Update devise registration with new settings

Strech · Strech · commit 8cb1d5cee0a0 · 2025-02-10T14:25:19.000+01:00
diff --git a/lib/datadog/appsec/contrib/devise/event.rb b/lib/datadog/appsec/contrib/devise/event.rb
@@ -8,9 +8,6 @@ module Devise
         class Event
           UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
 
-          SAFE_MODE = 'safe'
-          EXTENDED_MODE = 'extended'
-
           attr_reader :user_id
 
           def initialize(resource, mode)
@@ -38,15 +35,15 @@ def extract
             @user_id = @resource.id
 
             case @mode
-            when EXTENDED_MODE
+            when AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
               @email = @resource.email
               @username = @resource.username
-            when SAFE_MODE
+            when AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
               @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
             else
               Datadog.logger.warn(
-                "Invalid automated user evenst mode: `#{@mode}`. "\
-                              'Supported modes are: `safe` and `extended`.'
+                "Invalid auto_user_instrumentation.mode: `#{@mode}`. " \
+                "Supported modes are: #{AppSec::Configuration::Settings::AUTO_USER_INSTRUMENTATION_MODES.join(' | ')}."
               )
             end
           end
diff --git a/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb b/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb
@@ -14,31 +14,23 @@ module Patcher
           module RegistrationControllerPatch
             def create
               return super unless AppSec.enabled?
-
-              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
-
               return super unless Configuration.auto_user_instrumentation_enabled?
-
-              automated_track_user_events_mode = track_user_events_configuration.mode
-
-              appsec_context = Datadog::AppSec.active_context
-              return super unless appsec_context
+              return super unless AppSec.active_context
 
               super do |resource|
                 if resource.persisted?
                   devise_resource = Resource.new(resource)
-
-                  event_information = Event.new(devise_resource, automated_track_user_events_mode)
+                  event_information = Event.new(devise_resource, Configuration.auto_user_instrumentation_mode)
 
                   if event_information.user_id
-                    Datadog.logger.debug { 'User Signup Event' }
+                    Datadog.logger.debug { 'AppSec: User signup event' }
                   else
-                    Datadog.logger.warn { 'User Signup Event, but can\'t extract user ID. Tracking empty event' }
+                    Datadog.logger.warn { "AppSec: User signup event, but can't extract user ID. Tracking empty event" }
                   end
 
                   Tracking.track_signup(
-                    appsec_context.trace,
-                    appsec_context.span,
+                    AppSec.active_context.trace,
+                    AppSec.active_context.span,
                     user_id: event_information.user_id,
                     **event_information.to_h
                   )
diff --git a/spec/datadog/appsec/contrib/devise/event_spec.rb b/spec/datadog/appsec/contrib/devise/event_spec.rb
@@ -1,92 +1,69 @@
+# frozen_string_literal: true
+
 require 'datadog/appsec/spec_helper'
+require 'datadog/appsec/contrib/support/devise_user_mock'
+
 require 'datadog/appsec/contrib/devise/resource'
 require 'datadog/appsec/contrib/devise/event'
 
 RSpec.describe Datadog::AppSec::Contrib::Devise::Event do
   let(:event) { described_class.new(resource, mode) }
   let(:resource) { Datadog::AppSec::Contrib::Devise::Resource.new(object) }
 
-  let(:object_class) do
-    Class.new do
-      attr_reader :id, :uuid, :email, :username
+  describe '#to_h' do
+    context 'when resource is nil' do
+      let(:event) { described_class.new(nil, 'identification') }
 
-      def initialize(id: nil, uuid: nil, email: nil, username: nil)
-        @id = id
-        @uuid = uuid
-        @email = email
-        @username = username
-      end
+      it { expect(event.to_h).to eq({}) }
     end
-  end
-
-  context 'without resource' do
-    let(:resource) { nil }
-    let(:mode) { 'safe' }
-
-    it do
-      expect(event.to_h).to eq({})
-    end
-  end
-
-  context 'safe mode' do
-    let(:mode) { 'safe' }
 
