Feature: User Audit Log

[iammajid]

This pull request extends the audit log by adding entries for ‘Setup Complete’ and ‘Account Reset’.

[coderabbitai]

Walkthrough

This pull request introduces two new event types—UserAccountResetEvent and UserAccountSetupCompleteEvent—to the audit logging system. It updates the JSON serialization/deserialization configuration and modifies the AuditEventDto switch statement to accommodate these events, along with renaming existing DTOs for consistency. New methods for logging user account reset and setup completion events are added to the EventLogger class. Frontend changes include the addition of new DTO types and Vue components for displaying detailed audit log information related to these events, as well as updated localization entries in both German and English. Additionally, new Flyway migrations are introduced to create database tables for tracking these events.

Possibly related PRs

• Web of Trust Setup #305: This PR involves earlier modifications to the AuditEventDto interface for adding a new event type for setting updates, indicating a code-level similarity in handling audit events.

Suggested reviewers

• overheadhunter

Tip

🌐 Web search-backed reviews and chat

• We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
• You can disable this feature by setting web_search: false in the knowledge_base settings.
• Please share any feedback in the Discord discussion.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between daad28c and 132a98b.

📒 Files selected for processing (1)

• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build and Test

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

frontend/src/components/AuditLogDetailsUserAccountSetupComplete.vue (1)

32-36: 🛠️ Refactor suggestion

Handle potential errors in authority resolution.

Similar to AuditLogDetailsUserAccountReset.vue, the onMounted hook should handle potential errors when fetching authority details.

🧹 Nitpick comments (6)

backend/src/main/java/org/cryptomator/hub/entities/events/UserAccountResetEvent.java (2)

15-18: Add field constraints and validation.

Consider enhancing the resetBy field with additional constraints:

1. Add nullability constraint
2. Add size limits
3. Consider input validation for security

 @Column(name = "reset_by")
+@NotNull
+@Size(min = 1, max = 255)
+@Pattern(regexp = "^[a-zA-Z0-9@._-]+$") // adjust pattern based on your username requirements
 private String resetBy;

---

20-26: Consider adding validation in setter.

The setter method could benefit from parameter validation to ensure data integrity.

 public void setResetBy(String resetBy) {
+    Objects.requireNonNull(resetBy, "resetBy must not be null");
+    if (resetBy.trim().isEmpty()) {
+        throw new IllegalArgumentException("resetBy must not be empty");
+    }
     this.resetBy = resetBy;
 }

backend/src/main/java/org/cryptomator/hub/entities/events/UserAccountSetupCompleteEvent.java (3)

15-15: Add Javadoc for the TYPE constant.

Consider adding Javadoc to document the purpose and usage of this constant, especially since it's public and used in the @DiscriminatorValue annotation.

+    /**
+     * Discriminator value for user account setup completion events.
+     * Used to identify this event type in the audit log.
+     */
     public static final String TYPE = "USER_ACCOUNT_SETUP_COMPLETE";

---

17-18: Add nullability constraint to the completedBy field.

Consider adding a nullability constraint to explicitly define whether this field can be null. This helps maintain data integrity and makes the contract clearer.

-    @Column(name = "completed_by")
+    @Column(name = "completed_by", nullable = false)
     private String completedBy;

---

29-34: Add self-comparison check to equals method.

The equals method should first check if the object being compared is the same instance (self-comparison) for better performance.

     @Override
     public boolean equals(Object o) {
+        if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
         if (!super.equals(o)) return false;
         UserAccountSetupCompleteEvent that = (UserAccountSetupCompleteEvent) o;
         return Objects.equals(completedBy, that.completedBy);
     }

frontend/src/components/AuditLogDetailsUserAccountReset.vue (1)

12-13: Consider handling loading and error states.

The component should handle loading and error states when fetching authority details to improve user experience.

-          <span v-if="resolvedResetBy != null">{{ resolvedResetBy.name }}</span>
-          <code class="text-xs" :class="{'text-gray-600': resolvedResetBy != null}">{{ event.resetBy }}</code>
+          <template v-if="loading">
+            <span class="text-gray-500">Loading...</span>
+          </template>
+          <template v-else-if="error">
+            <span class="text-red-500">Failed to load authority details</span>
+            <code class="text-xs">{{ event.resetBy }}</code>
+          </template>
+          <template v-else>
+            <span v-if="resolvedResetBy != null">{{ resolvedResetBy.name }}</span>
+            <code class="text-xs" :class="{'text-gray-600': resolvedResetBy != null}">{{ event.resetBy }}</code>
+          </template>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12ac28e and daad28c.

