Refactor #21920

Refactor password auditing
Description
Starting with Rails 5.1:
- message: password_changed is not an attribute known to Active Record. This behavior is deprecated and will be removed in the next version of Rails. If you'd like password_changed to be managed by Active Record, add `attribute :password_changed to your class. callstack: app/models/image.rb:31:in `set_password_changed' - message: password_changed is not an attribute known to Active Record. This behavior is deprecated and will be removed in the next version of Rails. If you'd like password_changed to be managed by Active Record, add `attribute :password_changed to your class. callstack: app/models/user.rb:527:in `set_password_changed'
Related issues
Associated revisions
History
#1
Updated by Anonymous about 3 years ago
- Related to Bug #16850: Password change activity does not show in Audit log added
#2
Updated by Anonymous about 3 years ago
- Related to Tracker #21834: Rails 5.2 upgrade tasks added
#3
Updated by Anonymous about 3 years ago
- Related to Tracker #20948: Rails 5.1 upgrade tasks added
#4
Updated by Anonymous about 3 years ago
- Related to Bug #19169: CVE-2017-2672 - audit trail leaks sensitive data for Image events added
#5
Updated by Anonymous about 3 years ago
- Related to deleted (Tracker #21834: Rails 5.2 upgrade tasks)
#6
Updated by Anonymous about 3 years ago
- Blocks Tracker #21834: Rails 5.2 upgrade tasks added
#7
Updated by Anonymous about 3 years ago
this indeed leads to test errrors with Rails 5.1
#8
Updated by Tomer Brisker about 3 years ago
- Related to Refactor #20116: Redact sensitive information from audit logs added
#9
Updated by The Foreman Bot about 3 years ago
- Assignee set to Tomer Brisker
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5162 added
#10
Updated by Marek Hulán about 3 years ago
- Legacy Backlogs Release (now unused) set to 330
#11
Updated by Anonymous about 3 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 59f0a945defa3f70454b08a1914fc4842ab69c7e.
#12
Updated by Marek Hulán about 3 years ago
- Related to Bug #22280: User Audits: False entry of "password changed" every time a user is updated added
Fixes #22208, #21920 - Refactor password auditing (#5162)
Recent changes in Rails 5.1 and audited gem cause our method of auditing
passwords to break. This PR refactors password auditing, so that instead
of recording a change to attribute `password_changed`, we will now
record the string `[redacted]` instead of any actual password.
The change is done currently in our audit extensions, which mean that it
will now apply to all resources that have a `password` attribute instead
of just those that have defined the workaround.
The next step will be to move this to the audited gem in a more
generalized method that can be defined in the model when initializing
audited, so that the workaround can be removed.