Merge branch 'main' into feature/audit-logs-add-filters

strapi · Feb 7, 2023 · b4188fc · b4188fc
2 parents b437225 + 0072ce9
commit b4188fc
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 12 deletions.
diff --git a/packages/core/admin/ee/server/services/__tests__/audit-logs.test.js b/packages/core/admin/ee/server/services/__tests__/audit-logs.test.js
@@ -75,17 +75,6 @@ describe('Audit logs service', () => {
         deleteMany: mockEntityServiceDeleteMany,
       },
       eventHub: createEventHub(),
-      requestContext: {
-        get() {
-          return {
-            state: {
-              user: {
-                id: 1,
-              },
-            },
-          };
-        },
-      },
     };
 
     const mockSaveEvent = jest.fn();
@@ -121,6 +110,25 @@ describe('Audit logs service', () => {
       mockEntityServiceCreate.mockClear();
     });
 
+    beforeEach(() => {
+      strapi.requestContext = {
+        get() {
+          return {
+            state: {
+              user: {
+                id: 1,
+              },
+              auth: {
+                strategy: {
+                  name: 'admin',
+                },
+              },
+            },
+          };
+        },
+      };
+    });
+
     it('should register and init the audit logs service when registered', async () => {
       const eeAdminRegister = require('../../register');
 
@@ -224,5 +232,28 @@ describe('Audit logs service', () => {
       expect(mockScheduleJob).toHaveBeenCalledWith('0 0 * * *', expect.any(Function));
       expect(mockDeleteExpiredEvents).toHaveBeenCalledWith(expect.any(Date));
     });
+
+    it('should not log event if strategy is not admin', async () => {
+      strapi.requestContext = {
+        get() {
+          return {
+            state: {
+              auth: {
+                strategy: {
+                  name: 'content-api',
+                },
+              },
+            },
+          };
+        },
+      };
+
+      const auditLogsService = createAuditLogsService(strapi);
+      await auditLogsService.register();
+
+      await strapi.eventHub.emit('entry.create', { meta: 'test' });
+
+      expect(mockSaveEvent).not.toHaveBeenCalled();
+    });
   });
 });
diff --git a/packages/core/admin/ee/server/services/audit-logs.js b/packages/core/admin/ee/server/services/audit-logs.js
@@ -58,6 +58,16 @@ const createAuditLogsService = (strapi) => {
   const eventMap = getEventMap(defaultEvents);
 
   const processEvent = (name, ...args) => {
+    const state = strapi.requestContext.get()?.state;
+
+    // Ignore events with auth strategies different from admin
+    const isUsingAdminAuth = state?.auth?.strategy.name === 'admin';
+    const user = state?.user;
+
+    if (!isUsingAdminAuth || !user) {
+      return null;
+    }
+
     const getPayload = eventMap[name];
 
     // Ignore the event if it's not in the map
@@ -75,7 +85,7 @@ const createAuditLogsService = (strapi) => {
       action: name,
       date: new Date().toISOString(),
       payload: getPayload(...args) || {},
-      userId: strapi.requestContext.get()?.state?.user?.id,
+      userId: user.id,
     };
   };