Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuditLogs [user: unknown] updated this object #220

Open
MariusDumeDoctari opened this issue Jan 17, 2025 · 5 comments
Open

AuditLogs [user: unknown] updated this object #220

MariusDumeDoctari opened this issue Jan 17, 2025 · 5 comments
Labels
audit trail Audit-Trail plugin

Comments

@MariusDumeDoctari
Copy link

Describe the problem :
While checking the Audit logs for a specific user, we see an entry that states : [user: unknown] updated this object .

Screenshot:

Image

Please let me know if you need any extra information.
@kevinpapst
Copy link
Member

kevinpapst commented Jan 17, 2025
edited
Loading

This is always shown, if a change cannot be related to a user.
Usually that is a deleted account, but in that case it looks different.
As if some process touched the user before actually knew who is currently logged-in.

Weirdly enough, it touched the roles without actually changing them.
Do you use SAML or LDAP login?

@MariusDumeDoctari
Copy link
Author

We use SAML.
I have checked the logs and there are only GET calls, made at that time, if you need them, i can provide the logs.
This is only one case, but we see the same behaviour on multiple users.

@kevinpapst
Copy link
Member

Yes please.
If you see a new log entry, please post the requests that happened around that time.
I am not able to reproduce it.

@kevinpapst kevinpapst added the audit trail Audit-Trail plugin label Jan 24, 2025
@MariusDumeDoctari
Copy link
Author

MariusDumeDoctari commented Jan 27, 2025
edited
Loading

here are the logs from each of our 2 pods, running Kimai :
1st :
localhost:8001 10.0.3.253 - - [16/Jan/2025:10:16:40 +0100] "GET /en/profile/[[email protected]] HTTP/1.1" 200 6566 "https://timetracking.company.com/en/dashboard/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [16/Jan/2025:10:16:52 +0100] "GET /en/profile/[[email protected]] HTTP/1.1" 200 6566 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [16/Jan/2025:10:16:59 +0100] "GET /en/logout HTTP/1.1" 302 1099 "https://timetracking.company.com/en/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
[2025-01-16T09:17:42.625273+00:00] security.INFO: Authenticator successful! {"token":{"Symfony\Component\Security\Core\Authentication\Token\RememberMeToken":"RememberMeToken(user="[[email protected]]", roles="ROLE_USER")"},"authenticator":"Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator"} {"channel":"security"}
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:30:19 +0100] "GET /en/profile/[[email protected]] HTTP/1.1" 200 6892 "https://timetracking.company.com/en/admin/user/?role=&visibility=1&size=50&page=1&orderBy=username&order=ASC&searchTerm=User&_token=.-XcI8oDrmVidufnUA&performSearch=performSearch" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:30:21 +0100] "GET /en/profile/[[email protected]] HTTP/1.1" 200 6892 "https://timetracking.company.com/en/profile/[[email protected]]" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.3.253 - - [16/Jan/2025:10:30:22 +0100] "GET /en/quick_entry/ HTTP/1.1" 200 16555 "https://timetracking.company.com/en/timesheet/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:30:24 +0100] "GET /en/profile/[[email protected]]/contract HTTP/1.1" 200 7674 "https://timetracking.company.com/en/profile/[[email protected]]" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:30:27 +0100] "GET /en/profile/[[email protected]]/roles HTTP/1.1" 200 6152 "https://timetracking.company.com/en/profile/[[email protected]]/contract" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:30:32 +0100] "POST /en/profile/[[email protected]]/roles HTTP/1.1" 302 806 "https://timetracking.company.com/en/profile/[[email protected]]/roles" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:30:32 +0100] "GET /en/profile/[[email protected]]/roles HTTP/1.1" 200 6251 "https://timetracking.company.com/en/profile/[[email protected]]/roles" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:10:33:45 +0100] "GET /en/admin/teams/ HTTP/1.1" 200 15215 "https://timetracking.company.com/en/audit/entry/6387" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [16/Jan/2025:10:33:46 +0100] "GET /en/audit HTTP/1.1" 200 14443 "https://timetracking.company.com/en/profile/[[email protected]]/roles" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:11:23:18 +0100] "GET /en/admin/user/ HTTP/1.1" 200 18007 "https://timetracking.company.com/en/audit/entry/6435" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:11:23:23 +0100] "GET /en/admin/user/?role=&visibility=1&size=50&page=1&orderBy=username&order=ASC&searchTerm=User&_token=c..-EJNnN-&performSearch=performSearch HTTP/1.1" 200 8750 "https://timetracking.company.com/en/admin/user/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:11:23:24 +0100] "GET /en/profile/[[email protected]] HTTP/1.1" 200 6892 "https://timetracking.company.com/en/admin/user/?role=&visibility=1&size=50&page=1&orderBy=username&order=ASC&searchTerm=User&_token=c..&performSearch=performSearch" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:11:23:27 +0100] "GET /en/profile/[[email protected]]/roles HTTP/1.1" 200 6175 "https://timetracking.company.com/en/profile/[[email protected]]" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"
localhost:8001 10.0.4.5 - - [16/Jan/2025:11:23:29 +0100] "GET /en/admin/user/ HTTP/1.1" 200 18002 "https://timetracking.company.com/en/profile/[[email protected]]/roles" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15"