-    context 'with ID but not UUID' do
-      let(:object) { object_class.new(id: 1234) }
+    context 'when mode is invalid' do
+      let(:event) { described_class.new(resource, 'invalid') }
+      let(:resource) { Datadog::AppSec::Contrib::Support::DeviseUserMock.new(id: 1234) }
 
-      it do
-        expect(event.user_id).to be_nil
+      it 'writes warning log message' do
+        expect(Datadog.logger).to receive(:warn)
+        expect(event.to_h).to eq({})
       end
     end
 
-    context 'with ID as UUID' do
-      let(:uuid) { '123e4567-e89b-12d3-a456-426655440000' }
-      let(:object) { object_class.new(uuid: uuid) }
-
-      it do
-        expect(event.user_id).to eq(uuid)
+    context 'when mode is identification and different resource attributes present' do
+      let(:event) { described_class.new(resource, 'identification') }
+      let(:resource) do
+        Datadog::AppSec::Contrib::Support::DeviseUserMock.new(id: 1234, email: 'foo@test.com', username: 'John')
       end
+
+      it { expect(event.to_h).to eq({ email: 'foo@test.com', username: 'John' }) }
     end
   end
 
-  context 'extended mode' do
-    let(:mode) { 'extended' }
+  describe '#user_id' do
+    context 'when mode is anonymization and ID is not UUID-like' do
+      let(:event) { described_class.new(resource, 'anonymization') }
+      let(:resource) { Datadog::AppSec::Contrib::Support::DeviseUserMock.new(id: 1234) }
 
-    context 'ID' do
-      context 'with ID but not UUID' do
-        let(:object) { object_class.new(id: 1234) }
-
-        it do
-          expect(event.user_id).to eq(1234)
-        end
-      end
+      it { expect(event.user_id).to be_nil }
+    end
 
-      context 'with ID as UUID' do
-        let(:uuid) { '123e4567-e89b-12d3-a456-426655440000' }
-        let(:object) { object_class.new(uuid: uuid) }
+    context 'when mode is anonymization and ID is UUID-like' do
+      let(:event) { described_class.new(resource, 'anonymization') }
+      let(:resource) { Datadog::AppSec::Contrib::Support::DeviseUserMock.new(id: '00000000-0000-0000-0000-000000000000') }
 
-        it do
-          expect(event.user_id).to eq(uuid)
-        end
-      end
+      it { expect(event.user_id).to eq('00000000-0000-0000-0000-000000000000') }
     end
 
-    context 'Email and username' do
-      let(:object) { object_class.new(id: 1234, email: 'foo@test.com', username: 'John') }
+    context 'when mode is identification and ID is not UUID-like' do
+      let(:event) { described_class.new(resource, 'identification') }
+      let(:resource) { Datadog::AppSec::Contrib::Support::DeviseUserMock.new(id: 1234) }
 
-      it do
-        expect(event.to_h).to eq({ email: 'foo@test.com', username: 'John' })
-      end
+      it { expect(event.user_id).to eq(1234) }
     end
-  end
 
-  context 'invalid mode' do
-    let(:object) { object_class.new(id: 1234) }
-    let(:mode) { 'invalid' }
+    context 'when mode is identification and ID is UUID-like' do
+      let(:event) { described_class.new(resource, 'identification') }
+      let(:resource) { Datadog::AppSec::Contrib::Support::DeviseUserMock.new(id: '00000000-0000-0000-0000-000000000000') }
 
-    it do
-      expect(Datadog.logger).to receive(:warn)
-      expect(event.to_h).to eq({})
+      it { expect(event.user_id).to eq('00000000-0000-0000-0000-000000000000') }
     end
   end
 end
diff --git a/spec/datadog/appsec/contrib/support/devise_user_mock.rb b/spec/datadog/appsec/contrib/support/devise_user_mock.rb
@@ -5,7 +5,7 @@ module AppSec
     module Contrib
       module Support
         # A basic User model mock sufficient for devise testing
-        DeviseUserMock = Struct.new(:id, :email, :username, :persisted, keyword_init: true) do
+        DeviseUserMock = Struct.new(:id, :uuid, :email, :username, :persisted, keyword_init: true) do
           alias_method :persisted?, :persisted
         end
       end
