From f3135b042e4a35d6334e8176efb62a3314d73996 Mon Sep 17 00:00:00 2001
From: Nicolae Claudius <claudius.nicolae@gmail.com>
Date: Fri, 17 Jan 2014 17:01:04 +0200
Subject: [PATCH] audit via paper_trail

---
 Gemfile                                      |  1 +
 Gemfile.lock                                 |  4 ++++
 app/controllers/application_controller.rb    |  4 ++++
 app/models/a.rb                              |  2 ++
 app/models/aaaa.rb                           |  2 ++
 app/models/authentication.rb                 |  2 ++
 app/models/cname.rb                          |  2 ++
 app/models/domain.rb                         |  1 +
 app/models/mx.rb                             |  2 ++
 app/models/ns.rb                             |  2 ++
 app/models/permission.rb                     |  1 +
 app/models/soa.rb                            |  2 ++
 app/models/srv.rb                            |  2 ++
 app/models/txt.rb                            |  2 ++
 app/models/user.rb                           |  7 +++++++
 config/initializers/rails_admin.rb           |  2 +-
 db/migrate/20140117135341_create_versions.rb | 18 ++++++++++++++++++
 db/schema.rb                                 | 13 ++++++++++++-
 spec/models/domain_spec.rb                   |  6 ++++++
 spec/models/record_spec.rb                   |  8 ++++++++
 spec/models/user_spec.rb                     |  7 +++++++
 21 files changed, 88 insertions(+), 2 deletions(-)
 create mode 100644 db/migrate/20140117135341_create_versions.rb

diff --git a/Gemfile b/Gemfile
index 5918151..1b8e321 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,6 +21,7 @@ gem 'concerned_with', '~> 0.1.0'
 gem 'faker','~> 1.2.0'
 gem 'factory_girl_rails', '~> 4.3.0'
 gem 'validates_hostname', '~> 1.0.0', github: 'KimNorgaard/validates_hostname'
+gem 'paper_trail', '~> 3.0.0'
 
 # Interface
 gem 'mail_form', '~> 1.5.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7f0122e..644eba1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -187,6 +187,9 @@ GEM
       oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
     orm_adapter (0.5.0)
+    paper_trail (3.0.0)
+      activerecord (>= 3.0, < 5.0)
+      activesupport (>= 3.0, < 5.0)
     polyamorous (0.6.4)
       activerecord (>= 3.0)
     polyglot (0.3.3)
@@ -336,6 +339,7 @@ DEPENDENCIES
   oily_png (~> 1.1.0)
   omniauth (~> 1.1.4)
   omniauth-google-oauth2 (~> 0.2.2)
+  paper_trail (~> 3.0.0)
   quiet_assets (~> 1.0.1)
   rails (= 4.0.2)
   rails-settings-cached (~> 0.3.1)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 842bdd4..665b2c4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -64,4 +64,8 @@ class ApplicationController < ActionController::Base
     UserParameterSanitizer.new(User, :user, params)
   end
   
+  def user_for_paper_trail
+    current_user.to_paper_trail rescue 'Public'
+  end
+  
 end
diff --git a/app/models/a.rb b/app/models/a.rb
index b5e678d..36745df 100644
--- a/app/models/a.rb
+++ b/app/models/a.rb
@@ -11,6 +11,8 @@
 # Obtained from http://www.zytrax.com/books/dns/ch8/a.html
 #
 class A < Record
+  has_paper_trail ignore: [:content, :updated_at]
+  
   validates :name, :hostname => {:allow_underscore => true, :allow_wildcard_hostname => true}
   validates :content, :presence => true, :ip => {:ip_type => :v4} # Only accept valid IPv4 addresses
 
diff --git a/app/models/aaaa.rb b/app/models/aaaa.rb
index 07d49c5..182625e 100644
--- a/app/models/aaaa.rb
+++ b/app/models/aaaa.rb
@@ -6,6 +6,8 @@
 # @see http://www.ietf.org/rfc/rfc3596.txt
 # @see http://www.zytrax.com/books/dns/ch8/aaaa.html
 class AAAA < Record
+  has_paper_trail
+  
   validates :name, :hostname => {:allow_underscore => true, :allow_wildcard_hostname => true}
   validates :content, :presence => true, :ip => {:ip_type => :v6}
   
