fix(audit): add SLF4J logging to 19 operations missing application-level logs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -74,6 +74,7 @@ public class AccountService {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Display name must not be blank");
|
||||
}
|
||||
logtoClient.updateUserProfile(userId, Map.of("name", name.trim()));
|
||||
log.info("Updated display name for user {}", userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.PROFILE_UPDATED,
|
||||
userId, null, null, "SUCCESS", Map.of("name", name.trim()));
|
||||
}
|
||||
@@ -92,6 +93,7 @@ public class AccountService {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Current password is incorrect");
|
||||
}
|
||||
logtoClient.updateUserPassword(userId, newPassword);
|
||||
log.info("Password changed for user {}", userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.PASSWORD_CHANGED,
|
||||
userId, null, null, "SUCCESS", null);
|
||||
|
||||
@@ -153,6 +155,7 @@ public class AccountService {
|
||||
public boolean verifyAndEnableTotp(String userId, String secret, String code) {
|
||||
if (!verifyTotpCode(secret, code)) return false;
|
||||
logtoClient.createTotpVerification(userId, secret);
|
||||
log.info("TOTP MFA enabled for user {}", userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.MFA_TOTP_ENABLED,
|
||||
userId, null, null, "SUCCESS", null);
|
||||
return true;
|
||||
@@ -172,6 +175,7 @@ public class AccountService {
|
||||
var result = logtoClient.createBackupCodes(userId);
|
||||
@SuppressWarnings("unchecked")
|
||||
List<String> codes = (List<String>) result.get("codes");
|
||||
log.info("Backup codes generated for user {}", userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.MFA_BACKUP_CODES_GENERATED,
|
||||
userId, null, null, "SUCCESS", null);
|
||||
return new BackupCodesData(codes != null ? codes : List.of());
|
||||
@@ -182,6 +186,7 @@ public class AccountService {
|
||||
for (var v : verifications) {
|
||||
logtoClient.deleteMfaVerification(userId, String.valueOf(v.get("id")));
|
||||
}
|
||||
log.info("MFA removed for user {}", userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.MFA_TOTP_REMOVED,
|
||||
userId, null, null, "SUCCESS", null);
|
||||
}
|
||||
@@ -208,6 +213,7 @@ public class AccountService {
|
||||
throw new ResponseStatusException(HttpStatus.NOT_FOUND, "Passkey not found");
|
||||
}
|
||||
logtoClient.renameMfaVerification(userId, credentialId, name);
|
||||
log.info("Passkey {} renamed for user {}", credentialId, userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.PASSKEY_RENAMED,
|
||||
credentialId, null, null, "SUCCESS", Map.of("name", name));
|
||||
}
|
||||
@@ -220,6 +226,7 @@ public class AccountService {
|
||||
throw new ResponseStatusException(HttpStatus.NOT_FOUND, "Passkey not found");
|
||||
}
|
||||
logtoClient.deleteMfaVerification(userId, credentialId);
|
||||
log.info("Passkey {} deleted for user {}", credentialId, userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.PASSKEY_DELETED,
|
||||
credentialId, null, null, "SUCCESS", null);
|
||||
}
|
||||
@@ -231,6 +238,7 @@ public class AccountService {
|
||||
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid MFA preference: must be 'totp' or 'webauthn'");
|
||||
}
|
||||
logtoClient.updateUserCustomData(userId, Map.of("mfa_method_preference", preference));
|
||||
log.info("MFA preference set to '{}' for user {}", preference, userId);
|
||||
auditService.log(resolveUUID(userId), null, null, AuditAction.MFA_PREFERENCE_CHANGED,
|
||||
userId, null, null, "SUCCESS", Map.of("preference", preference));
|
||||
}
|
||||
|
||||
@@ -211,6 +211,7 @@ public class TenantPortalService {
|
||||
}
|
||||
String resolvedRoleId = resolveOrgRoleId(roleName);
|
||||
String userId = logtoClient.createAndInviteUser(email, orgId, resolvedRoleId);
|
||||
log.info("Invited team member {} to tenant {}", email, tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.TEAM_INVITE,
|
||||
userId, null, null, "SUCCESS", Map.of("email", email, "role", roleName != null ? roleName : ""));
|
||||
return userId;
|
||||
@@ -242,6 +243,7 @@ public class TenantPortalService {
|
||||
}
|
||||
String resolvedRoleId = resolveOrgRoleId(roleName);
|
||||
logtoClient.assignOrganizationRole(orgId, userId, resolvedRoleId);
|
||||
log.info("Changed role for user {} in tenant {}", userId, tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.TEAM_ROLE_CHANGE,
|
||||
userId, null, null, "SUCCESS", Map.of("role", roleName != null ? roleName : ""));
|
||||
}
|
||||
@@ -266,6 +268,7 @@ public class TenantPortalService {
