namespace BookStack\Auth;
- use Activity;
use BookStack\Entities\EntityProvider;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
/**
* Get all the users with their permissions in a paginated format.
+ * Note: Due to the use of email search this should only be used when
+ * user is assumed to be trusted. (Admin users).
+ * Email search can be abused to extract email addresses.
*/
public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator
{
$sort = $sortData['sort'];
$query = User::query()->select(['*'])
- ->withLastActivityAt()
+ ->scopes(['withLastActivityAt'])
->with(['roles', 'avatar'])
->withCount('mfaValues')
->orderBy($sort, $sortData['order']);
}
}
- /**
- * Get the latest activity for a user.
- */
- public function getActivity(User $user, int $count = 20, int $page = 0): array
- {
- return Activity::userActivity($user, $count, $page);
- }
-
/**
* Get the recently created content for this given user.
*/
<?php
- namespace Tests;
+ namespace Tests\Actions;
use BookStack\Actions\Activity;
- use BookStack\Actions\ActivityService;
+ use BookStack\Actions\ActivityLogger;
use BookStack\Actions\ActivityType;
use BookStack\Auth\UserRepo;
use BookStack\Entities\Models\Chapter;
use BookStack\Entities\Repos\PageRepo;
use BookStack\Entities\Tools\TrashCan;
use Carbon\Carbon;
+ use Tests\TestCase;
+ use function app;
+ use function config;
class AuditLogTest extends TestCase
{
- /** @var ActivityService */
+ /** @var ActivityLogger */
protected $activityService;
protected function setUp(): void
{
parent::setUp();
- $this->activityService = app(ActivityService::class);
+ $this->activityService = app(ActivityLogger::class);
}
public function test_only_accessible_with_right_permissions()
$admin = $this->getAdmin();
$this->actingAs($admin);
$page = Page::query()->first();
- $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE);
+ $this->activityService->add(ActivityType::PAGE_CREATE, $page);
$activity = Activity::query()->orderBy('id', 'desc')->first();
$resp = $this->get('settings/audit');
$this->actingAs($this->getAdmin());
$page = Page::query()->first();
$pageName = $page->name;
- $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE);
+ $this->activityService->add(ActivityType::PAGE_CREATE, $page);
app(PageRepo::class)->destroy($page);
app(TrashCan::class)->empty();
$viewer = $this->getViewer();
$this->actingAs($viewer);
$page = Page::query()->first();
- $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE);
+ $this->activityService->add(ActivityType::PAGE_CREATE, $page);
$this->actingAs($this->getAdmin());
app(UserRepo::class)->destroy($viewer);
{
$this->actingAs($this->getAdmin());
$page = Page::query()->first();
- $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE);
+ $this->activityService->add(ActivityType::PAGE_CREATE, $page);
$resp = $this->get('settings/audit');
$resp->assertSeeText($page->name);
{
$this->actingAs($this->getAdmin());
$page = Page::query()->first();
- $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE);
+ $this->activityService->add(ActivityType::PAGE_CREATE, $page);
$yesterday = (Carbon::now()->subDay()->format('Y-m-d'));
$tomorrow = (Carbon::now()->addDay()->format('Y-m-d'));
$editor = $this->getEditor();
$this->actingAs($admin);
$page = Page::query()->first();
- $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE);
+ $this->activityService->add(ActivityType::PAGE_CREATE, $page);
$this->actingAs($editor);
$chapter = Chapter::query()->first();
- $this->activityService->addForEntity($chapter, ActivityType::CHAPTER_UPDATE);
+ $this->activityService->add(ActivityType::CHAPTER_UPDATE, $chapter);
$resp = $this->actingAs($admin)->get('settings/audit?user=' . $admin->id);
$resp->assertSeeText($page->name);
$resp->assertSee('192.123.45.1');
}
+ public function test_ip_address_is_searchable()
+ {
+ config()->set('app.proxies', '*');
+ $editor = $this->getEditor();
+ /** @var Page $page */
+ $page = Page::query()->first();
+
+ $this->actingAs($editor)->put($page->getUrl(), [
+ 'name' => 'Updated page',
+ 'html' => '<p>Updated content</p>',
+ ], [
+ 'X-Forwarded-For' => '192.123.45.1',
+ ])->assertRedirect($page->refresh()->getUrl());
+
+ $this->actingAs($editor)->put($page->getUrl(), [
+ 'name' => 'Updated page',
+ 'html' => '<p>Updated content</p>',
+ ], [
+ 'X-Forwarded-For' => '192.122.45.1',
+ ])->assertRedirect($page->refresh()->getUrl());
+
+ $resp = $this->asAdmin()->get('/settings/audit?&ip=192.123');
+ $resp->assertSee('192.123.45.1');
+ $resp->assertDontSee('192.122.45.1');
+ }
+
public function test_ip_address_not_logged_in_demo_mode()
{
config()->set('app.proxies', '*');
projects / bookstack / commitdiff