Remove sensitive information from events

skoruba · Nov 1, 2019 · 4637a38 · 4637a38
1 parent c632bad
commit 4637a38
Show file tree

Hide file tree

Showing 12 changed files with 98 additions and 53 deletions.
diff --git a/....IdentityServer4.Admin.BusinessLogic.Identity/Events/Identity/UserPasswordChangedEvent.cs b/....IdentityServer4.Admin.BusinessLogic.Identity/Events/Identity/UserPasswordChangedEvent.cs
@@ -2,13 +2,13 @@
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Identity.Events.Identity
 {
-    public class UserPasswordChangedEvent<TUserChangePasswordDto> : AuditEvent
+    public class UserPasswordChangedEvent : AuditEvent
     {
-        public TUserChangePasswordDto UserPassword { get; set; }
+        public string UserName { get; set; }
 
-        public UserPasswordChangedEvent(TUserChangePasswordDto userPassword)
+        public UserPasswordChangedEvent(string userName)
         {
-            UserPassword = userPassword;
+            UserName = userName;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic.Identity/Services/IdentityService.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic.Identity/Services/IdentityService.cs
@@ -398,7 +398,7 @@ public virtual async Task<IdentityResult> UserChangePasswordAsync(TUserChangePas
 
             var identityResult = await IdentityRepository.UserChangePasswordAsync(userPassword.UserId.ToString(), userPassword.Password);
 
-            await AuditEventLogger.LogEventAsync(new UserPasswordChangedEvent<TUserChangePasswordDto>(userPassword));
+            await AuditEventLogger.LogEventAsync(new UserPasswordChangedEvent(userPassword.UserName));
 
             return HandleIdentityError(identityResult, IdentityServiceResources.UserChangePasswordFailed().Description, IdentityServiceResources.IdentityErrorKey().Description, userPassword);
         }

diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretAddedEvent.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretAddedEvent.cs
@@ -1,15 +1,21 @@
-using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
+using System;
+using Skoruba.AuditLogging.Events;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.ApiResource
 {
     public class ApiSecretAddedEvent : AuditEvent
     {
-        public ApiSecretsDto ApiSecret { get; set; }
+        public string Type { get; set; }
 
-        public ApiSecretAddedEvent(ApiSecretsDto apiSecret)
+        public DateTime? Expiration { get; set; }
+
+        public int ApiResourceId { get; set; }
+
+        public ApiSecretAddedEvent(int apiResourceId, string type, DateTime? expiration)
         {
-            ApiSecret = apiSecret;
+            ApiResourceId = apiResourceId;
+            Type = type;
+            Expiration = expiration;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretDeletedEvent.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretDeletedEvent.cs
@@ -1,15 +1,17 @@
 using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.ApiResource
 {
     public class ApiSecretDeletedEvent : AuditEvent
     {
-        public ApiSecretsDto ApiSecret { get; set; }
+        public int ApiResourceId { get; set; }
 
-        public ApiSecretDeletedEvent(ApiSecretsDto apiSecret)
+        public int ApiSecretId { get; set; }
+
+        public ApiSecretDeletedEvent(int apiResourceId, int apiSecretId)
         {
-            ApiSecret = apiSecret;
+            ApiResourceId = apiResourceId;
+            ApiSecretId = apiSecretId;
         }
     }
 }
diff --git a/...Skoruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretRequestedEvent.cs b/...Skoruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretRequestedEvent.cs
@@ -1,15 +1,24 @@
-using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
+using System;
+using Skoruba.AuditLogging.Events;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.ApiResource
 {
     public class ApiSecretRequestedEvent : AuditEvent
     {
-        public ApiSecretsDto ApiSecrets { get; set; }
+        public int ApiResourceId { get; set; }
 
-        public ApiSecretRequestedEvent(ApiSecretsDto apiSecrets)
+        public int ApiSecretId { get; set; }
+
+        public string Type { get; set; }
+
+        public DateTime? Expiration { get; set; }
+
+        public ApiSecretRequestedEvent(int apiResourceId, int apiSecretId, string type, DateTime? expiration)
         {
-            ApiSecrets = apiSecrets;
+            ApiResourceId = apiResourceId;
+            ApiSecretId = apiSecretId;
+            Type = type;
+            Expiration = expiration;
         }
     }
 }
diff --git a/...koruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretsRequestedEvent.cs b/...koruba.IdentityServer4.Admin.BusinessLogic/Events/ApiResource/ApiSecretsRequestedEvent.cs
@@ -1,15 +1,20 @@
-using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
+using System;
+using System.Collections.Generic;
+using Skoruba.AuditLogging.Events;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.ApiResource
 {
     public class ApiSecretsRequestedEvent : AuditEvent
     {
-        public ApiSecretsDto ApiSecrets { get; set; }
+        public int ApiResourceId { get; set; }
 