|
||||
throw new IllegalArgumentException("Password must be at least 8 characters");
|
||||
}
|
||||
serverApiClient.resetServerAdminPassword(endpoint, newPassword);
|
||||
log.info("Reset server admin password for tenant {}", tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.SERVER_ADMIN_PASSWORD_RESET,
|
||||
tenant.getSlug(), null, null, "SUCCESS", null);
|
||||
}
|
||||
@@ -292,6 +295,7 @@ public class TenantPortalService {
|
||||
throw new IllegalArgumentException("Password must be at least 8 characters");
|
||||
}
|
||||
logtoClient.updateUserPassword(userId, newPassword);
|
||||
log.info("Reset password for team member {} in tenant {}", userId, tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.TEAM_MEMBER_PASSWORD_RESET,
|
||||
userId, null, null, "SUCCESS", null);
|
||||
}
|
||||
@@ -342,6 +346,7 @@ public class TenantPortalService {
|
||||
String token = license != null ? license.getToken() : "";
|
||||
vendorTenantService.provisionAsync(
|
||||
tenant.getId(), tenant.getSlug(), tenant.getTier().name(), token, null);
|
||||
log.info("Upgrading server for tenant {}", tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.SERVER_UPGRADED,
|
||||
tenant.getSlug(), null, null, "SUCCESS", null);
|
||||
}
|
||||
@@ -385,6 +390,7 @@ public class TenantPortalService {
|
||||
throw new IllegalArgumentException("User is not a member of this organization");
|
||||
}
|
||||
logtoClient.deleteAllMfaVerifications(userId);
|
||||
log.info("Reset MFA for team member {} in tenant {}", userId, tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.TEAM_MEMBER_MFA_RESET,
|
||||
userId, null, null, "SUCCESS", null);
|
||||
}
|
||||
@@ -435,6 +441,7 @@ public class TenantPortalService {
|
||||
}
|
||||
tenant.setSettings(settings);
|
||||
tenantService.save(tenant);
|
||||
log.info("Updated auth settings for tenant {}", tenant.getSlug());
|
||||
auditService.log(actorId, null, tenant.getId(), AuditAction.TENANT_AUTH_SETTINGS_UPDATED,
|
||||
tenant.getSlug(), null, null, "SUCCESS", updates);
|
||||
}
|
||||
|
||||
@@ -82,6 +82,7 @@ public class TenantSsoService {
|
||||
UUID actorId) {
|
||||
validateConnectorBelongsToTenant(connectorId);
|
||||
var result = logtoClient.updateSsoConnector(connectorId, updates);
|
||||
log.info("Updated SSO connector {}", connectorId);
|
||||
auditService.log(actorId, null, TenantContext.getTenantId(), AuditAction.SSO_CONNECTOR_UPDATED,
|
||||
connectorId, null, null, "SUCCESS", null);
|
||||
return result;
|
||||
|
||||
@@ -212,6 +212,7 @@ public class EmailConnectorService {
|
||||
)
|
||||
));
|
||||
}
|
||||
log.info("Registration mode set to: {}", enabled ? "enabled" : "disabled");
|
||||
auditService.log(actorId, null, null, AuditAction.REGISTRATION_TOGGLED, null, null, null, "SUCCESS",
|
||||
Map.of("enabled", enabled));
|
||||
}
|
||||
|
||||
@@ -2,6 +2,8 @@ package io.cameleer.saas.vendor;
|
||||
|
||||
import io.cameleer.saas.audit.AuditAction;
|
||||
import io.cameleer.saas.audit.AuditService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
@@ -18,6 +20,8 @@ import java.util.UUID;
|
||||
@PreAuthorize("hasAuthority('SCOPE_platform:admin')")
|
||||
public class VendorAuthPolicyController {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(VendorAuthPolicyController.class);
|
||||
|
||||
private static final Set<String> VALID_MFA_MODES = Set.of("off", "optional", "required");
|
||||
private static final Set<String> VALID_PASSKEY_MODES = Set.of("optional", "preferred", "required");
|
||||
|
||||
@@ -77,6 +81,7 @@ public class VendorAuthPolicyController {
|
||||
changes.put("passkeyEnabled_new", policy.isPasskeyEnabled());
|
||||
changes.put("passkeyMode_old", passkeyMode_old);
|
||||
changes.put("passkeyMode_new", policy.getPasskeyMode());
|
||||
log.info("Updated platform auth policy");
|
||||
auditService.log(resolveActorId(jwt), null, null, AuditAction.PLATFORM_AUTH_POLICY_UPDATED,
|
||||
null, null, null, "SUCCESS", changes);
|
||||
|
||||
|
||||
@@ -342,6 +342,7 @@ public class VendorTenantService {
|
||||
var license = licenseService.getActiveLicense(tenantId).orElse(null);
|
||||
String token = license != null ? license.getToken() : "";
|
||||
self.provisionAsync(tenantId, tenant.getSlug(), tenant.getTier().name(), token, null);
|
||||
log.info("Upgrading server for tenant {}", tenant.getSlug());
|
||||
auditService.log(actorId, null, tenantId,
|
||||
AuditAction.SERVER_UPGRADED, tenant.getSlug(),
|
||||
null, null, "SUCCESS", null);
|
||||
|
||||
Reference in New Issue
Block a user