diff --git a/app/models/authentication.rb b/app/models/authentication.rb
index 5caf071..49d6620 100644
--- a/app/models/authentication.rb
+++ b/app/models/authentication.rb
@@ -1,3 +1,5 @@
 class Authentication < ActiveRecord::Base
+  has_paper_trail
+  
   belongs_to :user, :inverse_of => :authentications
 end
diff --git a/app/models/cname.rb b/app/models/cname.rb
index db8b881..cd7f273 100644
--- a/app/models/cname.rb
+++ b/app/models/cname.rb
@@ -8,6 +8,8 @@
 # Obtained from http://www.zytrax.com/books/dns/ch8/cname.html
 #
 class CNAME < Record
+  has_paper_trail
+  
   validates :name, :hostname =>  {:allow_underscore => true, :allow_wildcard_hostname => true}
   validates :content, :presence => true, :length => { :maximum => 20000 }, :hostname2 => true
 
diff --git a/app/models/domain.rb b/app/models/domain.rb
index 9f86ba4..5bddb83 100644
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@@ -2,6 +2,7 @@ class Domain < ActiveRecord::Base
   self.inheritance_column = :sti_disabled
   nilify_blanks
   stampable
+  has_paper_trail
 
   # optional IP for create form, results in a type A record
   attr_accessor :ip
diff --git a/app/models/mx.rb b/app/models/mx.rb
index 705f6ac..7f907aa 100644
--- a/app/models/mx.rb
+++ b/app/models/mx.rb
@@ -7,6 +7,8 @@
 # Obtained from http://www.zytrax.com/books/dns/ch8/mx.html
 #
 class MX < Record
+  has_paper_trail
+  
   validates :name, :hostname => {
     :allow_underscore => true,
     :allow_wildcard_hostname => true
diff --git a/app/models/ns.rb b/app/models/ns.rb
index a2aaead..98a34a3 100644
--- a/app/models/ns.rb
+++ b/app/models/ns.rb
@@ -20,6 +20,8 @@
 # Obtained from http://www.zytrax.com/books/dns/ch8/ns.html
 #
 class NS < Record
+  has_paper_trail
+  
   validates :name, :hostname => {:allow_underscore => true}
   validates :content, :presence => true, :hostname => true #, :inclusion => {:in => Settings.ns}
 
diff --git a/app/models/permission.rb b/app/models/permission.rb
index 62fbcc6..b3b8a66 100644
--- a/app/models/permission.rb
+++ b/app/models/permission.rb
@@ -1,5 +1,6 @@
 class Permission < ActiveRecord::Base
   stampable
+  has_paper_trail
   
   belongs_to :domain, :inverse_of => :permissions
   belongs_to :user, :inverse_of => :permissions
diff --git a/app/models/soa.rb b/app/models/soa.rb
index 3bf7f22..5249e3e 100644
--- a/app/models/soa.rb
+++ b/app/models/soa.rb
@@ -7,6 +7,8 @@
 # Obtained from http://www.zytrax.com/books/dns/ch8/soa.html
 #
 class SOA < Record
+  has_paper_trail
+  
   validates :domain, :presence => true
   validates :domain_id, :uniqueness => true # one SOA per domain
   validates :name, :presence => true, :hostname => true
diff --git a/app/models/srv.rb b/app/models/srv.rb
index cd0863f..6684da2 100644
--- a/app/models/srv.rb
+++ b/app/models/srv.rb
@@ -5,6 +5,8 @@
 # @see http://www.ietf.org/rfc/rfc2872.txt
 # @see http://www.zytrax.com/books/dns/ch8/srv.html
 class SRV < Record
+  has_paper_trail
+  
   validates :name, :hostname => {:allow_underscore => true, :allow_wildcard_hostname => true}
   validates :content, :format => /\A\d+ \d+ [A-Za-z0-9\-_.]+\z/
   # RFC 2872
diff --git a/app/models/txt.rb b/app/models/txt.rb
index ef0ce06..0ff9b54 100644
--- a/app/models/txt.rb
+++ b/app/models/txt.rb
@@ -9,6 +9,8 @@
 # 
 # Obtained from http://www.zytrax.com/books/dns/ch8/txt.html
 class TXT < Record
+  has_paper_trail
+  
   validates :name, :hostname => {:allow_underscore => true, :allow_wildcard_hostname => true}
   validates :content, :presence => true, :length => { :maximum => 255 }
   
diff --git a/app/models/user.rb b/app/models/user.rb
index e8f8b1a..55aa2fd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,6 +2,9 @@ class User < ActiveRecord::Base
   include SentientModel
   model_stamper
   stampable
+  has_paper_trail ignore: [ :sign_in_count,
+    :last_sign_in_at, :current_sign_in_at,
+    :last_sign_in_ip, :current_sign_in_ip ]
   
