server: populate audit UserID on credential mutations + slog prune push errors
Switch handleSetHostCredentials, handleSetAdminCredentials, and handleDeleteAdminCredentials from authedUser (bool) to requireUser (*store.User) so AuditEntry.UserID and Actor are populated correctly. Add slog.Warn on the non-ErrNotFound pushAdminCredsToAgent path in handleRunRepoPrune so decrypt/send failures surface in the server log rather than appearing as a generic host_offline 503.
This commit is contained in:
@@ -47,6 +47,32 @@ func loginAsAdmin(t *testing.T, st *store.Store) *stdhttp.Cookie {
|
||||
return &stdhttp.Cookie{Name: sessionCookieName, Value: tok}
|
||||
}
|
||||
|
||||
// loginAsAdminWithID is like loginAsAdmin but also returns the user ID.
|
||||
// Use this when tests need to assert that the user ID was recorded
|
||||
// (e.g. on audit entries).
|
||||
func loginAsAdminWithID(t *testing.T, st *store.Store) (*stdhttp.Cookie, string) {
|
||||
t.Helper()
|
||||
ctx := context.Background()
|
||||
uid := ulid.Make().String()
|
||||
hash, _ := auth.HashPassword("very-long-test-password")
|
||||
if err := st.CreateUser(ctx, store.User{
|
||||
ID: uid, Username: "tester-" + uid[:6],
|
||||
PasswordHash: hash, Role: store.RoleAdmin,
|
||||
CreatedAt: time.Now().UTC(),
|
||||
}); err != nil {
|
||||
t.Fatalf("create user: %v", err)
|
||||
}
|
||||
tok, _ := auth.NewToken()
|
||||
if err := st.CreateSession(ctx, store.Session{
|
||||
UserID: uid,
|
||||
CreatedAt: time.Now().UTC(),
|
||||
ExpiresAt: time.Now().Add(time.Hour).UTC(),
|
||||
}, auth.HashToken(tok)); err != nil {
|
||||
t.Fatalf("create session: %v", err)
|
||||
}
|
||||
return &stdhttp.Cookie{Name: sessionCookieName, Value: tok}, uid
|
||||
}
|
||||
|
||||
// makeHost inserts a minimal Host row directly via the store. Used by
|
||||
// HTTP-level tests that don't want to go through the full enrollment
|
||||
// path. Returns the host id.
|
||||
|
||||
Reference in New Issue
Block a user