From 7534e4878cd1c22bb3600fa5891928ff363ff384 Mon Sep 17 00:00:00 2001 From: romanetar Date: Tue, 2 Sep 2025 09:53:40 +0200 Subject: [PATCH] feat: add action_by and environment to privilege escalation email Signed-off-by: romanetar --- .../MonitoredSecurityGroupNotificationEmail.php | 17 +++++++++++++++-- app/Services/OpenId/UserService.php | 11 +++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/app/Mail/MonitoredSecurityGroupNotificationEmail.php b/app/Mail/MonitoredSecurityGroupNotificationEmail.php index 8411df6e..99e6f3f8 100644 --- a/app/Mail/MonitoredSecurityGroupNotificationEmail.php +++ b/app/Mail/MonitoredSecurityGroupNotificationEmail.php @@ -34,6 +34,11 @@ final class MonitoredSecurityGroupNotificationEmail extends Mailable */ public $action; + /** + * @var string + */ + public $action_by; + /** * @var int */ @@ -79,6 +84,7 @@ final class MonitoredSecurityGroupNotificationEmail extends Mailable /** * @param string $email * @param string $action + * @param string $action_by * @param int $user_id * @param string $user_email * @param string $user_name @@ -90,6 +96,7 @@ public function __construct ( string $email, string $action, + string $action_by, int $user_id, string $user_email, string $user_name, @@ -100,6 +107,7 @@ public function __construct { $this->email = $email; $this->action = $action; + $this->action_by = $action_by; $this->user_id = $user_id; $this->user_email = $user_email; $this->user_name = $user_name; @@ -111,9 +119,10 @@ public function __construct ( sprintf ( - "MonitoredSecurityGroupNotificationEmail::constructor email %s action %s user_id %s user_email %s user_name %s group_id %s group_name %s group_slug %s", + "MonitoredSecurityGroupNotificationEmail::constructor email %s action %s action_by %s user_id %s user_email %s user_name %s group_id %s group_name %s group_slug %s", $email, $action, + $action_by, $user_id, $user_email, $user_name, @@ -126,15 +135,19 @@ public function __construct public function build() { + $action_by_phrase = $this->action_by ? " by $this->action_by" : ""; + $this->subject = sprintf ( - "[%s] Monitored Security Groups - User %s (%s) has been %s - Group %s (%s)" + "[%s] Monitored Security Groups - User %s (%s) has been %s%s - Group %s (%s) - Environment: %s" ,Config::get('app.app_name') ,$this->user_name ,$this->user_email ,$this->action + ,$action_by_phrase ,$this->group_name ,$this->group_id + ,Config::get('app.env') ); Log::debug(sprintf("MonitoredSecurityGroupNotificationEmail::build to %s", $this->email)); return $this->from(Config::get("mail.from")) diff --git a/app/Services/OpenId/UserService.php b/app/Services/OpenId/UserService.php index 90f39aeb..50f3c548 100644 --- a/app/Services/OpenId/UserService.php +++ b/app/Services/OpenId/UserService.php @@ -37,7 +37,6 @@ use Illuminate\Support\Facades\Storage; use models\exceptions\EntityNotFoundException; use models\exceptions\ValidationException; -use Models\OAuth2\Client; use models\utils\IEntity; use OAuth2\IResourceServerContext; use OAuth2\Models\IClient; @@ -483,6 +482,14 @@ public function notifyMonitoredSecurityGroupActivity(string $action, int $user_i return; } + $action_by = ''; + $current_user = !empty($this->server_ctx->getCurrentUserId()) ? + $this->repository->getById($this->server_ctx->getCurrentUserId()) : null; + + if (!is_null($current_user)) { + $action_by = sprintf("%s %s", $current_user->getFirstName(), $current_user->getLastName()); + } + $notified_users = []; foreach ($watcher_groups as $watcher_group_slug) { Log::debug(sprintf("UserService::notifyMonitoredSecurityGroupActivity processing %s", $watcher_group_slug)); @@ -504,6 +511,7 @@ public function notifyMonitoredSecurityGroupActivity(string $action, int $user_i ( $user->getEmail(), $action, + $action_by, $user_id, $user_email, $user_name, @@ -514,6 +522,5 @@ public function notifyMonitoredSecurityGroupActivity(string $action, int $user_i ); } } - } } \ No newline at end of file