Audit the last few backoffice user events
This commit is contained in:
Kenn Jacobsen
@@ -85,9 +85,12 @@ namespace Umbraco.Extensions
|
||||
builder.Services.AddUnique<IBackOfficeAntiforgery, BackOfficeAntiforgery>();
|
||||
|
||||
builder.AddNotificationHandler<UserLoginSuccessNotification, BackOfficeUserManagerAuditer>();
|
||||
builder.AddNotificationHandler<UserLogoutSuccessNotification, BackOfficeUserManagerAuditer>();
|
||||
builder.AddNotificationHandler<UserLoginFailedNotification, BackOfficeUserManagerAuditer>();
|
||||
builder.AddNotificationHandler<UserForgotPasswordRequestedNotification, BackOfficeUserManagerAuditer>();
|
||||
builder.AddNotificationHandler<UserForgotPasswordChangedNotification, BackOfficeUserManagerAuditer>();
|
||||
builder.AddNotificationHandler<UserPasswordChangedNotification, BackOfficeUserManagerAuditer>();
|
||||
builder.AddNotificationHandler<UserPasswordResetNotification, BackOfficeUserManagerAuditer>();
|
||||
|
||||
return builder;
|
||||
}
|
||||
|
||||
@@ -17,7 +17,9 @@ namespace Umbraco.Cms.Web.BackOffice.Security
|
||||
INotificationHandler<UserLogoutSuccessNotification>,
|
||||
INotificationHandler<UserLoginFailedNotification>,
|
||||
INotificationHandler<UserForgotPasswordRequestedNotification>,
|
||||
INotificationHandler<UserForgotPasswordChangedNotification>
|
||||
INotificationHandler<UserForgotPasswordChangedNotification>,
|
||||
INotificationHandler<UserPasswordChangedNotification>,
|
||||
INotificationHandler<UserPasswordResetNotification>
|
||||
{
|
||||
private readonly IAuditService _auditService;
|
||||
private readonly IUserService _userService;
|
||||
@@ -51,6 +53,12 @@ namespace Umbraco.Cms.Web.BackOffice.Security
|
||||
public void Handle(UserForgotPasswordChangedNotification notification) =>
|
||||
WriteAudit(notification.PerformingUserId, notification.AffectedUserId, notification.IpAddress, "umbraco/user/password/forgot/change", "password forgot/change");
|
||||
|
||||
public void Handle(UserPasswordChangedNotification notification) =>
|
||||
WriteAudit(notification.PerformingUserId, notification.AffectedUserId, notification.IpAddress, "umbraco/user/password/change", "password change");
|
||||
|
||||
public void Handle(UserPasswordResetNotification notification) =>
|
||||
WriteAudit(notification.PerformingUserId, notification.AffectedUserId, notification.IpAddress, "umbraco/user/password/reset", "password reset");
|
||||
|
||||
private IUser GetPerformingUser(string userId)
|
||||
{
|
||||
if (!int.TryParse(userId, out int asInt))
|
||||
|
||||
@@ -123,7 +123,7 @@ namespace Umbraco.Cms.Web.Common.Security
|
||||
IdentityResult result = await base.ChangePasswordWithResetAsync(userId, token, newPassword);
|
||||
if (result.Succeeded)
|
||||
{
|
||||
NotifyPasswordChanged(_httpContextAccessor.HttpContext?.User, userId);
|
||||
NotifyPasswordReset(_httpContextAccessor.HttpContext?.User, userId);
|
||||
}
|
||||
|
||||
return result;
|
||||
@@ -225,6 +225,10 @@ namespace Umbraco.Cms.Web.Common.Security
|
||||
(currentUserId, ip) => new UserPasswordChangedNotification(ip, userId, currentUserId)
|
||||
);
|
||||
|
||||
public void NotifyPasswordReset(IPrincipal currentUser, string userId) => Notify(currentUser,
|
||||
(currentUserId, ip) => new UserPasswordResetNotification(ip, userId, currentUserId)
|
||||
);
|
||||
|
||||
public void NotifyResetAccessFailedCount(IPrincipal currentUser, string userId) => Notify(currentUser,
|
||||
(currentUserId, ip) => new UserResetAccessFailedCountNotification(ip, userId, currentUserId)
|
||||
);
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
namespace Umbraco.Cms.Web.Common.Security
|
||||
{
|
||||
public class UserPasswordResetNotification : UserNotification
|
||||
{
|
||||
public UserPasswordResetNotification(string ipAddress, string affectedUserId, string performingUserId) : base(ipAddress, affectedUserId, performingUserId)
|
||||
{
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user