/apps/admin_audit/l10n/es_MX.json index abaceb15cb4..2f483b93cf0 100644 --- a/apps/admin_audit/l10n/es_MX.json +++ b/apps/admin_audit/l10n/es_MX.json @@ -1,5 +1,5 @@ { "translations": { "Auditing / Logging" : "Auditoría / Registros", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Habilita las opciones de bitácora de Nextcloud tales como registro de acceso a archivos o de acciones delicadas." + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Proporciona capacidades de registro para Nextcloud, tales como el registro de accesos a archivos o de acciones delicadas." },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/id.js b/apps/admin_audit/l10n/id.js index 441f1940069..144a85299f1 100644 --- a/apps/admin_audit/l10n/id.js +++ b/apps/admin_audit/l10n/id.js @@ -1,7 +1,7 @@ OC.L10N.register( "admin_audit", { - "Auditing / Logging" : "Pemeriksaan / Pencatatan", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud seperti pencatatan akses berkas atau tindakan sensitif lainnya." + "Auditing / Logging" : "Pengauditan/Pencatatan", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud, misalnya pencatatan akses file atau tindakan sensitif lainnya." }, "nplurals=1; plural=0;"); diff --git a/apps/admin_audit/l10n/id.json b/apps/admin_audit/l10n/id.json index 91af029f895..868f7c94d32 100644 --- a/apps/admin_audit/l10n/id.json +++ b/apps/admin_audit/l10n/id.json @@ -1,5 +1,5 @@ { "translations": { - "Auditing / Logging" : "Pemeriksaan / Pencatatan", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud seperti pencatatan akses berkas atau tindakan sensitif lainnya." + "Auditing / Logging" : "Pengauditan/Pencatatan", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud, misalnya pencatatan akses file atau tindakan sensitif lainnya." },"pluralForm" :"nplurals=1; plural=0;" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/lv.js b/apps/admin_audit/l10n/lv.js new file mode 100644 index 00000000000..9aba6a9da59 --- /dev/null +++ b/apps/admin_audit/l10n/lv.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Auditēšana / Žurnalizēšana", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nodrošina Nextcloud žurnalēšanas spējas, piemēram, datņu piekļuves žurnalēšanu vai citas jūtīgas darbības." +}, +"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);"); diff --git a/apps/admin_audit/l10n/lv.json b/apps/admin_audit/l10n/lv.json new file mode 100644 index 00000000000..8fa3c22ebd3 --- /dev/null +++ b/apps/admin_audit/l10n/lv.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "Auditēšana / Žurnalizēšana", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nodrošina Nextcloud žurnalēšanas spējas, piemēram, datņu piekļuves žurnalēšanu vai citas jūtīgas darbības." +},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/ms_MY.js b/apps/admin_audit/l10n/ms_MY.js new file mode 100644 index 00000000000..59221642a6d --- /dev/null +++ b/apps/admin_audit/l10n/ms_MY.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Pengauditan / Pengelogan", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kebolehan pengelogan untuk Nextcloud seperti akses fail log atau tindakan sensitif." +}, +"nplurals=1; plural=0;"); diff --git a/apps/admin_audit/l10n/ms_MY.json b/apps/admin_audit/l10n/ms_MY.json new file mode 100644 index 00000000000..c81561ca4b5 --- /dev/null +++ b/apps/admin_audit/l10n/ms_MY.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "Pengauditan / Pengelogan", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kebolehan pengelogan untuk Nextcloud seperti akses fail log atau tindakan sensitif." +},"pluralForm" :"nplurals=1; plural=0;" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/pt_BR.js b/apps/admin_audit/l10n/pt_BR.js index a706afdc942..67b7e27fad8 100644 --- a/apps/admin_audit/l10n/pt_BR.js +++ b/apps/admin_audit/l10n/pt_BR.js @@ -2,6 +2,6 @@ OC.L10N.register( "admin_audit", { "Auditing / Logging" : "Auditoria / Registro", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece habilidades de registro para o NextCloud, como acessos de arquivo de log ou ações sensíveis." + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece recursos de registro para o Nextcloud, como acessos a arquivos de registro ou outras ações sensíveis." }, "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"); diff --git a/apps/admin_audit/l10n/pt_BR.json b/apps/admin_audit/l10n/pt_BR.json index befc0c2c900..2d745b9c979 100644 --- a/apps/admin_audit/l10n/pt_BR.json +++ b/apps/admin_audit/l10n/pt_BR.json @@ -1,5 +1,5 @@ { "translations": { "Auditing / Logging" : "Auditoria / Registro", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece habilidades de registro para o NextCloud, como acessos de arquivo de log ou ações sensíveis." + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece recursos de registro para o Nextcloud, como acessos a arquivos de registro ou outras ações sensíveis." },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/pt_PT.js b/apps/admin_audit/l10n/pt_PT.js index 72f6e8a62eb..2289d0fa8e7 100644 --- a/apps/admin_audit/l10n/pt_PT.js +++ b/apps/admin_audit/l10n/pt_PT.js @@ -1,7 +1,7 @@ OC.L10N.register( "admin_audit", { - "Auditing / Logging" : "Auditorias / Registos", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou demais ações sensíveis. " + "Auditing / Logging" : "Auditorias / registos", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou outras ações sensíveis. " }, "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"); diff --git a/apps/admin_audit/l10n/pt_PT.json b/apps/admin_audit/l10n/pt_PT.json index 19e9845c0f0..ba9810d585c 100644 --- a/apps/admin_audit/l10n/pt_PT.json +++ b/apps/admin_audit/l10n/pt_PT.json @@ -1,5 +1,5 @@ { "translations": { - "Auditing / Logging" : "Auditorias / Registos", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou demais ações sensíveis. " + "Auditing / Logging" : "Auditorias / registos", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou outras ações sensíveis. " },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/sr@latin.js b/apps/admin_audit/l10n/sr@latin.js new file mode 100644 index 00000000000..bab487e832d --- /dev/null +++ b/apps/admin_audit/l10n/sr@latin.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Praćenje / Beleženje", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Daje Nextcloudu mogućnost beleženja, poput pristupa fajlovima ili drugih osetljivih radnji." +}, +"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"); diff --git a/apps/admin_audit/l10n/sr@latin.json b/apps/admin_audit/l10n/sr@latin.json new file mode 100644 index 00000000000..a01ecd856c0 --- /dev/null +++ b/apps/admin_audit/l10n/sr@latin.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "Praćenje / Beleženje", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Daje Nextcloudu mogućnost beleženja, poput pristupa fajlovima ili drugih osetljivih radnji." +},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/sw.js b/apps/admin_audit/l10n/sw.js new file mode 100644 index 00000000000..58fd34da654 --- /dev/null +++ b/apps/admin_audit/l10n/sw.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Ukaguzi/kuweka kumbukumbu", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Hutoa uwezo wa kuweka kumbukumbu kwa Nextcloud kama vile ufikiaji wa faili za kumbukumbu au vitendo nyeti." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/apps/admin_audit/l10n/sw.json b/apps/admin_audit/l10n/sw.json new file mode 100644 index 00000000000..3775e3f2982 --- /dev/null +++ b/apps/admin_audit/l10n/sw.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "Ukaguzi/kuweka kumbukumbu", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Hutoa uwezo wa kuweka kumbukumbu kwa Nextcloud kama vile ufikiaji wa faili za kumbukumbu au vitendo nyeti." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/ug.js b/apps/admin_audit/l10n/ug.js new file mode 100644 index 00000000000..f46e189dbe7 --- /dev/null +++ b/apps/admin_audit/l10n/ug.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "ئىقتىسادىي تەپتىش / خاتىرىلەش", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nextcloud غا تىزىمغا كىرىش ئىقتىدارى بىلەن تەمىنلەيدۇ ، مەسىلەن ھۆججەتلەرنى زىيارەت قىلىش ياكى باشقا سەزگۈر ھەرىكەتلەر." +}, +"nplurals=2; plural=(n != 1);"); diff --git a/apps/admin_audit/l10n/ug.json b/apps/admin_audit/l10n/ug.json new file mode 100644 index 00000000000..dd79f09b8a5 --- /dev/null +++ b/apps/admin_audit/l10n/ug.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "ئىقتىسادىي تەپتىش / خاتىرىلەش", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nextcloud غا تىزىمغا كىرىش ئىقتىدارى بىلەن تەمىنلەيدۇ ، مەسىلەن ھۆججەتلەرنى زىيارەت قىلىش ياكى باشقا سەزگۈر ھەرىكەتلەر." +},"pluralForm" :"nplurals=2; plural=(n != 1);" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/uz.js b/apps/admin_audit/l10n/uz.js new file mode 100644 index 00000000000..007c8bb77e1 --- /dev/null +++ b/apps/admin_audit/l10n/uz.js @@ -0,0 +1,7 @@ +OC.L10N.register( + "admin_audit", + { + "Auditing / Logging" : "Audit / Kirish", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Next bulut uchun tizimga kirish qobiliyatini ta'minlaydi, masalan, faylga kirish yoki boshqa sezgir harakatlar." +}, +"nplurals=1; plural=0;"); diff --git a/apps/admin_audit/l10n/uz.json b/apps/admin_audit/l10n/uz.json new file mode 100644 index 00000000000..025df6c2786 --- /dev/null +++ b/apps/admin_audit/l10n/uz.json @@ -0,0 +1,5 @@ +{ "translations": { + "Auditing / Logging" : "Audit / Kirish", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Next bulut uchun tizimga kirish qobiliyatini ta'minlaydi, masalan, faylga kirish yoki boshqa sezgir harakatlar." +},"pluralForm" :"nplurals=1; plural=0;" +}
