From 22bb75a5e4570e2b133557988de12a04cc434deb Mon Sep 17 00:00:00 2001
From: jkoberg <jkoberg@owncloud.com>
Date: Sat, 12 Mar 2022 14:32:23 +0100
Subject: [PATCH] link access events

Signed-off-by: jkoberg <jkoberg@owncloud.com>
---
 audit/pkg/service/service_test.go | 47 +++++++++++++++++++++++++++++++
 audit/pkg/types/constants.go      |  2 +-
 audit/pkg/types/conversion.go     | 21 ++++++++++++--
 3 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/audit/pkg/service/service_test.go b/audit/pkg/service/service_test.go
index bb60d064a..a03a0c7c5 100644
--- a/audit/pkg/service/service_test.go
+++ b/audit/pkg/service/service_test.go
@@ -247,6 +247,53 @@ var testCases = []struct {
 			require.Equal(t, "user", ev.ShareType)
 			require.Equal(t, "beshared-userid", ev.ShareWith)
 		},
+	}, {
+		Alias: "Link accessed - success",
+		SystemEvent: events.LinkAccessed{
+			ShareID:           linkID("shareid"),
+			Sharer:            userID("sharing-userid"),
+			ItemID:            resourceID("storage-1", "itemid-1"),
+			Permissions:       linkPermissions("stat"),
+			DisplayName:       "link",
+			Expiration:        timestamp(10e8 + 10e5),
+			PasswordProtected: true,
+			CTime:             timestamp(10e8),
+			Token:             "token-123",
+		},
+		CheckAuditEvent: func(t *testing.T, b []byte) {
+			ev := types.AuditEventLinkAccessed{}
+			require.NoError(t, json.Unmarshal(b, &ev))
+
+			// AuditEvent fields
+			checkBaseAuditEvent(t, ev.AuditEvent, "sharing-userid", "2001-09-09T03:46:40+02:00", "link 'shareid' was accessed. Success: true", "public_link_accessed")
+			// AuditEventSharing fields
+			checkSharingAuditEvent(t, ev.AuditEventSharing, "itemid-1", "sharing-userid", "shareid")
+			// AuditEventShareUpdated fields
+			require.Equal(t, "", ev.ItemType) // not implemented atm
+			require.Equal(t, "token-123", ev.ShareToken)
+			require.Equal(t, true, ev.Success)
+		},
+	}, {
+		Alias: "Link accessed - failure",
+		SystemEvent: events.LinkAccessFailed{
+			ShareID: linkID("shareid"),
+			Token:   "token-123",
+			Status:  8,
+			Message: "access denied",
+		},
+		CheckAuditEvent: func(t *testing.T, b []byte) {
+			ev := types.AuditEventLinkAccessed{}
+			require.NoError(t, json.Unmarshal(b, &ev))
+
+			// AuditEvent fields
+			checkBaseAuditEvent(t, ev.AuditEvent, "", "", "link 'shareid' was accessed. Success: false", "public_link_accessed")
+			// AuditEventSharing fields
+			checkSharingAuditEvent(t, ev.AuditEventSharing, "", "", "shareid")
+			// AuditEventShareUpdated fields
+			require.Equal(t, "", ev.ItemType) // not implemented atm
+			require.Equal(t, "token-123", ev.ShareToken)
+			require.Equal(t, false, ev.Success)
+		},
 	},
 }
 
diff --git a/audit/pkg/types/constants.go b/audit/pkg/types/constants.go
index a8372249e..663996241 100644
--- a/audit/pkg/types/constants.go
+++ b/audit/pkg/types/constants.go
@@ -57,5 +57,5 @@ func MessageShareDeclined(userid, shareid, sharerid string) string {
 
 // MessageLinkAccessed returns the human readable string that describes the action
 func MessageLinkAccessed(linkid string, success bool) string {
-	return fmt.Sprintf("link '%s' was accessed. Success: %b", linkid, success)
+	return fmt.Sprintf("link '%s' was accessed. Success: %v", linkid, success)
 }
diff --git a/audit/pkg/types/conversion.go b/audit/pkg/types/conversion.go
index a0c55384e..47960787b 100644
--- a/audit/pkg/types/conversion.go
+++ b/audit/pkg/types/conversion.go
@@ -195,12 +195,29 @@ func ReceivedShareUpdated(ev events.ReceivedShareUpdated) AuditEventReceivedShar
 
 // LinkAccessed converts a LinkAccessed event to an AuditEventLinkAccessed
 func LinkAccessed(ev events.LinkAccessed) AuditEventLinkAccessed {
-	return AuditEventLinkAccessed{}
+	uid := ev.Sharer.OpaqueId
+	base := BasicAuditEvent(uid, formatTime(ev.CTime), MessageLinkAccessed(ev.ShareID.GetOpaqueId(), true), ActionLinkAccessed)
+	return AuditEventLinkAccessed{
+		AuditEventSharing: SharingAuditEvent(ev.ShareID.GetOpaqueId(), ev.ItemID.OpaqueId, uid, base),
+		ShareToken:        ev.Token,
+		Success:           true,
+
+		// NOTE: those values are not in the event and can therefore not be filled at the moment
+		ItemType: "",
+	}
 }
 
 // LinkAccessFailed converts a LinkAccessFailed event to an AuditEventLinkAccessed
 func LinkAccessFailed(ev events.LinkAccessFailed) AuditEventLinkAccessed {
-	return AuditEventLinkAccessed{}
+	base := BasicAuditEvent("", "", MessageLinkAccessed(ev.ShareID.GetOpaqueId(), false), ActionLinkAccessed)
+	return AuditEventLinkAccessed{
+		AuditEventSharing: SharingAuditEvent(ev.ShareID.GetOpaqueId(), "", "", base),
+		ShareToken:        ev.Token,
+		Success:           false,
+
+		// NOTE: those values are not in the event and can therefore not be filled at the moment
+		ItemType: "",
+	}
 }
 
 func extractGrantee(uid *user.UserId, gid *group.GroupId) (string, string) {