fix: make contact audit logs belong to alias (#2270)

2024-11-16 08:58:30 +01:00 · 2024-10-17 15:42:54 +02:00 · 2024-10-17 15:42:54 +02:00 · ada297ecb6
commit ada297ecb6
parent 3c13f1ce20
6 changed files with 33 additions and 28 deletions
--- a/app/alias_audit_log_utils.py
+++ b/app/alias_audit_log_utils.py
@ -9,11 +9,17 @@ class AliasAuditLogAction(Enum):
    ChangeAliasStatus = "change_status"
    DeleteAlias = "delete"
    UpdateAlias = "update"
+
    InitiateTransferAlias = "initiate_transfer_alias"
    AcceptTransferAlias = "accept_transfer_alias"
    TransferredAlias = "transferred_alias"
+
    ChangedMailboxes = "changed_mailboxes"

+    CreateContact = "create_contact"
+    UpdateContact = "update_contact"
+    DeleteContact = "delete_contact"
+

 def emit_alias_audit_log(
    alias: Alias,
--- a/app/api/views/alias.py
+++ b/app/api/views/alias.py
@ -31,7 +31,6 @@ from app.errors import (
 from app.extensions import limiter
 from app.log import LOG
 from app.models import Alias, Contact, Mailbox, AliasDeleteReason
-from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction


@deprecated
@ -455,9 +454,9 @@ def delete_contact(contact_id):
    if not contact or contact.alias.user_id != user.id:
        return jsonify(error="Forbidden"), 403

-    emit_user_audit_log(
-        user=user,
-        action=UserAuditLogAction.DeleteContact,
+    emit_alias_audit_log(
+        alias=contact.alias,
+        action=AliasAuditLogAction.DeleteContact,
        message=f"Deleted contact {contact_id} ({contact.email})",
    )
    Contact.delete(contact_id)
@ -477,15 +476,15 @@ def toggle_contact(contact_id):
        200
    """
    user = g.user
-    contact = Contact.get(contact_id)
+    contact: Optional[Contact] = Contact.get(contact_id)

    if not contact or contact.alias.user_id != user.id:
        return jsonify(error="Forbidden"), 403

    contact.block_forward = not contact.block_forward
-    emit_user_audit_log(
-        user=user,
-        action=UserAuditLogAction.UpdateContact,
+    emit_alias_audit_log(
+        alias=contact.alias,
+        action=AliasAuditLogAction.UpdateContact,
        message=f"Set contact state {contact.id} {contact.email} -> {contact.website_email} to blocked {contact.block_forward}",
    )
    Session.commit()
--- a/app/contact_utils.py
+++ b/app/contact_utils.py
@ -4,12 +4,12 @@ from typing import Optional

 from sqlalchemy.exc import IntegrityError

+from app.alias_audit_log_utils import emit_alias_audit_log, AliasAuditLogAction
 from app.db import Session
 from app.email_utils import generate_reply_email, parse_full_address
 from app.email_validation import is_valid_email
 from app.log import LOG
 from app.models import Contact, Alias
-from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
 from app.utils import sanitize_email


@ -101,10 +101,14 @@ def create_contact(
            invalid_email=email == "",
            commit=True,
        )
-        emit_user_audit_log(
-            user=alias.user,
-            action=UserAuditLogAction.CreateContact,
-            message=f"Created contact {contact.id} ({contact.email})",
+        if automatic_created:
+            trail = ". Automatically created"
+        else:
+            trail = ". Created by user action"
+        emit_alias_audit_log(
+            alias=alias,
+            action=AliasAuditLogAction.CreateContact,
+            message=f"Created contact {contact.id} ({contact.email}){trail}",
            commit=True,
        )
        LOG.d(
--- a/app/dashboard/views/alias_contact_manager.py
+++ b/app/dashboard/views/alias_contact_manager.py
@ -11,6 +11,7 @@ from wtforms import StringField, validators, ValidationError

 # Need to import directly from config to allow modification from the tests
 from app import config, parallel_limiter, contact_utils
+from app.alias_audit_log_utils import emit_alias_audit_log, AliasAuditLogAction
 from app.contact_utils import ContactCreateError
 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -23,7 +24,6 @@ from app.errors import (
 )
 from app.log import LOG
 from app.models import Alias, Contact, EmailLog
-from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
 from app.utils import CSRFValidationForm


@ -200,9 +200,9 @@ def delete_contact(alias: Alias, contact_id: int):
        flash("You cannot delete reverse-alias", "warning")
    else:
        delete_contact_email = contact.website_email
-        emit_user_audit_log(
-            user=alias.user,
-            action=UserAuditLogAction.DeleteContact,
+        emit_alias_audit_log(
+            alias=alias,
+            action=AliasAuditLogAction.DeleteContact,
            message=f"Delete contact {contact_id} ({contact.email})",
        )
        Contact.delete(contact_id)
--- a/app/dashboard/views/contact_detail.py
+++ b/app/dashboard/views/contact_detail.py
@ -5,11 +5,11 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

+from app.alias_audit_log_utils import emit_alias_audit_log, AliasAuditLogAction
 from app.dashboard.base import dashboard_bp
 from app.db import Session
 from app.models import Contact
 from app.pgp_utils import PGPException, load_public_key_and_check
-from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction


 class PGPContactForm(FlaskForm):
@ -53,9 +53,9 @@ def contact_detail_route(contact_id):
                    except PGPException:
                        flash("Cannot add the public key, please verify it", "error")
                    else:
-                        emit_user_audit_log(
-                            user=current_user,
-                            action=UserAuditLogAction.UpdateContact,
+                        emit_alias_audit_log(
+                            alias=alias,
+                            action=AliasAuditLogAction.UpdateContact,
                            message=f"Added PGP key {contact.pgp_public_key} for contact {contact_id} ({contact.email})",
                        )
                        Session.commit()
@ -70,9 +70,9 @@ def contact_detail_route(contact_id):
                        )
            elif pgp_form.action.data == "remove":
                # Free user can decide to remove contact PGP key
-                emit_user_audit_log(
-                    user=current_user,
-                    action=UserAuditLogAction.UpdateContact,
+                emit_alias_audit_log(
+                    alias=alias,
+                    action=AliasAuditLogAction.UpdateContact,
                    message=f"Removed PGP key {contact.pgp_public_key} for contact {contact_id} ({contact.email})",
                )
                contact.pgp_public_key = None
--- a/app/user_audit_log_utils.py
+++ b/app/user_audit_log_utils.py
@ -20,10 +20,6 @@ class UserAuditLogAction(Enum):
    UpdateCustomDomain = "update_custom_domain"
    DeleteCustomDomain = "delete_custom_domain"

-    CreateContact = "create_contact"
-    UpdateContact = "update_contact"
-    DeleteContact = "delete_contact"
-
    CreateDirectory = "create_directory"
    UpdateDirectory = "update_directory"
    DeleteDirectory = "delete_directory"