\ No newline at end of file diff --git a/apps/admin_audit/l10n/vi.js b/apps/admin_audit/l10n/vi.js index c434b4322c4..9ad698afa1a 100644 --- a/apps/admin_audit/l10n/vi.js +++ b/apps/admin_audit/l10n/vi.js @@ -1,7 +1,7 @@ OC.L10N.register( "admin_audit", { - "Auditing / Logging" : "Kiểm tra / Nhật ký", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác." + "Auditing / Logging" : "Kiểm tra / Nhật ký", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác." }, "nplurals=1; plural=0;"); diff --git a/apps/admin_audit/l10n/vi.json b/apps/admin_audit/l10n/vi.json index 80fc8765f11..26ea23a322c 100644 --- a/apps/admin_audit/l10n/vi.json +++ b/apps/admin_audit/l10n/vi.json @@ -1,5 +1,5 @@ { "translations": { - "Auditing / Logging" : "Kiểm tra / Nhật ký", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác." + "Auditing / Logging" : "Kiểm tra / Nhật ký", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác." },"pluralForm" :"nplurals=1; plural=0;" }
\ No newline at end of file diff --git a/apps/admin_audit/l10n/zh_TW.js b/apps/admin_audit/l10n/zh_TW.js index 8c0cdedb78e..496a40683ed 100644 --- a/apps/admin_audit/l10n/zh_TW.js +++ b/apps/admin_audit/l10n/zh_TW.js @@ -1,7 +1,7 @@ OC.L10N.register( "admin_audit", { - "Auditing / Logging" : "稽核/記錄", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能,例如記錄檔存取或其他敏感操作。" + "Auditing / Logging" : "稽核/記錄", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能,例如紀錄檔存取,或其他敏感操作。" }, "nplurals=1; plural=0;"); diff --git a/apps/admin_audit/l10n/zh_TW.json b/apps/admin_audit/l10n/zh_TW.json index 84a0946e953..ceffb30fa44 100644 --- a/apps/admin_audit/l10n/zh_TW.json +++ b/apps/admin_audit/l10n/zh_TW.json @@ -1,5 +1,5 @@ { "translations": { - "Auditing / Logging" : "稽核/記錄", - "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能,例如記錄檔存取或其他敏感操作。" + "Auditing / Logging" : "稽核/記錄", + "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能,例如紀錄檔存取,或其他敏感操作。" },"pluralForm" :"nplurals=1; plural=0;" }
\ No newline at end of file diff --git a/apps/admin_audit/lib/Actions/Action.php b/apps/admin_audit/lib/Actions/Action.php index 5d06cf4fbf5..acd415d82ea 100644 --- a/apps/admin_audit/lib/Actions/Action.php +++ b/apps/admin_audit/lib/Actions/Action.php @@ -32,16 +32,13 @@ class Action { if (!isset($params[$element])) { if ($obfuscateParameters) { $this->logger->critical( - '$params["'.$element.'"] was missing.', + '$params["' . $element . '"] was missing.', ['app' => 'admin_audit'] ); } else { $this->logger->critical( - sprintf( - '$params["'.$element.'"] was missing. Transferred value: %s', - print_r($params, true) - ), - ['app' => 'admin_audit'] + '$params["' . $element . '"] was missing. Transferred value: {params}', + ['app' => 'admin_audit', 'params' => $params] ); } return; diff --git a/apps/admin_audit/lib/Actions/AppManagement.php b/apps/admin_audit/lib/Actions/AppManagement.php deleted file mode 100644 index 44907c856da..00000000000 --- a/apps/admin_audit/lib/Actions/AppManagement.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php - -declare(strict_types=1); -/** - * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors - * SPDX-License-Identifier: AGPL-3.0-or-later - */ -namespace OCA\AdminAudit\Actions; - -class AppManagement extends Action { - - /** - * @param string $appName - */ - public function enableApp(string $appName): void { - $this->log('App "%s" enabled', - ['app' => $appName], - ['app'] - ); - } - - /** - * @param string $appName - * @param string[] $groups - */ - public function enableAppForGroups(string $appName, array $groups): void { - $this->log('App "%1$s" enabled for groups: %2$s', - ['app' => $appName, 'groups' => implode(', ', $groups)], - ['app', 'groups'] - ); - } - - /** - * @param string $appName - */ - public function disableApp(string $appName): void { - $this->log('App "%s" disabled', - ['app' => $appName], - ['app'] - ); - } -} diff --git a/apps/admin_audit/lib/Actions/Auth.php b/apps/admin_audit/lib/Actions/Auth.php deleted file mode 100644 index 55a87cf170f..00000000000 --- a/apps/admin_audit/lib/Actions/Auth.php +++ /dev/null @@ -1,45 +0,0 @@ -<?php - -declare(strict_types=1); -/** - * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors - * SPDX-License-Identifier: AGPL-3.0-or-later - */ -namespace OCA\AdminAudit\Actions; - -/** - * Class Auth logs all auth related actions - * - * @package OCA\AdminAudit\Actions - */ -class Auth extends Action { - public function loginAttempt(array $params): void { - $this->log( - 'Login attempt: "%s"', - $params, - [ - 'uid', - ], - true - ); - } - - public function loginSuccessful(array $params): void { - $this->log( - 'Login successful: "%s"', - $params, - [ - 'uid', - ], - true - ); - } - - public function logout(array $params): void { - $this->log( - 'Logout occurred', - [], - [] - ); - } -} diff --git a/apps/admin_audit/lib/Actions/Console.php b/apps/admin_audit/lib/Actions/Console.php deleted file mode 100644 index a41fa88bdad..00000000000 --- a/apps/admin_audit/lib/Actions/Console.php +++ /dev/null @@ -1,28 +0,0 @@ -<?php - -declare(strict_types=1); -/** - * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors - * SPDX-License-Identifier: AGPL-3.0-or-later - */ -namespace OCA\AdminAudit\Actions; - -class Console extends Action { - /** - * @param array $arguments - */ - public function runCommand(array $arguments): void { - if (!isset($arguments[1]) || $arguments[1] === '_completion') { - // Don't log autocompletion - return; - } - - // Remove `./occ` - array_shift($arguments); - - $this->log('Console command executed: %s', - ['arguments' => implode(' ', $arguments)], - ['arguments'] - ); - } -} diff --git a/apps/admin_audit/lib/Actions/Files.php b/apps/admin_audit/lib/Actions/Files.php index ee40a4e1476..7be4a7cd581 100644 --- a/apps/admin_audit/lib/Actions/Files.php +++ b/apps/admin_audit/lib/Actions/Files.php @@ -7,17 +7,16 @@ declare(strict_types=1); */ namespace OCA\AdminAudit\Actions; +use OC\Files\Node\NonExistingFile; +use OCP\Files\Events\Node\BeforeNodeDeletedEvent; use OCP\Files\Events\Node\BeforeNodeReadEvent; -use OCP\Files\Events\Node\BeforeNodeRenamedEvent; -use OCP\Files\Events\Node\BeforeNodeWrittenEvent; use OCP\Files\Events\Node\NodeCopiedEvent; use OCP\Files\Events\Node\NodeCreatedEvent; -use OCP\Files\Events\Node\NodeDeletedEvent; use OCP\Files\Events\Node\NodeRenamedEvent; use OCP\Files\Events\Node\NodeWrittenEvent; use OCP\Files\InvalidPathException; use OCP\Files\NotFoundException; -use OCP\Preview\BeforePreviewFetchedEvent; +use OCP\Server; use Psr\Log\LoggerInterface; /** @@ -26,22 +25,19 @@ use Psr\Log\LoggerInterface; * @package OCA\AdminAudit\Actions */ class Files extends Action { - - private array $renamedNodes = []; /** * Logs file read actions - * - * @param BeforeNodeReadEvent $event */ public function read(BeforeNodeReadEvent $event): void { try { + $node = $event->getNode(); $params = [ - 'id' => $event->getNode()->getId(), - 'path' => mb_substr($event->getNode()->getInternalPath(), 5), + 'id' => $node instanceof NonExistingFile ? null : $node->getId(), + 'path' => $node->getPath(), ]; } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file read: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file read: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] ); return; } @@ -54,38 +50,19 @@ class Files extends Action { /** * Logs rename actions of files - * - * @param BeforeNodeRenamedEvent $event - */ - public function beforeRename(BeforeNodeRenamedEvent $event): void { - try { - $source = $event->getSource(); - $this->renamedNodes[$source->getId()] = $source; - } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file rename: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] - ); - return; - } - } - - /** - * Logs