Skip to content

Prevent an exception from being raised during invalid user registration

Nick Malcolm requested to merge 363002-fix-registration-audit-failure into master

Resolves EE::RegistrationsController throws an error whe... (#363002 - closed)

In Log user instance request and rejection in Audi... (!52543 - merged) an audit event was added as an "after request hook", and expected a persisted user. When a user is invalid there is no persisted record and so it cannot be audited in this way.

The bug fix was to skip the auditing when the user is not persisted.

Before

See screenshot video here: #363002 (closed)

I started by adding a test which failed before the fix was applied:

Failures:

  1) RegistrationsController#create audit events when licensed when user registers for the instance with invalid user does not log registration failure
     Failure/Error: connection.send(...)

     ActiveRecord::RecordInvalid:
       Validation failed: Author can't be blank, Entity can't be blank
     # ./lib/gitlab/database/load_balancing/connection_proxy.rb:119:in `block in write_using_load_balancer'
     # ./lib/gitlab/database/load_balancing/load_balancer.rb:112:in `block in read_write'
     # ./lib/gitlab/database/load_balancing/load_balancer.rb:172:in `retry_with_backoff'
     # ./lib/gitlab/database/load_balancing/load_balancer.rb:110:in `read_write'
     # ./lib/gitlab/database/load_balancing/connection_proxy.rb:118:in `write_using_load_balancer'
     # ./lib/gitlab/database/load_balancing/connection_proxy.rb:70:in `transaction'
     # ./app/services/audit_event_service.rb:144:in `save_or_track'
     # ./app/services/audit_event_service.rb:125:in `log_security_event_to_database'
     # ./app/services/audit_event_service.rb:53:in `security_event'
     # ./ee/app/services/ee/audit_event_service.rb:128:in `security_event'
     # ./ee/app/controllers/ee/registrations_controller.rb:40:in `log_audit_event'
     # ./ee/app/controllers/ee/registrations_controller.rb:18:in `after_request_hook'
     # ./app/controllers/registrations_controller.rb:45:in `block in create'
     # ./app/controllers/registrations_controller.rb:34:in `create'

After

The test passes! And the :new template renders with the error:

Screen_Shot_2022-05-20_at_3.12.24_PM

Edited by Nick Malcolm

Merge request reports