From 335a62164c6bcae89bfd97d1907d35f71625e044 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Mon, 1 Mar 2021 20:31:04 +0100
Subject: [PATCH] Audit the last few backoffice user events

---
 .../DependencyInjection/UmbracoBuilderExtensions.cs    |  3 +++
 .../Security/BackOfficeUserManagerAuditer.cs           | 10 +++++++++-
 .../Security/BackOfficeUserManager.cs                  |  6 +++++-
 .../Security/UserPasswordResetNotification.cs          |  9 +++++++++
 4 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 src/Umbraco.Web.Common/Security/UserPasswordResetNotification.cs

diff --git a/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs b/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs
index 4fc0584f53..d678fa2279 100644
--- a/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs
+++ b/src/Umbraco.Web.BackOffice/DependencyInjection/UmbracoBuilderExtensions.cs
@@ -85,9 +85,12 @@ namespace Umbraco.Extensions
             builder.Services.AddUnique<IBackOfficeAntiforgery, BackOfficeAntiforgery>();
 
             builder.AddNotificationHandler<UserLoginSuccessNotification, BackOfficeUserManagerAuditer>();
+            builder.AddNotificationHandler<UserLogoutSuccessNotification, BackOfficeUserManagerAuditer>();
             builder.AddNotificationHandler<UserLoginFailedNotification, BackOfficeUserManagerAuditer>();
             builder.AddNotificationHandler<UserForgotPasswordRequestedNotification, BackOfficeUserManagerAuditer>();
             builder.AddNotificationHandler<UserForgotPasswordChangedNotification, BackOfficeUserManagerAuditer>();
+            builder.AddNotificationHandler<UserPasswordChangedNotification, BackOfficeUserManagerAuditer>();
+            builder.AddNotificationHandler<UserPasswordResetNotification, BackOfficeUserManagerAuditer>();
 
             return builder;
         }
diff --git a/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManagerAuditer.cs b/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManagerAuditer.cs
index 40b9cf81a7..00b93a7c37 100644
--- a/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManagerAuditer.cs
+++ b/src/Umbraco.Web.BackOffice/Security/BackOfficeUserManagerAuditer.cs
@@ -17,7 +17,9 @@ namespace Umbraco.Cms.Web.BackOffice.Security
         INotificationHandler<UserLogoutSuccessNotification>,
         INotificationHandler<UserLoginFailedNotification>,
         INotificationHandler<UserForgotPasswordRequestedNotification>,
-        INotificationHandler<UserForgotPasswordChangedNotification>
+        INotificationHandler<UserForgotPasswordChangedNotification>,
+        INotificationHandler<UserPasswordChangedNotification>,
+        INotificationHandler<UserPasswordResetNotification>
     {
         private readonly IAuditService _auditService;
         private readonly IUserService _userService;
@@ -51,6 +53,12 @@ namespace Umbraco.Cms.Web.BackOffice.Security
         public void Handle(UserForgotPasswordChangedNotification notification) =>
             WriteAudit(notification.PerformingUserId, notification.AffectedUserId, notification.IpAddress, "umbraco/user/password/forgot/change", "password forgot/change");
 
+        public void Handle(UserPasswordChangedNotification notification) =>
+            WriteAudit(notification.PerformingUserId, notification.AffectedUserId, notification.IpAddress, "umbraco/user/password/change", "password change");
+
+        public void Handle(UserPasswordResetNotification notification) =>
+            WriteAudit(notification.PerformingUserId, notification.AffectedUserId, notification.IpAddress, "umbraco/user/password/reset", "password reset");
+
         private IUser GetPerformingUser(string userId)
         {
             if (!int.TryParse(userId, out int asInt))
diff --git a/src/Umbraco.Web.Common/Security/BackOfficeUserManager.cs b/src/Umbraco.Web.Common/Security/BackOfficeUserManager.cs
index 4fed85121a..459ed57138 100644
--- a/src/Umbraco.Web.Common/Security/BackOfficeUserManager.cs
+++ b/src/Umbraco.Web.Common/Security/BackOfficeUserManager.cs
@@ -123,7 +123,7 @@ namespace Umbraco.Cms.Web.Common.Security
             IdentityResult result = await base.ChangePasswordWithResetAsync(userId, token, newPassword);
             if (result.Succeeded)
             {
-                NotifyPasswordChanged(_httpContextAccessor.HttpContext?.User, userId);
+                NotifyPasswordReset(_httpContextAccessor.HttpContext?.User, userId);
             }
 
             return result;
@@ -225,6 +225,10 @@ namespace Umbraco.Cms.Web.Common.Security
             (currentUserId, ip) => new UserPasswordChangedNotification(ip, userId, currentUserId)
         );
 
+        public void NotifyPasswordReset(IPrincipal currentUser, string userId) => Notify(currentUser,
+            (currentUserId, ip) => new UserPasswordResetNotification(ip, userId, currentUserId)
+        );
+
         public void NotifyResetAccessFailedCount(IPrincipal currentUser, string userId) => Notify(currentUser,
             (currentUserId, ip) => new UserResetAccessFailedCountNotification(ip, userId, currentUserId)
         );
diff --git a/src/Umbraco.Web.Common/Security/UserPasswordResetNotification.cs b/src/Umbraco.Web.Common/Security/UserPasswordResetNotification.cs
new file mode 100644
index 0000000000..618fa04f4c
--- /dev/null
+++ b/src/Umbraco.Web.Common/Security/UserPasswordResetNotification.cs
@@ -0,0 +1,9 @@
+namespace Umbraco.Cms.Web.Common.Security
+{
+    public class UserPasswordResetNotification : UserNotification
+    {
+        public UserPasswordResetNotification(string ipAddress, string affectedUserId, string performingUserId) : base(ipAddress, affectedUserId, performingUserId)
+        {
+        }
+    }
+}