add and use new event types (#5482)

* add additional event_types

* use correct event_type when leaving an org

* use correct event type when deleting a user

* also correctly log auth requests

* add correct membership info to event log

src/api/admin.rs

@@ -403,7 +403,7 @@ async fn delete_user(user_id: UserId, token: AdminToken, mut conn: DbConn) -> Em
 
     for membership in memberships {
         log_event(
-            EventType::OrganizationUserRemoved as i32,
+            EventType::OrganizationUserDeleted as i32,
             &membership.uuid,
             &membership.org_uuid,
             &ACTING_ADMIN_USER.into(),

src/api/core/accounts.rs

@@ -1206,6 +1206,15 @@ async fn post_auth_request(
 
     nt.send_auth_request(&user.uuid, &auth_request.uuid, &data.device_identifier, &mut conn).await;
 
+    log_user_event(
+        EventType::UserRequestedDeviceApproval as i32,
+        &user.uuid,
+        client_headers.device_type,
+        &client_headers.ip.ip,
+        &mut conn,
+    )
+    .await;
+
     Ok(Json(json!({
         "id": auth_request.uuid,
         "publicKey": auth_request.public_key,
@@ -1287,9 +1296,26 @@ async fn put_auth_request(
 
         ant.send_auth_response(&auth_request.user_uuid, &auth_request.uuid).await;
         nt.send_auth_response(&auth_request.user_uuid, &auth_request.uuid, &data.device_identifier, &mut conn).await;
+
+        log_user_event(
+            EventType::OrganizationUserApprovedAuthRequest as i32,
+            &headers.user.uuid,
+            headers.device.atype,
+            &headers.ip.ip,
+            &mut conn,
+        )
+        .await;
     } else {
         // If denied, there's no reason to keep the request
         auth_request.delete(&mut conn).await?;
+        log_user_event(
+            EventType::OrganizationUserRejectedAuthRequest as i32,
+            &headers.user.uuid,
+            headers.device.atype,
+            &headers.ip.ip,
+            &mut conn,
+        )
+        .await;
     }
 
     Ok(Json(json!({

src/api/core/events.rs

@@ -245,8 +245,8 @@ async fn _log_user_event(
     ip: &IpAddr,
     conn: &mut DbConn,
 ) {
-    let orgs = Membership::get_orgs_by_user(user_id, conn).await;
+    let memberships = Membership::find_by_user(user_id, conn).await;
-    let mut events: Vec<Event> = Vec::with_capacity(orgs.len() + 1); // We need an event per org and one without an org
+    let mut events: Vec<Event> = Vec::with_capacity(memberships.len() + 1); // We need an event per org and one without an org
 
     // Upstream saves the event also without any org_id.
     let mut event = Event::new(event_type, event_date);
@@ -257,10 +257,11 @@ async fn _log_user_event(
     events.push(event);
 
     // For each org a user is a member of store these events per org
-    for org_id in orgs {
+    for membership in memberships {
         let mut event = Event::new(event_type, event_date);
         event.user_uuid = Some(user_id.clone());
-        event.org_uuid = Some(org_id);
+        event.org_uuid = Some(membership.org_uuid);
+        event.org_user_uuid = Some(membership.uuid);
         event.act_user_uuid = Some(user_id.clone());
         event.device_type = Some(device_type);
         event.ip_address = Some(ip.to_string());

src/api/core/organizations.rs

@@ -251,7 +251,7 @@ async fn leave_organization(org_id: OrganizationId, headers: Headers, mut conn:
             }
 
             log_event(
-                EventType::OrganizationUserRemoved as i32,
+                EventType::OrganizationUserLeft as i32,
                 &member.uuid,
                 &org_id,
                 &headers.user.uuid,

src/db/models/event.rs

@@ -49,6 +49,8 @@ pub enum EventType {
     UserClientExportedVault = 1007,
     // UserUpdatedTempPassword = 1008, // Not supported
     // UserMigratedKeyToKeyConnector = 1009, // Not supported
+    UserRequestedDeviceApproval = 1010,
+    // UserTdeOffboardingPasswordSet = 1011, // Not supported
 
     // Cipher
     CipherCreated = 1100,
@@ -69,6 +71,7 @@ pub enum EventType {
     CipherSoftDeleted = 1115,
     CipherRestored = 1116,
     CipherClientToggledCardNumberVisible = 1117,
+    CipherClientToggledTOTPSeedVisible = 1118,
 
     // Collection
     CollectionCreated = 1300,
@@ -94,6 +97,10 @@ pub enum EventType {
     // OrganizationUserFirstSsoLogin = 1510, // Not supported
     OrganizationUserRevoked = 1511,
     OrganizationUserRestored = 1512,
+    OrganizationUserApprovedAuthRequest = 1513,
+    OrganizationUserRejectedAuthRequest = 1514,
+    OrganizationUserDeleted = 1515,
+    OrganizationUserLeft = 1516,
 
     // Organization
     OrganizationUpdated = 1600,
@@ -105,6 +112,7 @@ pub enum EventType {
     // OrganizationEnabledKeyConnector = 1606, // Not supported
     // OrganizationDisabledKeyConnector = 1607, // Not supported
     // OrganizationSponsorshipsSynced = 1608, // Not supported
+    // OrganizationCollectionManagementUpdated = 1609, // Not supported
 
     // Policy
     PolicyUpdated = 1700,
@@ -117,6 +125,13 @@ pub enum EventType {
     // ProviderOrganizationAdded = 1901, // Not supported
     // ProviderOrganizationRemoved = 1902, // Not supported
     // ProviderOrganizationVaultAccessed = 1903, // Not supported
+
+    // OrganizationDomainAdded = 2000, // Not supported
+    // OrganizationDomainRemoved = 2001, // Not supported
+    // OrganizationDomainVerified = 2002, // Not supported
+    // OrganizationDomainNotVerified = 2003, // Not supported
+
+    // SecretRetrieved = 2100, // Not supported
 }
 
 /// Local methods