audit_log: Log RealmAuditLog in do_set_realm_authentication_methods.

Log RealmAuditLog in do_set_realm_authentication_methods and added tests for it.
2025-11-02 21:13:36 +00:00 · 2020-07-02 17:33:43 +05:30
parent ba92666dbd
commit a2428017e9
4 changed files with 30 additions and 4 deletions
--- a/docs/tutorials/new-feature-tutorial.md
+++ b/docs/tutorials/new-feature-tutorial.md
@@ -454,7 +454,7 @@ with the new value. E.g., for `authentication_methods`, we created
    # ...
    # ...
    if authentication_methods is not None and realm.authentication_methods_dict() != authentication_methods:
-            do_set_realm_authentication_methods(realm, authentication_methods)
+            do_set_realm_authentication_methods(realm, authentication_methods, acting_user=user_profile)
            data['authentication_methods'] = authentication_methods
    # ...

--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -715,16 +715,25 @@ def do_set_realm_property(realm: Realm, name: str, value: Any,
            flush_user_profile(sender=UserProfile, instance=user_profile)

 def do_set_realm_authentication_methods(realm: Realm,
-                                        authentication_methods: Dict[str, bool]) -> None:
+                                        authentication_methods: Dict[str, bool],
+                                        acting_user: Optional[UserProfile]=None) -> None:
+    old_value = realm.authentication_methods_dict()
    for key, value in list(authentication_methods.items()):
        index = getattr(realm.authentication_methods, key).number
        realm.authentication_methods.set_bit(index, int(value))
    realm.save(update_fields=['authentication_methods'])
+    updated_value = realm.authentication_methods_dict()
+    RealmAuditLog.objects.create(
+        realm=realm, event_type=RealmAuditLog.REALM_PROPERTY_CHANGED, event_time=timezone_now(),
+        acting_user=acting_user, extra_data=ujson.dumps({
+            RealmAuditLog.OLD_VALUE: {'property': 'authentication_methods', 'value': old_value},
+            RealmAuditLog.NEW_VALUE: {'property': 'authentication_methods', 'value': updated_value}
+        }))
    event = dict(
        type="realm",
        op="update_dict",
        property='default',
-        data=dict(authentication_methods=realm.authentication_methods_dict()),
+        data=dict(authentication_methods=updated_value),
    )
    send_event(realm, event, active_user_ids(realm.id))

--- a/zerver/tests/test_audit_log.py
+++ b/zerver/tests/test_audit_log.py
@@ -23,6 +23,7 @@ from zerver.lib.actions import (
    do_reactivate_realm,
    do_reactivate_user,
    do_regenerate_api_key,
+    do_set_realm_authentication_methods,
    get_streams_traffic,
 )
 from zerver.lib.streams import create_stream_if_needed
@@ -235,3 +236,19 @@ class TestRealmAuditLog(ZulipTestCase):
                                                      event_time__gte=now, acting_user=user,
                                                      modified_stream=stream).count(), 1)
        self.assertEqual(stream.deactivated, True)
+
+    def test_set_realm_authentication_methods(self) -> None:
+        now = timezone_now()
+        realm = get_realm('zulip')
+        user = self.example_user('hamlet')
+        expected_old_value = {'property': 'authentication_methods', 'value': realm.authentication_methods_dict()}
+        auth_method_dict = {'Google': False, 'Email': False, 'GitHub': False, 'Apple': False, 'Dev': True, 'SAML': True, 'GitLab': False}
+
+        do_set_realm_authentication_methods(realm, auth_method_dict, acting_user=user)
+        realm_audit_logs = RealmAuditLog.objects.filter(realm=realm, event_type=RealmAuditLog.REALM_PROPERTY_CHANGED,
+                                                        event_time__gte=now, acting_user=user)
+        self.assertEqual(realm_audit_logs.count(), 1)
+        extra_data = ujson.loads(realm_audit_logs[0].extra_data)
+        expected_new_value = {'property': 'authentication_methods', 'value': auth_method_dict}
+        self.assertEqual(extra_data[RealmAuditLog.OLD_VALUE], expected_old_value)
+        self.assertEqual(extra_data[RealmAuditLog.NEW_VALUE], expected_new_value)
--- a/zerver/views/realm.py
+++ b/zerver/views/realm.py
@@ -137,7 +137,7 @@ def update_realm(
    # framework because of its bitfield.
    if authentication_methods is not None and (realm.authentication_methods_dict() !=
                                               authentication_methods):
-        do_set_realm_authentication_methods(realm, authentication_methods)
+        do_set_realm_authentication_methods(realm, authentication_methods, acting_user=user_profile)
        data['authentication_methods'] = authentication_methods
    # The message_editing settings are coupled to each other, and thus don't fit
    # into the do_set_realm_property framework.