   # Include default devise modules. Others available are:
   # :token_authenticatable, :encryptable, :timeoutable and :omniauthable
@@ -47,6 +50,10 @@ class User < ActiveRecord::Base
     !active? ? :deactivated : super
   end
   
+  def to_paper_trail
+    "#{id} #{email} name:#{full_name} ip:#{current_sign_in_ip} last_ip:#{last_sign_in_ip}"
+  end
+  
   delegate :can?, :cannot?, :to => :ability
   
   def ability(options = {:reload => false})
diff --git a/config/initializers/rails_admin.rb b/config/initializers/rails_admin.rb
index 3c3b2b6..c8a17f8 100644
--- a/config/initializers/rails_admin.rb
+++ b/config/initializers/rails_admin.rb
@@ -35,7 +35,7 @@ RailsAdmin.config do |config|
 
   # Add models here if you want to go 'whitelist mode':
   config.included_models = [A, AAAA, Admin, CNAME, Domain, MX, NS, Permission, 
-    Record, SOA, SRV, TXT, User, BlacklistedDomain]
+    Record, SOA, SRV, TXT, User, BlacklistedDomain, PaperTrail::Version]
 
   # Application wide tried label methods for models' instances
   # config.label_methods << :description # Default is [:name, :title]
diff --git a/db/migrate/20140117135341_create_versions.rb b/db/migrate/20140117135341_create_versions.rb
new file mode 100644
index 0000000..701f7ea
--- /dev/null
+++ b/db/migrate/20140117135341_create_versions.rb
@@ -0,0 +1,18 @@
+class CreateVersions < ActiveRecord::Migration
+  def self.up
+    create_table :versions do |t|
+      t.string   :item_type, :null => false
+      t.integer  :item_id,   :null => false
+      t.string   :event,     :null => false
+      t.string   :whodunnit
+      t.text     :object
+      t.datetime :created_at
+    end
+    add_index :versions, [:item_type, :item_id]
+  end
+
+  def self.down
+    remove_index :versions, [:item_type, :item_id]
+    drop_table :versions
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 65aaaf8..0af7246 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20140102165905) do
+ActiveRecord::Schema.define(version: 20140117135341) do
 
   create_table "admins", force: true do |t|
     t.string   "email",                  default: "",    null: false
@@ -170,4 +170,15 @@ ActiveRecord::Schema.define(version: 20140102165905) do
   add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
   add_index "users", ["unlock_token"], name: "index_users_on_unlock_token", unique: true, using: :btree
 
+  create_table "versions", force: true do |t|
+    t.string   "item_type",  null: false
+    t.integer  "item_id",    null: false
+    t.string   "event",      null: false
+    t.string   "whodunnit"
+    t.text     "object"
+    t.datetime "created_at"
+  end
+
+  add_index "versions", ["item_type", "item_id"], name: "index_versions_on_item_type_and_item_id", using: :btree
+
 end
diff --git a/spec/models/domain_spec.rb b/spec/models/domain_spec.rb
index f44eda7..131ab73 100644
--- a/spec/models/domain_spec.rb
+++ b/spec/models/domain_spec.rb
@@ -162,4 +162,10 @@ describe Domain do
     subsubdomain.reload.depth.should == 2
   end
   
+  it "audits creations" do
+    PaperTrail.enabled = true
+    expect { domain }.to change(PaperTrail::Version, :count)
+    PaperTrail.enabled = false
+  end
+  
 end
diff --git a/spec/models/record_spec.rb b/spec/models/record_spec.rb
index 2e7a8b1..351764e 100644
--- a/spec/models/record_spec.rb
+++ b/spec/models/record_spec.rb
@@ -54,4 +54,12 @@ describe Record do
     host_a_record2.should have(1).errors_on(:name)
   end
   
+  it "audits creations" do
+    PaperTrail.enabled = true
+    expect { a_record }.to change(PaperTrail::Version, :count)
+    expect { a_record.update!(name: "x.#{a_record.name}") }.to change(PaperTrail::Version, :count).by(1)
+    expect { a_record.update!(content: "127.0.0.2") }.to_not change(PaperTrail::Version, :count)
+    PaperTrail.enabled = false
+  end
+  
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 114b134..7217f0c 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -2,7 +2,14 @@ require 'spec_helper'
 
 describe User do
   include_context "data"
+  
   it "is valid" do
     user.should be_valid
   end
+  
+  it "audits creations" do
+    PaperTrail.enabled = true
+    expect { user }.to change(PaperTrail::Version, :count)
+    PaperTrail.enabled = false
+  end
 end