2nd :
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:15 +0100] "GET /de/profile/[[email protected]] HTTP/1.1" 200 7491 "https://timetracking.company.com/de/admin/user/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:15 +0100] "GET /build/chart.7e725b75.js HTTP/1.1" 200 57824 "https://timetracking.company.com/de/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:15 +0100] "GET /build/app.899af573.css HTTP/1.1" 200 102551 "https://timetracking.company.com/de/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:15 +0100] "GET /build/app.ea4d46bf.js HTTP/1.1" 200 93858 "https://timetracking.company.com/de/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:23 +0100] "GET /de/profile/[[email protected]] HTTP/1.1" 200 7491 "https://timetracking.company.com/de/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:25 +0100] "GET /de/profile/[[email protected]] HTTP/1.1" 200 7491 "https://timetracking.company.com/de/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:30 +0100] "GET /de/profile/[[email protected]]/edit HTTP/1.1" 200 20268 "https://timetracking.company.com/de/profile/[[email protected]]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.4.5 - - [14/Jan/2025:10:49:37 +0100] "GET /de/profile/[[email protected]]/teams HTTP/1.1" 200 7042 "https://timetracking.company.com/de/profile/[[email protected]]/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:50:51 +0100] "GET /de/profile/[[email protected]]/roles HTTP/1.1" 200 6784 "https://timetracking.company.com/de/profile/[[email protected]]/teams" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:50:55 +0100] "GET /de/profile/[[email protected]]/contract HTTP/1.1" 200 8285 "https://timetracking.company.com/de/profile/[[email protected]]/roles" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:51:33 +0100] "GET /de/profile/[[email protected]]/edit HTTP/1.1" 200 20273 "https://timetracking.company.com/de/profile/[[email protected]]/contract" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:51:39 +0100] "GET /de/profile/[[email protected]]/prefs HTTP/1.1" 200 20622 "https://timetracking.company.com/de/profile/[[email protected]]/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:51:45 +0100] "GET /de/profile/[[email protected]]/teams HTTP/1.1" 200 7027 "https://timetracking.company.com/de/profile/[[email protected]]/prefs" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:51:50 +0100] "GET /de/profile/[[email protected]]/contract HTTP/1.1" 200 8295 "https://timetracking.company.com/de/profile/[[email protected]]/teams" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:51:53 +0100] "GET /de/profile/[[email protected]]/edit HTTP/1.1" 200 20280 "https://timetracking.company.com/de/profile/[[email protected]]/contract" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:51:54 +0100] "GET /de/profile/[[email protected]]/prefs HTTP/1.1" 200 20627 "https://timetracking.company.com/de/profile/[[email protected]]/edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:52:03 +0100] "POST /de/profile/[[email protected]]/prefs HTTP/1.1" 302 806 "https://timetracking.company.com/de/profile/[[email protected]]/prefs" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:10:52:03 +0100] "GET /en/profile/[[email protected]]/prefs HTTP/1.1" 200 20410 "https://timetracking.company.com/de/profile/[[email protected]]/prefs" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
localhost:8001 10.0.3.253 - - [14/Jan/2025:11:06:46 +0100] "GET /en/admin/plugins/ HTTP/1.1" 200 7932 "https://timetracking.company.com/en/profile/[[email protected]]/prefs" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"

I have edited out some details.
Let me know if this helps.

@kevinpapst
Copy link
Member

Not sure, have tried a few of those, but couldn't reproduce.

I'll keep an eye on it. If you find something, please let me know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
audit trail Audit-Trail plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinpapst @MariusDumeDoctari