📒 Files selected for processing (12)

• backend/src/main/java/org/cryptomator/hub/api/AuditLogResource.java (4 hunks)
• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java (2 hunks)
• backend/src/main/java/org/cryptomator/hub/entities/events/EventLogger.java (1 hunks)
• backend/src/main/java/org/cryptomator/hub/entities/events/UserAccountResetEvent.java (1 hunks)
• backend/src/main/java/org/cryptomator/hub/entities/events/UserAccountSetupCompleteEvent.java (1 hunks)
• backend/src/main/resources/org/cryptomator/hub/flyway/V18__Create_Audit_Event_User_Account_Setup_Or_Reset.sql (1 hunks)
• frontend/src/common/auditlog.ts (2 hunks)
• frontend/src/components/AuditLog.vue (2 hunks)
• frontend/src/components/AuditLogDetailsUserAccountReset.vue (1 hunks)
• frontend/src/components/AuditLogDetailsUserAccountSetupComplete.vue (1 hunks)
• frontend/src/i18n/de-DE.json (2 hunks)
• frontend/src/i18n/en-US.json (2 hunks)

🔇 Additional comments (19)

backend/src/main/java/org/cryptomator/hub/entities/events/UserAccountResetEvent.java (1)

1-13: LGTM! Well-structured entity class definition.

The JPA annotations and inheritance setup are correctly implemented, following best practices for entity mapping and audit event hierarchy.

backend/src/main/java/org/cryptomator/hub/entities/events/UserAccountSetupCompleteEvent.java (1)

10-13: LGTM! Well-structured entity class.

The class is properly annotated with JPA annotations and follows the established naming conventions for audit event entities.

frontend/src/components/AuditLogDetailsUserAccountSetupComplete.vue (1)

12-13: Consider handling loading and error states.

Similar to AuditLogDetailsUserAccountReset.vue, this component should handle loading and error states when fetching authority details.

backend/src/main/java/org/cryptomator/hub/entities/events/EventLogger.java (1)

56-61: LGTM! The new event logging methods follow consistent patterns.

The implementation maintains consistency with other event logging methods in the class and properly handles event persistence.

Also applies to: 63-68

frontend/src/common/auditlog.ts (2)

39-47: LGTM! The new DTOs follow consistent patterns.

The new DTOs maintain consistency with existing DTOs and properly extend the base DTO type.

---

109-109: LGTM! Union type correctly updated.

The AuditEventDto union type has been properly updated to include the new event types.

backend/src/main/java/org/cryptomator/hub/api/UsersResource.java (2)

86-86: LGTM! Well-placed audit logging for account setup.

The logging statement is correctly placed after all user data is set but before persistence, ensuring accurate tracking of the setup completion event.

---

172-172: LGTM! Well-placed audit logging for account reset.

The logging statement is correctly placed after user data is cleared but before device/token deletion, ensuring accurate tracking of the reset event.

backend/src/main/java/org/cryptomator/hub/api/AuditLogResource.java (4)

22-23: LGTM! Proper import organization.

The new event class imports are correctly added and organized with related imports.

---

89-90: LGTM! Proper JSON type configuration.

The new event types are correctly registered in the JsonSubTypes configuration, following the established pattern.

---

114-115: LGTM! Consistent event handling.

The new cases in the switch statement follow the established pattern and correctly map to their respective DTOs.

---

144-148: LGTM! Well-structured DTOs.

The new DTOs follow the established record pattern with proper JSON property annotations.

frontend/src/components/AuditLog.vue (2)

108-109: LGTM! Proper event type handling in template.

The new event types are correctly handled with v-else-if conditions, following the established pattern.

---

177-178: LGTM! Well-organized component imports.

The new component imports are correctly added and organized with related imports.

backend/src/main/resources/org/cryptomator/hub/flyway/V18__Create_Audit_Event_User_Account_Setup_Or_Reset.sql (2)

1-7: LGTM! Well-structured setup event table.

The table definition follows best practices:

• Primary key constraint properly defined
• Foreign key with cascade delete ensures referential integrity
• Appropriate column types and NOT NULL constraints

---

9-15: LGTM! Well-structured reset event table.

The table definition follows best practices and maintains consistency with the setup event table:

• Consistent naming conventions
• Similar structure and constraints
• Proper foreign key relationship

frontend/src/i18n/en-US.json (2)

84-85: New Audit Log Event Entries Added.
The entries "auditLog.details.user.account.reset": "Reset User Account" and "auditLog.details.user.account.setup.complete": "Complete Account Setup" have been added correctly to support the new user account events as described in the PR objectives. Please ensure that the backend and frontend components reference these keys consistently.

---

94-94: Repositioning of Existing Audit Detail.
The "auditLog.details.wot.signedIdentity": "Signed Identity" entry has been moved to a different location in the JSON file. Verify that any components using this key are updated if necessary and that the change in ordering does not cause lookup issues.

frontend/src/i18n/de-DE.json (1)

84-85: New German Audit Log Event Entries Added.
The new entries "auditLog.details.user.account.reset": "Account zurückgesetzt" and "auditLog.details.user.account.setup.complete": "Account eingerichtet" are correctly added with appropriate German translations. Please double-check that these keys align with the corresponding backend event types.