Merge pull request #24919 from overleaf/jel-create-group-audit-log

[web] Add group audit log

GitOrigin-RevId: b59c38c57f555f18cdfa5dd697ad38d78b590996

services/web/app/src/infrastructure/mongodb.js

@@ -49,6 +49,7 @@ const db = {
   githubSyncUserCredentials: internalDb.collection('githubSyncUserCredentials'),
   globalMetrics: internalDb.collection('globalMetrics'),
   grouppolicies: internalDb.collection('grouppolicies'),
+  groupAuditLogEntries: internalDb.collection('groupAuditLogEntries'),
   institutions: internalDb.collection('institutions'),
   messages: internalDb.collection('messages'),
   migrations: internalDb.collection('migrations'),

services/web/app/src/models/GroupAuditLogEntry.js

@@ -0,0 +1,23 @@
+const mongoose = require('../infrastructure/Mongoose')
+const { Schema } = mongoose
+
+const GroupAuditLogEntrySchema = new Schema(
+  {
+    groupId: { type: Schema.Types.ObjectId, index: true },
+    info: { type: Object },
+    initiatorId: { type: Schema.Types.ObjectId },
+    ipAddress: { type: String },
+    operation: { type: String },
+    timestamp: { type: Date, default: Date.now },
+  },
+  {
+    collection: 'groupAuditLogEntries',
+    minimize: false,
+  }
+)
+
+exports.GroupAuditLogEntry = mongoose.model(
+  'GroupAuditLogEntry',
+  GroupAuditLogEntrySchema
+)
+exports.GroupAuditLogEntrySchema = GroupAuditLogEntrySchema

services/web/frontend/js/utils/meta.ts

@@ -103,6 +103,7 @@ export interface Meta {
   'ol-gitBridgeEnabled': boolean
   'ol-gitBridgePublicBaseUrl': string
   'ol-github': { enabled: boolean; error: boolean }
+  'ol-groupAuditLogs': []
   'ol-groupId': string
   'ol-groupName': string
   'ol-groupPlans': GroupPlans

services/web/migrations/20250409155536_group_audit_log_index.mjs

@@ -0,0 +1,35 @@
+/* eslint-disable no-unused-vars */
+
+import Helpers from './lib/helpers.mjs'
+
+const tags = ['saas']
+
+const indexes = [
+  {
+    key: {
+      groupId: 1,
+      timestamp: 1,
+    },
+    name: 'groupId_1_timestamp_1',
+  },
+]
+
+const migrate = async client => {
+  const { db } = client
+  await Helpers.addIndexesToCollection(db.groupAuditLogEntries, indexes)
+}
+
+const rollback = async client => {
+  const { db } = client
+  try {
+    await Helpers.dropIndexesFromCollection(db.groupAuditLogEntries, indexes)
+  } catch (err) {
+    console.error('Something went wrong rolling back the migrations', err)
+  }
+}
+
+export default {
+  tags,
+  migrate,
+  rollback,
+}

services/web/test/acceptance/src/helpers/groupSSO.mjs

@@ -34,7 +34,7 @@ export const baseSsoConfig = {
   userIdAttribute,
 } // the database also sets enabled and validated, but we cannot set that in the POST request for /manage/groups/:ID/settings/sso
 
-export async function createGroupSSO() {
+export async function createGroupSSO(SSOConfigValidated = true) {
   const nonSSOMemberHelper = await UserHelper.createUser()
   const nonSSOMember = nonSSOMemberHelper.user
 
@@ -47,7 +47,7 @@ export async function createGroupSSO() {
   const ssoConfig = new SSOConfig({
     ...baseSsoConfig,
     enabled: true,
-    validated: true,
+    validated: SSOConfigValidated,
   })
 
   await ssoConfig.save()
@@ -68,12 +68,14 @@ export async function createGroupSSO() {
   const enrollmentUrl = getEnrollmentUrl(subscriptionId)
   const internalProviderId = getProviderId(subscriptionId)
 
-  await linkGroupMember(
-    memberUser.email,
-    memberUser.password,
-    subscriptionId,
-    'mock@email.com'
-  )
+  if (SSOConfigValidated) {
+    await linkGroupMember(
+      memberUser.email,
+      memberUser.password,
+      subscriptionId,
+      'mock@email.com'
+    )
+  }
 
   const userHelper = new UserHelper()