-        public ApiSecretsRequestedEvent(ApiSecretsDto apiSecrets)
+        public List<(int apiSecretId, string type, DateTime? expiration)> Secrets { get; set; }
+
+
+        public ApiSecretsRequestedEvent(int apiResourceId, List<(int apiSecretId, string type, DateTime? expiration)> secrets)
         {
-            ApiSecrets = apiSecrets;
+            ApiResourceId = apiResourceId;
+            Secrets = secrets;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretAddedEvent.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretAddedEvent.cs
@@ -1,15 +1,21 @@
-using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
+using System;
+using Skoruba.AuditLogging.Events;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.Client
 {
     public class ClientSecretAddedEvent : AuditEvent
     {
-        public ClientSecretsDto ClientSecret { get; set; }
+        public string Type { get; set; }
 
-        public ClientSecretAddedEvent(ClientSecretsDto clientSecret)
+        public DateTime? Expiration { get; set; }
+
+        public int ClientId { get; set; }
+
+        public ClientSecretAddedEvent(int clientId, string type, DateTime? expiration)
         {
-            ClientSecret = clientSecret;
+            ClientId = clientId;
+            Type = type;
+            Expiration = expiration;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretDeletedEvent.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretDeletedEvent.cs
@@ -1,15 +1,17 @@
 using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.Client
 {
     public class ClientSecretDeletedEvent : AuditEvent
     {
-        public ClientSecretsDto ClientSecret { get; set; }
+        public int ClientId { get; set; }
 
-        public ClientSecretDeletedEvent(ClientSecretsDto clientSecret)
+        public int ClientSecretId { get; set; }
+
+        public ClientSecretDeletedEvent(int clientId, int clientSecretId)
         {
-            ClientSecret = clientSecret;
+            ClientId = clientId;
+            ClientSecretId = clientSecretId;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretRequestedEvent.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretRequestedEvent.cs
@@ -1,15 +1,24 @@
-using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
+using System;
+using Skoruba.AuditLogging.Events;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.Client
 {
     public class ClientSecretRequestedEvent : AuditEvent
     {
-        public ClientSecretsDto ClientSecrets { get; set; }
+        public int ClientId { get; set; }
 
-        public ClientSecretRequestedEvent(ClientSecretsDto clientSecrets)
+        public int ClientSecretId { get; set; }
+
+        public string Type { get; set; }
+
+        public DateTime? Expiration { get; set; }
+
+        public ClientSecretRequestedEvent(int clientId, int clientSecretId, string type, DateTime? expiration)
         {
-            ClientSecrets = clientSecrets;
+            ClientId = clientId;
+            ClientSecretId = clientSecretId;
+            Type = type;
+            Expiration = expiration;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretsRequestedEvent.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Events/Client/ClientSecretsRequestedEvent.cs
@@ -1,15 +1,19 @@
-using Skoruba.AuditLogging.Events;
-using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
+using System;
+using System.Collections.Generic;
+using Skoruba.AuditLogging.Events;
 
 namespace Skoruba.IdentityServer4.Admin.BusinessLogic.Events.Client
 {
     public class ClientSecretsRequestedEvent : AuditEvent
     {
-        public ClientSecretsDto ClientSecrets { get; set; }
+        public int ClientId { get; set; }
 
-        public ClientSecretsRequestedEvent(ClientSecretsDto clientSecrets)
+        public List<(int clientSecretId, string type, DateTime? expiration)> Secrets { get; set; }
+
+        public ClientSecretsRequestedEvent(int clientId, List<(int clientSecretId, string type, DateTime? expiration)> secrets)
         {
-            ClientSecrets = clientSecrets;
+            ClientId = clientId;
+            Secrets = secrets;
         }
     }
 }
diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Services/ApiResourceService.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Services/ApiResourceService.cs
@@ -1,4 +1,5 @@
-using System.Threading.Tasks;
+using System.Linq;
+using System.Threading.Tasks;
 using IdentityServer4.Models;
 using Skoruba.AuditLogging.Services;
 using Skoruba.IdentityServer4.Admin.BusinessLogic.Dtos.Configuration;
@@ -310,7 +311,7 @@ public virtual async Task<ApiSecretsDto> GetApiSecretsAsync(int apiResourceId, i
             apiSecretsDto.ApiResourceId = apiResourceId;
             apiSecretsDto.ApiResourceName = await ApiResourceRepository.GetApiResourceNameAsync(apiResourceId);
 
-            await AuditEventLogger.LogEventAsync(new ApiSecretsRequestedEvent(apiSecretsDto));
+            await AuditEventLogger.LogEventAsync(new ApiSecretsRequestedEvent(apiSecretsDto.ApiResourceId, apiSecretsDto.ApiSecrets.Select(x => (x.Id, x.Type, x.Expiration)).ToList()));
 
             return apiSecretsDto;
         }
@@ -323,7 +324,7 @@ public virtual async Task<int> AddApiSecretAsync(ApiSecretsDto apiSecret)
 
             var added = await ApiResourceRepository.AddApiSecretAsync(apiSecret.ApiResourceId, secret);
 