rename actions of files - * - * @param NodeRenamedEvent $event */ public function afterRename(NodeRenamedEvent $event): void { try { $target = $event->getTarget(); - $originalSource = $this->renamedNodes[$target->getId()]; + $source = $event->getSource(); $params = [ 'newid' => $target->getId(), - 'oldpath' => mb_substr($originalSource->getInternalPath(), 5), - 'newpath' => mb_substr($target->getInternalPath(), 5), + 'oldpath' => $source->getPath(), + 'newpath' => $target->getPath(), ]; } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file rename: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file rename: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] ); return; } @@ -100,18 +77,16 @@ class Files extends Action { /** * Logs creation of files - * - * @param NodeCreatedEvent $event */ public function create(NodeCreatedEvent $event): void { try { $params = [ 'id' => $event->getNode()->getId(), - 'path' => mb_substr($event->getNode()->getInternalPath(), 5), + 'path' => $event->getNode()->getPath(), ]; } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file create: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file create: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] ); return; } @@ -127,20 +102,18 @@ class Files extends Action { /** * Logs copying of files - * - * @param NodeCopiedEvent $event */ public function copy(NodeCopiedEvent $event): void { try { $params = [ 'oldid' => $event->getSource()->getId(), 'newid' => $event->getTarget()->getId(), - 'oldpath' => mb_substr($event->getSource()->getInternalPath(), 5), - 'newpath' => mb_substr($event->getTarget()->getInternalPath(), 5), + 'oldpath' => $event->getSource()->getPath(), + 'newpath' => $event->getTarget()->getPath(), ]; } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file copy: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file copy: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] ); return; } @@ -153,18 +126,17 @@ class Files extends Action { /** * Logs writing of files - * - * @param BeforeNodeWrittenEvent $event */ - public function write(BeforeNodeWrittenEvent $event): void { + public function write(NodeWrittenEvent $event): void { + $node = $event->getNode(); try { $params = [ - 'id' => $event->getNode()->getId(), - 'path' => mb_substr($event->getNode()->getInternalPath(), 5), + 'id' => $node->getId(), + 'path' => $node->getPath(), ]; } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file write: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file write: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] ); return; } @@ -180,43 +152,17 @@ class Files extends Action { } /** - * Logs update of files - * - * @param NodeWrittenEvent $event - */ - public function update(NodeWrittenEvent $event): void { - try { - $params = [ - 'id' => $event->getNode()->getId(), - 'path' => mb_substr($event->getNode()->getInternalPath(), 5), - ]; - } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file update: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] - ); - return; - } - $this->log( - 'File with id "%s" updated: "%s"', - $params, - array_keys($params) - ); - } - - /** * Logs deletions of files - * - * @param NodeDeletedEvent $event */ - public function delete(NodeDeletedEvent $event): void { + public function delete(BeforeNodeDeletedEvent $event): void { try { $params = [ 'id' => $event->getNode()->getId(), - 'path' => mb_substr($event->getNode()->getInternalPath(), 5), + 'path' => $event->getNode()->getPath(), ]; } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file delete: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file delete: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] ); return; } @@ -226,33 +172,4 @@ class Files extends Action { array_keys($params) ); } - - /** - * Logs preview access to a file - * - * @param BeforePreviewFetchedEvent $event - */ - public function preview(BeforePreviewFetchedEvent $event): void { - try { - $file = $event->getNode(); - $params = [ - 'id' => $file->getId(), - 'width' => $event->getWidth(), - 'height' => $event->getHeight(), - 'crop' => $event->isCrop(), - 'mode' => $event->getMode(), - 'path' => mb_substr($file->getInternalPath(), 5) - ]; - } catch (InvalidPathException|NotFoundException $e) { - \OCP\Server::get(LoggerInterface::class)->error( - "Exception thrown in file preview: ".$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] - ); - return; - } - $this->log( - 'Preview accessed: (id: "%s", width: "%s", height: "%s" crop: "%s", mode: "%s", path: "%s")', - $params, - array_keys($params) - ); - } } diff --git a/apps/admin_audit/lib/Actions/GroupManagement.php b/apps/admin_audit/lib/Actions/GroupManagement.php deleted file mode 100644 index 8fb6a037fbf..00000000000 --- a/apps/admin_audit/lib/Actions/GroupManagement.php +++ /dev/null @@ -1,87 +0,0 @@ -<?php - -declare(strict_types=1); -/** - * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors - * SPDX-License-Identifier: AGPL-3.0-or-later - */ -namespace OCA\AdminAudit\Actions; - -use OCP\IGroup; -use OCP\IUser; - -/** - * Class GroupManagement logs all group manager related events - * - * @package OCA\AdminAudit\Actions - */ -class GroupManagement extends Action { - - /** - * log add user to group event - * - * @param IGroup $group - * @param IUser $user - */ - public function addUser(IGroup $group, IUser $user): void { - $this->log('User "%s" added to group "%s"', - [ - 'group' => $group->getGID(), - 'user' => $user->getUID() - ], - [ - 'user', 'group' - ] - ); - } - - /** - * log remove user from group event - * - * @param IGroup $group - * @param IUser $user - */ - public function removeUser(IGroup $group, IUser $user): void { - $this->log('User "%s" removed from group "%s"', - [ - 'group' => $group->getGID(), - 'user' => $user->getUID() - ], - [ - 'user', 'group' - ] - ); - } - - /** - * log create group to group event - * - * @param IGroup $group - */ - public function createGroup(IGroup $group): void { - $this->log('Group created: "%s"', - [ - 'group' => $group->getGID() - ], - [ - 'group' - ] - ); - } - - /** - * log delete group to group event - * - * @param IGroup $group - */ - public function deleteGroup(IGroup $group): void { - $this->log('Group deleted: "%s"', - [ - 'group' => $group->getGID() - ], - [ - 'group' - ] - ); - } -} diff --git a/apps/admin_audit/lib/Actions/Security.php b/apps/admin_audit/lib/Actions/Security.php deleted file mode 100644 index 203090795fb..00000000000 --- a/apps/admin_audit/lib/Actions/Security.php +++ /dev/null @@ -1,60 +0,0 @@ -<?php - -declare(strict_types=1); -/** - * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors - * SPDX-License-Identifier: AGPL-3.0-or-later - */ -namespace OCA\AdminAudit\Actions; - -use OCP\Authentication\TwoFactorAuth\IProvider; -use OCP\IUser; - -/** - * Class Sharing logs the sharing actions - * - * @package OCA\AdminAudit\Actions - */ -class Security extends Action { - /** - * Logs failed twofactor challenge - */ - public function twofactorFailed(IUser $user, IProvider $provider): void { - $params = [ - 'displayName' => $user->getDisplayName(), - 'uid' => $user->getUID(), - 'provider' => $provider->getDisplayName(), - ]; - - $this->log( - 'Failed two factor attempt by user %s (%s) with provider %s', - $params, - [ - 'displayName', - 'uid', - 'provider', - ] - ); - } - - /** - * Logs successful twofactor challenge - */ - public function twofactorSuccess(IUser $user, IProvider $provider): void { - $params = [ - 'displayName' => $user->getDisplayName(), - 'uid' => $user->getUID(), - 'provider' => $provider->getDisplayName(), - ]; - - $this->log( - 'Successful two factor attempt by user %s (%s) with provider %s', - $params, - [ - 'displayName', - 'uid', - 'provider', - ] - ); - } -} diff --git a/apps/admin_audit/lib/Actions/Sharing.php b/apps/admin_audit/lib/Actions/Sharing.php index bca2b6eecac..8f021d5f210 100644 --- a/apps/admin_audit/lib/Actions/Sharing.php +++ b/apps/admin_audit/lib/Actions/Sharing.php @@ -7,279 +7,12 @@ declare(strict_types=1); */ namespace OCA\AdminAudit\Actions; -use OCP\Share\IShare; - /** * Class Sharing logs the sharing actions * * @package OCA\AdminAudit\Actions */ class Sharing extends Action { - /** - * Logs sharing of data - * - * @param array $params - */ - public function shared(array $params): void { - if ($params['shareType'] === IShare::TYPE_LINK) { - $this->log( - 'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_USER) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_GROUP) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_ROOM) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the room "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_EMAIL) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the email recipient "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_CIRCLE) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the circle "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_REMOTE) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the remote user "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_REMOTE_GROUP) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the remote group "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_DECK) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the deck card "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_SCIENCEMESH) { - $this->log( - 'The %s "%s" with ID "%s" has been shared to the ScienceMesh user "%s" with permissions "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'path', - 'itemSource', - 'shareWith', - 'permissions', - 'id', - ] - ); - } - } - - /** - * Logs unsharing of data - * - * @param array $params - */ - public function unshare(array $params): void { - if ($params['shareType'] === IShare::TYPE_LINK) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_USER) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_GROUP) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_ROOM) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the room "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_EMAIL) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the email recipient "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_CIRCLE) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the circle "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_REMOTE) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the remote user "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_REMOTE_GROUP) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the remote group "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_DECK) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the deck card "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } elseif ($params['shareType'] === IShare::TYPE_SCIENCEMESH) { - $this->log( - 'The %s "%s" with ID "%s" has been unshared from the ScienceMesh user "%s" (Share ID: %s)', - $params, - [ - 'itemType', - 'fileTarget', - 'itemSource', - 'shareWith', - 'id', - ] - ); - } - } /** * Logs the updating of permission changes for shares diff --git a/apps/admin_audit/lib/Actions/TagManagement.php b/apps/admin_audit/lib/Actions/TagManagement.php new file mode 100644 index 00000000000..a167017aec3 --- /dev/null +++ b/apps/admin_audit/lib/Actions/TagManagement.php @@ -0,0 +1,27 @@ +<?php + +declare(strict_types=1); + +/*! + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\AdminAudit\Actions; + +use OCP\SystemTag\ISystemTag; + +class TagManagement extends Action { + /** + * @param ISystemTag $tag newly created tag + */ + public function createTag(ISystemTag $tag): void { + $this->log('System tag "%s" (%s, %s) created', + [ + 'name' => $tag->getName(), + 'visbility' => $tag->isUserVisible() ? 'visible' : 'invisible', + 'assignable' => $tag->isUserAssignable() ? 'user assignable' : 'system only', + ], + ['name', 'visibility', 'assignable'] + ); + } +} diff --git a/apps/admin_audit/lib/Actions/UserManagement.php b/apps/admin_audit/lib/Actions/UserManagement.php deleted file mode 100644 index 25960197847..00000000000 --- a/apps/admin_audit/lib/Actions/UserManagement.php +++ /dev/null @@ -1,122 +0,0 @@ -<?php - -declare(strict_types=1); -/** - * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors - * SPDX-License-Identifier: AGPL-3.0-or-later - */ -namespace OCA\AdminAudit\Actions; - -use OCP\IUser; - -/** - * Class UserManagement logs all user management related actions. - * - * @package OCA\AdminAudit\Actions - */ -class UserManagement extends Action { - /** - * Log creation of users - * - * @param array $params - */ - public function create(array $params): void { - $this->log( - 'User created: "%s"', - $params, - [ - 'uid', - ] - ); - } - - /** - * Log assignments of users (typically user backends) - * - * @param string $uid - */ - public function assign(string $uid): void { - $this->log( - 'UserID assigned: "%s"', - [ 'uid' => $uid ], - [ 'uid' ] - ); - } - - /** - * Log deletion of users - * - * @param array $params - */ - public function delete(array $params): void { - $this->log( - 'User deleted: "%s"', - $params, - [ - 'uid', - ] - ); - } - - /** - * Log unassignments of users (typically user backends, no data removed) - * - * @param string $uid - */ - public function unassign(string $uid): void { - $this->log( - 'UserID unassigned: "%s"', - [ 'uid' => $uid ], - [ 'uid' ] - ); - } - - /** - * Log enabling of users - * - * @param array $params - */ - public function change(array $params): void { - switch ($params['feature']) { - case 'enabled': - $this->log( - $params['value'] === true - ? 'User enabled: "%s"' - : 'User disabled: "%s"', - ['user' => $params['user']->getUID()], - [ - 'user', - ] - ); - break; - case 'eMailAddress': - $this->log( - 'Email address changed for user %s', - ['user' => $params['user']->getUID()], - [ - 'user', - ] - ); - break; - } - } - - /** - * Logs changing of the user scope - * - * @param IUser $user - */ - public function setPassword(IUser $user): void { - if ($user->getBackendClassName() === 'Database') { - $this->log( - 'Password of user "%s" has been changed', - [ - 'user' => $user->getUID(), - ], - [ - 'user', - ] - ); - } - } -} diff --git a/apps/admin_audit/lib/Actions/Versions.php b/apps/admin_audit/lib/Actions/Versions.php index c856c994d3f..b3fdefd011d 100644 --- a/apps/admin_audit/lib/Actions/Versions.php +++ b/apps/admin_audit/lib/Actions/Versions.php @@ -8,16 +8,6 @@ declare(strict_types=1); namespace OCA\AdminAudit\Actions; class Versions extends Action { - public function rollback(array $params): void { - $this->log('Version "%s" of "%s" was restored.', - [ - 'version' => $params['revision'], - 'path' => $params['path'] - ], - ['version', 'path'] - ); - } - public function delete(array $params): void { $this->log('Version "%s" was deleted.', ['path' => $params['path']], diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php index b8b80841539..63a1d065bc8 100644 --- a/apps/admin_audit/lib/AppInfo/Application.php +++ b/apps/admin_audit/lib/AppInfo/Application.php @@ -1,59 +1,77 @@ <?php declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later */ + namespace OCA\AdminAudit\AppInfo; -use OC\Group\Manager as GroupManager; -use OC\User\Session as UserSession; -use OCA\AdminAudit\Actions\AppManagement; use OCA\AdminAudit\Actions\Auth; use OCA\AdminAudit\Actions\Console; use OCA\AdminAudit\Actions\Files; -use OCA\AdminAudit\Actions\GroupManagement; -use OCA\AdminAudit\Actions\Security; use OCA\AdminAudit\Actions\Sharing; +use OCA\AdminAudit\Actions\TagManagement; use OCA\AdminAudit\Actions\Trashbin; -use OCA\AdminAudit\Actions\UserManagement; use OCA\AdminAudit\Actions\Versions; use OCA\AdminAudit\AuditLogger; use OCA\AdminAudit\IAuditLogger; +use OCA\AdminAudit\Listener\AppManagementEventListener; +use OCA\AdminAudit\Listener\AuthEventListener; +use OCA\AdminAudit\Listener\ConsoleEventListener; use OCA\AdminAudit\Listener\CriticalActionPerformedEventListener; -use OCP\App\ManagerEvent; +use OCA\AdminAudit\Listener\FileEventListener; +use OCA\AdminAudit\Listener\GroupManagementEventListener; +use OCA\AdminAudit\Listener\SecurityEventListener; +use OCA\AdminAudit\Listener\SharingEventListener; +use OCA\AdminAudit\Listener\UserManagementEventListener; +use OCA\Files_Versions\Events\VersionRestoredEvent; +use OCP\App\Events\AppDisableEvent; +use OCP\App\Events\AppEnableEvent; +use OCP\App\Events\AppUpdateEvent; use OCP\AppFramework\App; use OCP\AppFramework\Bootstrap\IBootContext; use OCP\AppFramework\Bootstrap\IBootstrap; use OCP\AppFramework\Bootstrap\IRegistrationContext; +use OCP\Authentication\Events\AnyLoginFailedEvent; use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed; use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed; use OCP\Console\ConsoleEvent; use OCP\EventDispatcher\IEventDispatcher; +use OCP\Files\Events\Node\BeforeNodeDeletedEvent; use OCP\Files\Events\Node\BeforeNodeReadEvent; -use OCP\Files\Events\Node\BeforeNodeRenamedEvent; -use OCP\Files\Events\Node\BeforeNodeWrittenEvent; use OCP\Files\Events\Node\NodeCopiedEvent; use OCP\Files\Events\Node\NodeCreatedEvent; -use OCP\Files\Events\Node\NodeDeletedEvent; use OCP\Files\Events\Node\NodeRenamedEvent; use OCP\Files\Events\Node\NodeWrittenEvent; +use OCP\Group\Events\GroupCreatedEvent; +use OCP\Group\Events\GroupDeletedEvent; +use