Skip to content

Commit

Permalink
Update authentication flow for devise contrib
Browse files Browse the repository at this point in the history
  • Loading branch information
@Strech
Strech committed Feb 10, 2025
1 parent 8cb1d5c commit cb0e9ad
Show file tree
Hide file tree
Showing 5 changed files with 267 additions and 188 deletions.
37 changes: 16 additions & 21 deletions lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# frozen_string_literal: true

require_relative '../configuration'
require_relative '../tracking'
require_relative '../resource'
require_relative '../event'
Expand All @@ -14,33 +15,27 @@ module AuthenticatablePatch
# rubocop:disable Metrics/MethodLength
def validate(resource, &block)
result = super
return result unless AppSec.enabled?
return result if @_datadog_skip_track_login_event

track_user_events_configuration = Datadog.configuration.appsec.track_user_events

return result unless track_user_events_configuration.enabled

automated_track_user_events_mode = track_user_events_configuration.mode

appsec_context = Datadog::AppSec.active_context

return result unless appsec_context
return result unless AppSec.enabled?
return result if @_datadog_appsec_skip_track_login_event
return result unless Configuration.auto_user_instrumentation_enabled?
return result unless AppSec.active_context

devise_resource = resource ? Resource.new(resource) : nil

event_information = Event.new(devise_resource, automated_track_user_events_mode)
event_information = Event.new(devise_resource, Configuration.auto_user_instrumentation_mode)

if result
if event_information.user_id
Datadog.logger.debug { 'User Login Event success' }
Datadog.logger.debug { 'AppSec: User successful login event' }
else
Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
Datadog.logger.debug do
"AppSec: User successful login event, but can't extract user ID. Tracking empty event"
end
end

Tracking.track_login_success(
appsec_context.trace,
appsec_context.span,
AppSec.active_context.trace,
AppSec.active_context.span,
user_id: event_information.user_id,
**event_information.to_h
)
Expand All @@ -52,15 +47,15 @@ def validate(resource, &block)

if resource
user_exists = true
Datadog.logger.debug { 'User Login Event failure users exists' }
Datadog.logger.debug { 'AppSec: User failed login event, but user exists' }
else
user_exists = false
Datadog.logger.debug { 'User Login Event failure user do not exists' }
Datadog.logger.debug { 'AppSec: User failed login event and user does not exist' }
end

Tracking.track_login_failure(
appsec_context.trace,
appsec_context.span,
AppSec.active_context.trace,
AppSec.active_context.span,
user_id: event_information.user_id,
user_exists: user_exists,
**event_information.to_h
Expand Down
2 changes: 1 addition & 1 deletion lib/datadog/appsec/contrib/devise/patcher/rememberable_patch.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ module Patcher
# Rememberable strategy as Login Success events.
module RememberablePatch
def validate(*args)
@_datadog_skip_track_login_event = true
@_datadog_appsec_skip_track_login_event = true

super
end
Expand Down
13 changes: 13 additions & 0 deletions sig/datadog/appsec/contrib/devise/configuration.rbs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
module Datadog
module AppSec
module Contrib
module Devise
module Configuration
def self?.auto_user_instrumentation_enabled?: () -> bool

def self?.auto_user_instrumentation_mode: () -> ::String
end
end
end
end
end
Loading

0 comments on commit cb0e9ad

Please sign in to comment.