-            await AuditEventLogger.LogEventAsync(new ApiSecretAddedEvent(apiSecret));
+            await AuditEventLogger.LogEventAsync(new ApiSecretAddedEvent(apiSecret.ApiResourceId, apiSecret.Type, apiSecret.Expiration));
 
             return added;
         }
@@ -334,7 +335,7 @@ public virtual async Task<ApiSecretsDto> GetApiSecretAsync(int apiSecretId)
             if (apiSecret == null) throw new UserFriendlyErrorPageException(string.Format(ApiResourceServiceResources.ApiSecretDoesNotExist().Description, apiSecretId), ApiResourceServiceResources.ApiSecretDoesNotExist().Description);
             var apiSecretsDto = apiSecret.ToModel();
 
-            await AuditEventLogger.LogEventAsync(new ApiSecretRequestedEvent(apiSecretsDto));
+            await AuditEventLogger.LogEventAsync(new ApiSecretRequestedEvent(apiSecretsDto.ApiResourceId, apiSecretsDto.ApiSecretId, apiSecretsDto.Type, apiSecretsDto.Expiration));
 
             return apiSecretsDto;
         }
@@ -345,7 +346,7 @@ public virtual async Task<int> DeleteApiSecretAsync(ApiSecretsDto apiSecret)
 
             var deleted = await ApiResourceRepository.DeleteApiSecretAsync(secret);
 
-            await AuditEventLogger.LogEventAsync(new ApiSecretDeletedEvent(apiSecret));
+            await AuditEventLogger.LogEventAsync(new ApiSecretDeletedEvent(apiSecret.ApiResourceId, apiSecret.ApiSecretId));
 
             return deleted;
         }

diff --git a/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Services/ClientService.cs b/src/Skoruba.IdentityServer4.Admin.BusinessLogic/Services/ClientService.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using IdentityServer4.Models;
 using Skoruba.AuditLogging.Services;
@@ -55,7 +56,7 @@ private void PrepareClientTypeForNewClient(ClientDto client)
                     client.AllowedGrantTypes.AddRange(GrantTypes.Hybrid);
                     break;
                 case ClientType.Spa:
-                    client.AllowedGrantTypes.AddRange(GrantTypes.Code);                    
+                    client.AllowedGrantTypes.AddRange(GrantTypes.Code);
                     client.RequirePkce = true;
                     client.RequireClientSecret = false;
                     break;
@@ -317,7 +318,7 @@ public virtual async Task<int> AddClientSecretAsync(ClientSecretsDto clientSecre
             var clientSecretEntity = clientSecret.ToEntity();
             var added = await ClientRepository.AddClientSecretAsync(clientSecret.ClientId, clientSecretEntity);
 
-            await AuditEventLogger.LogEventAsync(new ClientSecretAddedEvent(clientSecret));
+            await AuditEventLogger.LogEventAsync(new ClientSecretAddedEvent(clientSecret.ClientId, clientSecret.Type, clientSecret.Expiration));
 
             return added;
         }
@@ -328,7 +329,7 @@ public virtual async Task<int> DeleteClientSecretAsync(ClientSecretsDto clientSe
 
             var deleted = await ClientRepository.DeleteClientSecretAsync(clientSecretEntity);
 
-            await AuditEventLogger.LogEventAsync(new ClientSecretDeletedEvent(clientSecret));
+            await AuditEventLogger.LogEventAsync(new ClientSecretDeletedEvent(clientSecret.ClientId, clientSecret.ClientSecretId));
 
             return deleted;
         }
@@ -343,7 +344,7 @@ public virtual async Task<ClientSecretsDto> GetClientSecretsAsync(int clientId,
             clientSecretsDto.ClientId = clientId;
             clientSecretsDto.ClientName = ViewHelpers.GetClientName(clientInfo.ClientId, clientInfo.ClientName);
 
-            await AuditEventLogger.LogEventAsync(new ClientSecretsRequestedEvent(clientSecretsDto));
+            await AuditEventLogger.LogEventAsync(new ClientSecretsRequestedEvent(clientSecretsDto.ClientId, clientSecretsDto.ClientSecrets.Select(x => (x.Id, x.Type, x.Expiration)).ToList()));
 
             return clientSecretsDto;
         }
@@ -360,7 +361,7 @@ public virtual async Task<ClientSecretsDto> GetClientSecretAsync(int clientSecre
             clientSecretsDto.ClientId = clientSecret.Client.Id;
             clientSecretsDto.ClientName = ViewHelpers.GetClientName(clientInfo.ClientId, clientInfo.ClientName);
 
-            await AuditEventLogger.LogEventAsync(new ClientSecretRequestedEvent(clientSecretsDto));
+            await AuditEventLogger.LogEventAsync(new ClientSecretRequestedEvent(clientSecretsDto.ClientId, clientSecretsDto.ClientSecretId, clientSecretsDto.Type, clientSecretsDto.Expiration));
 
             return clientSecretsDto;
         }