OCP\Group\Events\UserAddedEvent; +use OCP\Group\Events\UserRemovedEvent; use OCP\IConfig; -use OCP\IGroupManager; -use OCP\IUserSession; use OCP\Log\Audit\CriticalActionPerformedEvent; use OCP\Log\ILogFactory; use OCP\Preview\BeforePreviewFetchedEvent; use OCP\Share; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use OCP\SystemTag\ManagerEvent; +use OCP\User\Events\BeforeUserLoggedInEvent; +use OCP\User\Events\BeforeUserLoggedOutEvent; +use OCP\User\Events\PasswordUpdatedEvent; +use OCP\User\Events\UserChangedEvent; +use OCP\User\Events\UserCreatedEvent; +use OCP\User\Events\UserDeletedEvent; +use OCP\User\Events\UserIdAssignedEvent; +use OCP\User\Events\UserIdUnassignedEvent; +use OCP\User\Events\UserLoggedInEvent; +use OCP\User\Events\UserLoggedInWithCookieEvent; use OCP\Util; use Psr\Container\ContainerInterface; -use Psr\Log\LoggerInterface; class Application extends App implements IBootstrap { - /** @var LoggerInterface */ - protected $logger; - public function __construct() { parent::__construct('admin_audit'); } @@ -64,6 +82,47 @@ class Application extends App implements IBootstrap { }); $context->registerEventListener(CriticalActionPerformedEvent::class, CriticalActionPerformedEventListener::class); + + // User management events + $context->registerEventListener(UserCreatedEvent::class, UserManagementEventListener::class); + $context->registerEventListener(UserDeletedEvent::class, UserManagementEventListener::class); + $context->registerEventListener(UserChangedEvent::class, UserManagementEventListener::class); + $context->registerEventListener(PasswordUpdatedEvent::class, UserManagementEventListener::class); + $context->registerEventListener(UserIdAssignedEvent::class, UserManagementEventListener::class); + $context->registerEventListener(UserIdUnassignedEvent::class, UserManagementEventListener::class); + + // Group management events + $context->registerEventListener(UserAddedEvent::class, GroupManagementEventListener::class); + $context->registerEventListener(UserRemovedEvent::class, GroupManagementEventListener::class); + $context->registerEventListener(GroupCreatedEvent::class, GroupManagementEventListener::class); + $context->registerEventListener(GroupDeletedEvent::class, GroupManagementEventListener::class); + + // Sharing events + $context->registerEventListener(ShareCreatedEvent::class, SharingEventListener::class); + $context->registerEventListener(ShareDeletedEvent::class, SharingEventListener::class); + + // Auth events + $context->registerEventListener(BeforeUserLoggedInEvent::class, AuthEventListener::class); + $context->registerEventListener(UserLoggedInWithCookieEvent::class, AuthEventListener::class); + $context->registerEventListener(UserLoggedInEvent::class, AuthEventListener::class); + $context->registerEventListener(BeforeUserLoggedOutEvent::class, AuthEventListener::class); + $context->registerEventListener(AnyLoginFailedEvent::class, AuthEventListener::class); + + // File events + $context->registerEventListener(BeforePreviewFetchedEvent::class, FileEventListener::class); + $context->registerEventListener(VersionRestoredEvent::class, FileEventListener::class); + + // Security events + $context->registerEventListener(TwoFactorProviderChallengePassed::class, SecurityEventListener::class); + $context->registerEventListener(TwoFactorProviderChallengeFailed::class, SecurityEventListener::class); + + // App management events + $context->registerEventListener(AppEnableEvent::class, AppManagementEventListener::class); + $context->registerEventListener(AppDisableEvent::class, AppManagementEventListener::class); + $context->registerEventListener(AppUpdateEvent::class, AppManagementEventListener::class); + + // Console events + $context->registerEventListener(ConsoleEvent::class, ConsoleEventListener::class); } public function boot(IBootContext $context): void { @@ -74,164 +133,80 @@ class Application extends App implements IBootstrap { * TODO: once the hooks are migrated to lazy events, this should be done * in \OCA\AdminAudit\AppInfo\Application::register */ - $this->registerHooks($logger, $context->getServerContainer()); + $this->registerLegacyHooks($logger, $context->getServerContainer()); } /** * Register hooks in order to log them */ - private function registerHooks(IAuditLogger $logger, - ContainerInterface $serverContainer): void { - $this->userManagementHooks($logger, $serverContainer->get(IUserSession::class)); - $this->groupHooks($logger, $serverContainer->get(IGroupManager::class)); - $this->authHooks($logger); - - + private function registerLegacyHooks(IAuditLogger $logger, ContainerInterface $serverContainer): void { /** @var IEventDispatcher $eventDispatcher */ $eventDispatcher = $serverContainer->get(IEventDispatcher::class); - $this->consoleHooks($logger, $eventDispatcher); - $this->appHooks($logger, $eventDispatcher); - - $this->sharingHooks($logger); - + $this->sharingLegacyHooks($logger); $this->fileHooks($logger, $eventDispatcher); $this->trashbinHooks($logger); $this->versionsHooks($logger); - - $this->securityHooks($logger, $eventDispatcher); - } - - private function userManagementHooks(IAuditLogger $logger, - IUserSession $userSession): void { - $userActions = new UserManagement($logger); - - Util::connectHook('OC_User', 'post_createUser', $userActions, 'create'); - Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete'); - Util::connectHook('OC_User', 'changeUser', $userActions, 'change'); - - assert($userSession instanceof UserSession); - $userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']); - $userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']); - $userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']); - } - - private function groupHooks(IAuditLogger $logger, - IGroupManager $groupManager): void { - $groupActions = new GroupManagement($logger); - - assert($groupManager instanceof GroupManager); - $groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']); - $groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']); - $groupManager->listen('\OC\Group', 'postDelete', [$groupActions, 'deleteGroup']); - $groupManager->listen('\OC\Group', 'postCreate', [$groupActions, 'createGroup']); + $this->tagHooks($logger, $eventDispatcher); } - private function sharingHooks(IAuditLogger $logger): void { + private function sharingLegacyHooks(IAuditLogger $logger): void { $shareActions = new Sharing($logger); - Util::connectHook(Share::class, 'post_shared', $shareActions, 'shared'); - Util::connectHook(Share::class, 'post_unshare', $shareActions, 'unshare'); - Util::connectHook(Share::class, 'post_unshareFromSelf', $shareActions, 'unshare'); Util::connectHook(Share::class, 'post_update_permissions', $shareActions, 'updatePermissions'); Util::connectHook(Share::class, 'post_update_password', $shareActions, 'updatePassword'); Util::connectHook(Share::class, 'post_set_expiration_date', $shareActions, 'updateExpirationDate'); Util::connectHook(Share::class, 'share_link_access', $shareActions, 'shareAccessed'); } - private function authHooks(IAuditLogger $logger): void { - $authActions = new Auth($logger); - - Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt'); - Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful'); - Util::connectHook('OC_User', 'logout', $authActions, 'logout'); - } - - private function appHooks(IAuditLogger $logger, - IEventDispatcher $eventDispatcher): void { - $eventDispatcher->addListener(ManagerEvent::EVENT_APP_ENABLE, function (ManagerEvent $event) use ($logger) { - $appActions = new AppManagement($logger); - $appActions->enableApp($event->getAppID()); - }); - $eventDispatcher->addListener(ManagerEvent::EVENT_APP_ENABLE_FOR_GROUPS, function (ManagerEvent $event) use ($logger) { - $appActions = new AppManagement($logger); - $appActions->enableAppForGroups($event->getAppID(), $event->getGroups()); - }); - $eventDispatcher->addListener(ManagerEvent::EVENT_APP_DISABLE, function (ManagerEvent $event) use ($logger) { - $appActions = new AppManagement($logger); - $appActions->disableApp($event->getAppID()); - }); - } - - private function consoleHooks(IAuditLogger $logger, + private function tagHooks(IAuditLogger $logger, IEventDispatcher $eventDispatcher): void { - $eventDispatcher->addListener(ConsoleEvent::class, function (ConsoleEvent $event) use ($logger) { - $appActions = new Console($logger); - $appActions->runCommand($event->getArguments()); + $eventDispatcher->addListener(ManagerEvent::EVENT_CREATE, function (ManagerEvent $event) use ($logger): void { + $tagActions = new TagManagement($logger); + $tagActions->createTag($event->getTag()); }); } - private function fileHooks(IAuditLogger $logger, - IEventDispatcher $eventDispatcher): void { + private function fileHooks(IAuditLogger $logger, IEventDispatcher $eventDispatcher): void { $fileActions = new Files($logger); - $eventDispatcher->addListener( - BeforePreviewFetchedEvent::class, - function (BeforePreviewFetchedEvent $event) use ($fileActions) { - $fileActions->preview($event); - } - ); - - $eventDispatcher->addListener( - BeforeNodeRenamedEvent::class, - function (BeforeNodeRenamedEvent $event) use ($fileActions) { - $fileActions->beforeRename($event); - } - ); $eventDispatcher->addListener( NodeRenamedEvent::class, - function (NodeRenamedEvent $event) use ($fileActions) { + function (NodeRenamedEvent $event) use ($fileActions): void { $fileActions->afterRename($event); } ); $eventDispatcher->addListener( NodeCreatedEvent::class, - function (NodeCreatedEvent $event) use ($fileActions) { + function (NodeCreatedEvent $event) use ($fileActions): void { $fileActions->create($event); } ); $eventDispatcher->addListener( NodeCopiedEvent::class, - function (NodeCopiedEvent $event) use ($fileActions) { + function (NodeCopiedEvent $event) use ($fileActions): void { $fileActions->copy($event); } ); $eventDispatcher->addListener( - BeforeNodeWrittenEvent::class, - function (BeforeNodeWrittenEvent $event) use ($fileActions) { - $fileActions->write($event); - } - ); - - $eventDispatcher->addListener( NodeWrittenEvent::class, - function (NodeWrittenEvent $event) use ($fileActions) { - $fileActions->update($event); + function (NodeWrittenEvent $event) use ($fileActions): void { + $fileActions->write($event); } ); $eventDispatcher->addListener( BeforeNodeReadEvent::class, - function (BeforeNodeReadEvent $event) use ($fileActions) { + function (BeforeNodeReadEvent $event) use ($fileActions): void { $fileActions->read($event); } ); $eventDispatcher->addListener( - NodeDeletedEvent::class, - function (NodeDeletedEvent $event) use ($fileActions) { + BeforeNodeDeletedEvent::class, + function (BeforeNodeDeletedEvent $event) use ($fileActions): void { $fileActions->delete($event); } ); @@ -239,7 +214,6 @@ class Application extends App implements IBootstrap { private function versionsHooks(IAuditLogger $logger): void { $versionsActions = new Versions($logger); - Util::connectHook('\OCP\Versions', 'rollback', $versionsActions, 'rollback'); Util::connectHook('\OCP\Versions', 'delete', $versionsActions, 'delete'); } @@ -248,16 +222,4 @@ class Application extends App implements IBootstrap { Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete'); Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore'); } - - private function securityHooks(IAuditLogger $logger, - IEventDispatcher $eventDispatcher): void { - $eventDispatcher->addListener(TwoFactorProviderChallengePassed::class, function (TwoFactorProviderChallengePassed $event) use ($logger) { - $security = new Security($logger); - $security->twofactorSuccess($event->getUser(), $event->getProvider()); - }); - $eventDispatcher->addListener(TwoFactorProviderChallengeFailed::class, function (TwoFactorProviderChallengeFailed $event) use ($logger) { - $security = new Security($logger); - $security->twofactorFailed($event->getUser(), $event->getProvider()); - }); - } } diff --git a/apps/admin_audit/lib/AuditLogger.php b/apps/admin_audit/lib/AuditLogger.php index a08e79072ee..a622794dc08 100644 --- a/apps/admin_audit/lib/AuditLogger.php +++ b/apps/admin_audit/lib/AuditLogger.php @@ -1,9 +1,12 @@ <?php +declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later */ + namespace OCA\AdminAudit; use OCP\IConfig; diff --git a/apps/admin_audit/lib/Listener/AppManagementEventListener.php b/apps/admin_audit/lib/Listener/AppManagementEventListener.php new file mode 100644 index 00000000000..c20bdd481d6 --- /dev/null +++ b/apps/admin_audit/lib/Listener/AppManagementEventListener.php @@ -0,0 +1,60 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\App\Events\AppDisableEvent; +use OCP\App\Events\AppEnableEvent; +use OCP\App\Events\AppUpdateEvent; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; + +/** + * @template-implements IEventListener<AppEnableEvent|AppDisableEvent|AppUpdateEvent> + */ +class AppManagementEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof AppEnableEvent) { + $this->appEnable($event); + } elseif ($event instanceof AppDisableEvent) { + $this->appDisable($event); + } elseif ($event instanceof AppUpdateEvent) { + $this->appUpdate($event); + } + } + + private function appEnable(AppEnableEvent $event): void { + if (empty($event->getGroupIds())) { + $this->log('App "%s" enabled', + ['app' => $event->getAppId()], + ['app'] + ); + } else { + $this->log('App "%1$s" enabled for groups: %2$s', + ['app' => $event->getAppId(), 'groups' => implode(', ', $event->getGroupIds())], + ['app', 'groups'] + ); + } + } + + private function appDisable(AppDisableEvent $event): void { + $this->log('App "%s" disabled', + ['app' => $event->getAppId()], + ['app'] + ); + } + + private function appUpdate(AppUpdateEvent $event): void { + $this->log('App "%s" updated', + ['app' => $event->getAppId()], + ['app'] + ); + } +} diff --git a/apps/admin_audit/lib/Listener/AuthEventListener.php b/apps/admin_audit/lib/Listener/AuthEventListener.php new file mode 100644 index 00000000000..88be8555a4d --- /dev/null +++ b/apps/admin_audit/lib/Listener/AuthEventListener.php @@ -0,0 +1,83 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\Authentication\Events\AnyLoginFailedEvent; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\User\Events\BeforeUserLoggedInEvent; +use OCP\User\Events\BeforeUserLoggedOutEvent; +use OCP\User\Events\UserLoggedInEvent; +use OCP\User\Events\UserLoggedInWithCookieEvent; + +/** + * @template-implements IEventListener<BeforeUserLoggedInEvent|UserLoggedInWithCookieEvent|UserLoggedInEvent|BeforeUserLoggedOutEvent|AnyLoginFailedEvent> + */ +class AuthEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof BeforeUserLoggedInEvent) { + $this->beforeUserLoggedIn($event); + } elseif ($event instanceof UserLoggedInWithCookieEvent || $event instanceof UserLoggedInEvent) { + $this->userLoggedIn($event); + } elseif ($event instanceof BeforeUserLoggedOutEvent) { + $this->beforeUserLogout($event); + } elseif ($event instanceof AnyLoginFailedEvent) { + $this->anyLoginFailed($event); + } + } + + private function beforeUserLoggedIn(BeforeUserLoggedInEvent $event): void { + $this->log( + 'Login attempt: "%s"', + [ + 'uid' => $event->getUsername() + ], + [ + 'uid', + ], + true + ); + } + + private function userLoggedIn(UserLoggedInWithCookieEvent|UserLoggedInEvent $event): void { + $this->log( + 'Login successful: "%s"', + [ + 'uid' => $event->getUser()->getUID() + ], + [ + 'uid', + ], + true + ); + } + + private function beforeUserLogout(BeforeUserLoggedOutEvent $event): void { + $this->log( + 'Logout occurred', + [], + [] + ); + } + + private function anyLoginFailed(AnyLoginFailedEvent $event): void { + $this->log( + 'Login failed: "%s"', + [ + 'loginName' => $event->getLoginName() + ], + [ + 'loginName', + ], + true + ); + } +} diff --git a/apps/admin_audit/lib/Listener/ConsoleEventListener.php b/apps/admin_audit/lib/Listener/ConsoleEventListener.php new file mode 100644 index 00000000000..aa6029f2016 --- /dev/null +++ b/apps/admin_audit/lib/Listener/ConsoleEventListener.php @@ -0,0 +1,42 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\Console\ConsoleEvent; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; + +/** + * @template-implements IEventListener<ConsoleEvent> + */ +class ConsoleEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof ConsoleEvent) { + $this->runCommand($event); + } + } + + private function runCommand(ConsoleEvent $event): void { + $arguments = $event->getArguments(); + if (!isset($arguments[1]) || $arguments[1] === '_completion') { + // Don't log autocompletion + return; + } + + // Remove `./occ` + array_shift($arguments); + + $this->log('Console command executed: %s', + ['arguments' => implode(' ', $arguments)], + ['arguments'] + ); + } +} diff --git a/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php b/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php index 0c4d0401b80..bc3652a08bc 100644 --- a/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php +++ b/apps/admin_audit/lib/Listener/CriticalActionPerformedEventListener.php @@ -1,10 +1,12 @@ <?php declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later */ + namespace OCA\AdminAudit\Listener; use OCA\AdminAudit\Actions\Action; diff --git a/apps/admin_audit/lib/Listener/FileEventListener.php b/apps/admin_audit/lib/Listener/FileEventListener.php new file mode 100644 index 00000000000..46a4962123b --- /dev/null +++ b/apps/admin_audit/lib/Listener/FileEventListener.php @@ -0,0 +1,74 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCA\Files_Versions\Events\VersionRestoredEvent; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Files\InvalidPathException; +use OCP\Files\NotFoundException; +use OCP\Preview\BeforePreviewFetchedEvent; +use OCP\Server; +use Psr\Log\LoggerInterface; + +/** + * @template-implements IEventListener<BeforePreviewFetchedEvent|VersionRestoredEvent> + */ +class FileEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof BeforePreviewFetchedEvent) { + $this->beforePreviewFetched($event); + } elseif ($event instanceof VersionRestoredEvent) { + $this->versionRestored($event); + } + } + + /** + * Logs preview access to a file + */ + private function beforePreviewFetched(BeforePreviewFetchedEvent $event): void { + try { + $file = $event->getNode(); + $params = [ + 'id' => $file->getId(), + 'width' => $event->getWidth(), + 'height' => $event->getHeight(), + 'crop' => $event->isCrop(), + 'mode' => $event->getMode(), + 'path' => $file->getPath(), + ]; + $this->log( + 'Preview accessed: (id: "%s", width: "%s", height: "%s" crop: "%s", mode: "%s", path: "%s")', + $params, + array_keys($params) + ); + } catch (InvalidPathException|NotFoundException $e) { + Server::get(LoggerInterface::class)->error( + 'Exception thrown in file preview: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e] + ); + return; + } + } + + /** + * Logs when a version is restored + */ + private function versionRestored(VersionRestoredEvent $event): void { + $version = $event->getVersion(); + $this->log('Version "%s" of "%s" was restored.', + [ + 'version' => $version->getRevisionId(), + 'path' => $version->getVersionPath() + ], + ['version', 'path'] + ); + } +} diff --git a/apps/admin_audit/lib/Listener/GroupManagementEventListener.php b/apps/admin_audit/lib/Listener/GroupManagementEventListener.php new file mode 100644 index 00000000000..df937447e70 --- /dev/null +++ b/apps/admin_audit/lib/Listener/GroupManagementEventListener.php @@ -0,0 +1,81 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Group\Events\GroupCreatedEvent; +use OCP\Group\Events\GroupDeletedEvent; +use OCP\Group\Events\UserAddedEvent; +use OCP\Group\Events\UserRemovedEvent; + +/** + * @template-implements IEventListener<UserAddedEvent|UserRemovedEvent|GroupCreatedEvent|GroupDeletedEvent> + */ +class GroupManagementEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof UserAddedEvent) { + $this->userAdded($event); + } elseif ($event instanceof UserRemovedEvent) { + $this->userRemoved($event); + } elseif ($event instanceof GroupCreatedEvent) { + $this->groupCreated($event); + } elseif ($event instanceof GroupDeletedEvent) { + $this->groupDeleted($event); + } + } + + private function userAdded(UserAddedEvent $event): void { + $this->log('User "%s" added to group "%s"', + [ + 'group' => $event->getGroup()->getGID(), + 'user' => $event->getUser()->getUID() + ], + [ + 'user', 'group' + ] + ); + } + + private function userRemoved(UserRemovedEvent $event): void { + $this->log('User "%s" removed from group "%s"', + [ + 'group' => $event->getGroup()->getGID(), + 'user' => $event->getUser()->getUID() + ], + [ + 'user', 'group' + ] + ); + } + + private function groupCreated(GroupCreatedEvent $event): void { + $this->log('Group created: "%s"', + [ + 'group' => $event->getGroup()->getGID() + ], + [ + 'group' + ] + ); + } + + private function groupDeleted(GroupDeletedEvent $event): void { + $this->log('Group deleted: "%s"', + [ + 'group' => $event->getGroup()->getGID() + ], + [ + 'group' + ] + ); + } +} diff --git a/apps/admin_audit/lib/Listener/SecurityEventListener.php b/apps/admin_audit/lib/Listener/SecurityEventListener.php new file mode 100644 index 00000000000..17253aa384c --- /dev/null +++ b/apps/admin_audit/lib/Listener/SecurityEventListener.php @@ -0,0 +1,61 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed; +use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; + +/** + * @template-implements IEventListener<TwoFactorProviderChallengePassed|TwoFactorProviderChallengeFailed> + */ +class SecurityEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof TwoFactorProviderChallengePassed) { + $this->twoFactorProviderChallengePassed($event); + } elseif ($event instanceof TwoFactorProviderChallengeFailed) { + $this->twoFactorProviderChallengeFailed($event); + } + } + + private function twoFactorProviderChallengePassed(TwoFactorProviderChallengePassed $event): void { + $this->log( + 'Successful two factor attempt by user %s (%s) with provider %s', + [ + 'uid' => $event->getUser()->getUID(), + 'displayName' => $event->getUser()->getDisplayName(), + 'provider' => $event->getProvider()->getDisplayName() + ], + [ + 'displayName', + 'uid', + 'provider', + ] + ); + } + + private function twoFactorProviderChallengeFailed(TwoFactorProviderChallengeFailed $event): void { + $this->log( + 'Failed two factor attempt by user %s (%s) with provider %s', + [ + 'uid' => $event->getUser()->getUID(), + 'displayName' => $event->getUser()->getDisplayName(), + 'provider' => $event->getProvider()->getDisplayName() + ], + [ + 'displayName', + 'uid', + 'provider', + ] + ); + } +} diff --git a/apps/admin_audit/lib/Listener/SharingEventListener.php b/apps/admin_audit/lib/Listener/SharingEventListener.php new file mode 100644 index 00000000000..1ba3c6f49d3 --- /dev/null +++ b/apps/admin_audit/lib/Listener/SharingEventListener.php @@ -0,0 +1,291 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use OCP\Share\IShare; + +/** + * @template-implements IEventListener<ShareCreatedEvent|ShareDeletedEvent> + */ +class SharingEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof ShareCreatedEvent) { + $this->shareCreated($event); + } elseif ($event instanceof ShareDeletedEvent) { + $this->shareDeleted($event); + } + } + + private function shareCreated(ShareCreatedEvent $event): void { + $share = $event->getShare(); + + $params = [ + 'itemType' => $share->getNodeType(), + 'path' => $share->getNode()->getPath(), + 'itemSource' => $share->getNodeId(), + 'shareWith' => $share->getSharedWith(), + 'permissions' => $share->getPermissions(), + 'id' => $share->getId() + ]; + + match ($share->getShareType()) { + IShare::TYPE_LINK => $this->log( + 'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'permissions', + 'id', + ] + ), + IShare::TYPE_USER => $this->log( + 'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_GROUP => $this->log( + 'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_ROOM => $this->log( + 'The %s "%s" with ID "%s" has been shared to the room "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_EMAIL => $this->log( + 'The %s "%s" with ID "%s" has been shared to the email recipient "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_CIRCLE => $this->log( + 'The %s "%s" with ID "%s" has been shared to the circle "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_REMOTE => $this->log( + 'The %s "%s" with ID "%s" has been shared to the remote user "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_REMOTE_GROUP => $this->log( + 'The %s "%s" with ID "%s" has been shared to the remote group "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_DECK => $this->log( + 'The %s "%s" with ID "%s" has been shared to the deck card "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + IShare::TYPE_SCIENCEMESH => $this->log( + 'The %s "%s" with ID "%s" has been shared to the sciencemesh user "%s" with permissions "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'path', + 'itemSource', + 'shareWith', + 'permissions', + 'id', + ] + ), + default => null + }; + } + + private function shareDeleted(ShareDeletedEvent $event): void { + $share = $event->getShare(); + + $params = [ + 'itemType' => $share->getNodeType(), + 'fileTarget' => $share->getTarget(), + 'itemSource' => $share->getNodeId(), + 'shareWith' => $share->getSharedWith(), + 'id' => $share->getId() + ]; + + match ($share->getShareType()) { + IShare::TYPE_LINK => $this->log( + 'The %s "%s" with ID "%s" has been unshared (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'id', + ] + ), + IShare::TYPE_USER => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_GROUP => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_ROOM => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the room "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_EMAIL => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the email recipient "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_CIRCLE => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the circle "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_REMOTE => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the remote user "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_REMOTE_GROUP => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the remote group "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_DECK => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the deck card "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + IShare::TYPE_SCIENCEMESH => $this->log( + 'The %s "%s" with ID "%s" has been unshared from the sciencemesh user "%s" (Share ID: %s)', + $params, + [ + 'itemType', + 'fileTarget', + 'itemSource', + 'shareWith', + 'id', + ] + ), + default => null + }; + } +} diff --git a/apps/admin_audit/lib/Listener/UserManagementEventListener.php b/apps/admin_audit/lib/Listener/UserManagementEventListener.php new file mode 100644 index 00000000000..c22d04dce9a --- /dev/null +++ b/apps/admin_audit/lib/Listener/UserManagementEventListener.php @@ -0,0 +1,126 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\AdminAudit\Listener; + +use OCA\AdminAudit\Actions\Action; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\User\Events\PasswordUpdatedEvent; +use OCP\User\Events\UserChangedEvent; +use OCP\User\Events\UserCreatedEvent; +use OCP\User\Events\UserDeletedEvent; +use OCP\User\Events\UserIdAssignedEvent; +use OCP\User\Events\UserIdUnassignedEvent; + +/** + * @template-implements IEventListener<UserCreatedEvent|UserDeletedEvent|UserChangedEvent|PasswordUpdatedEvent|UserIdAssignedEvent|UserIdUnassignedEvent> + */ +class UserManagementEventListener extends Action implements IEventListener { + public function handle(Event $event): void { + if ($event instanceof UserCreatedEvent) { + $this->userCreated($event); + } elseif ($event instanceof UserDeletedEvent) { + $this->userDeleted($event); + } elseif ($event instanceof UserChangedEvent) { + $this->userChanged($event); + } elseif ($event instanceof PasswordUpdatedEvent) { + $this->passwordUpdated($event); + } elseif ($event instanceof UserIdAssignedEvent) { + $this->userIdAssigned($event); + } elseif ($event instanceof UserIdUnassignedEvent) { + $this->userIdUnassigned($event); + } + } + + private function userCreated(UserCreatedEvent $event): void { + $this->log( + 'User created: "%s"', + [ + 'uid' => $event->getUid() + ], + [ + 'uid', + ] + ); + } + + private function userDeleted(UserDeletedEvent $event): void { + $this->log( + 'User deleted: "%s"', + [ + 'uid' => $event->getUser()->getUID() + ], + [ + 'uid', + ] + ); + } + + private function userChanged(UserChangedEvent $event): void { + switch ($event->getFeature()) { + case 'enabled': + $this->log( + $event->getValue() === true + ? 'User enabled: "%s"' + : 'User disabled: "%s"', + ['user' => $event->getUser()->getUID()], + [ + 'user', + ] + ); + break; + case 'eMailAddress': + $this->log( + 'Email address changed for user %s', + ['user' => $event->getUser()->getUID()], + [ + 'user', + ] + ); + break; + } + } + + private function passwordUpdated(PasswordUpdatedEvent $event): void { + if ($event->getUser()->getBackendClassName() === 'Database') { + $this->log( + 'Password of user "%s" has been changed', + [ + 'user' => $event->getUser()->getUID(), + ], + [ + 'user', + ] + ); + } + } + + /** + * Log assignments of users (typically user backends) + */ + private function userIdAssigned(UserIdAssignedEvent $event): void { + $this->log( + 'UserID assigned: "%s"', + [ 'uid' => $event->getUserId() ], + [ 'uid' ] + ); + } + + /** + * Log unassignments of users (typically user backends, no data removed) + */ + private function userIdUnassigned(UserIdUnassignedEvent $event): void { + $this->log( + 'UserID unassigned: "%s"', + [ 'uid' => $event->getUserId() ], + [ 'uid' ] + ); + } +} diff --git a/apps/admin_audit/tests/Actions/SecurityTest.php b/apps/admin_audit/tests/Listener/SecurityEventListenerTest.php index d06095b12e1..48230108530 100644 --- a/apps/admin_audit/tests/Actions/SecurityTest.php +++ b/apps/admin_audit/tests/Listener/SecurityEventListenerTest.php @@ -1,38 +1,47 @@ <?php declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later */ -namespace OCA\AdminAudit\Tests\Actions; -use OCA\AdminAudit\Actions\Security; +namespace OCA\AdminAudit\Tests\Listener; + use OCA\AdminAudit\AuditLogger; +use OCA\AdminAudit\Listener\SecurityEventListener; use OCP\Authentication\TwoFactorAuth\IProvider; +use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed; +use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed; use OCP\IUser; use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; -class SecurityTest extends TestCase { +class SecurityEventListenerTest extends TestCase { private AuditLogger|MockObject $logger; - private Security $security; + private SecurityEventListener $security; private MockObject|IUser $user; + /** @var IProvider&MockObject */ + private $provider; + protected function setUp(): void { parent::setUp(); $this->logger = $this->createMock(AuditLogger::class); - $this->security = new Security($this->logger); + $this->security = new SecurityEventListener($this->logger); $this->user = $this->createMock(IUser::class); $this->user->method('getUID')->willReturn('myuid'); $this->user->method('getDisplayName')->willReturn('mydisplayname'); + $this->provider = $this->createMock(IProvider::class); + $this->provider->method('getDisplayName')->willReturn('myprovider'); } - public function testTwofactorFailed() { + public function testTwofactorFailed(): void { $this->logger->expects($this->once()) ->method('info') ->with( @@ -40,14 +49,10 @@ class SecurityTest extends TestCase { ['app' => 'admin_audit'] ); - $provider = $this->createMock(IProvider::class); - $provider->method('getDisplayName') - ->willReturn('myprovider'); - - $this->security->twofactorFailed($this->user, $provider); + $this->security->handle(new twoFactorProviderChallengeFailed($this->user, $this->provider)); } - public function testTwofactorSuccess() { + public function testTwofactorSuccess(): void { $this->logger->expects($this->once()) ->method('info') ->with( @@ -55,10 +60,6 @@ class SecurityTest extends TestCase { ['app' => 'admin_audit'] ); - $provider = $this->createMock(IProvider::class); - $provider->method('getDisplayName') - ->willReturn('myprovider'); - - $this->security->twofactorSuccess($this->user, $provider); + $this->security->handle(new TwoFactorProviderChallengePassed($this->user, $this->provider)); } } diff --git a/apps/admin_audit/tests/Listener/UserManagementEventListenerTest.php b/apps/admin_audit/tests/Listener/UserManagementEventListenerTest.php new file mode 100644 index 00000000000..c8cb0281113 --- /dev/null +++ b/apps/admin_audit/tests/Listener/UserManagementEventListenerTest.php @@ -0,0 +1,92 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\AdminAudit\Tests\Actions; + +use OCA\AdminAudit\IAuditLogger; +use OCA\AdminAudit\Listener\UserManagementEventListener; +use OCP\IUser; +use OCP\User\Events\UserChangedEvent; +use PHPUnit\Framework\MockObject\MockObject; +use Test\TestCase; + +class UserManagementEventListenerTest extends TestCase { + private IAuditLogger&MockObject $logger; + + private UserManagementEventListener $listener; + + private MockObject&IUser $user; + + protected function setUp(): void { + parent::setUp(); + + $this->logger = $this->createMock(IAuditLogger::class); + $this->listener = new UserManagementEventListener($this->logger); + + $this->user = $this->createMock(IUser::class); + $this->user->method('getUID')->willReturn('alice'); + $this->user->method('getDisplayName')->willReturn('Alice'); + } + + public function testSkipUnsupported(): void { + $this->logger->expects($this->never()) + ->method('info'); + + $event = new UserChangedEvent( + $this->user, + 'unsupported', + 'value', + ); + + $this->listener->handle($event); + } + + public function testUserEnabled(): void { + $this->logger->expects($this->once()) + ->method('info') + ->with('User enabled: "alice"', ['app' => 'admin_audit']); + + $event = new UserChangedEvent( + $this->user, + 'enabled', + true, + false, + ); + + $this->listener->handle($event); + } + + public function testUserDisabled(): void { + $this->logger->expects($this->once()) + ->method('info') + ->with('User disabled: "alice"', ['app' => 'admin_audit']); + + $event = new UserChangedEvent( + $this->user, + 'enabled', + false, + true, + ); + + $this->listener->handle($event); + } + + public function testEmailChanged(): void { + $this->logger->expects($this->once()) + ->method('info') + ->with('Email address changed for user alice', ['app' => 'admin_audit']); + + $event = new UserChangedEvent( + $this->user, + 'eMailAddress', + 'alice@alice.com', + '', + ); + + $this->listener->handle($event); + } +} |