From 50c42768cb12d906259c43aeb0b0cdfd06e5ddec Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Thu, 10 May 2018 01:52:18 +0000
Subject: [PATCH] Better logging for botpasswords

As its an authentication action, its important to log when
somebody creates a new botpassword.

Bug: T194204
Change-Id: Ib8dc634b77ae9e42e3d225be1d56e6d04e9595b1
---
 includes/specials/SpecialBotPasswords.php | 28 +++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/includes/specials/SpecialBotPasswords.php b/includes/specials/SpecialBotPasswords.php
index f76c318e26..68a8311c2b 100644
--- a/includes/specials/SpecialBotPasswords.php
+++ b/includes/specials/SpecialBotPasswords.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\Logger\LoggerFactory;
+
 /**
  * Let users manage bot passwords
  *
@@ -40,8 +42,12 @@ class SpecialBotPasswords extends FormSpecialPage {
 	/** @var string New password set, for communication between onSubmit() and onSuccess() */
 	private $password = null;
 
+	/** @var Psr\Log\LoggerInterface */
+	private $logger = null;
+
 	public function __construct() {
 		parent::__construct( 'BotPasswords', 'editmyprivateinfo' );
+		$this->logger = LoggerFactory::getInstance( 'authentication' );
 	}
 
 	/**
@@ -257,6 +263,16 @@ class SpecialBotPasswords extends FormSpecialPage {
 				$bp = BotPassword::newFromCentralId( $this->userId, $this->par );
 				if ( $bp ) {
 					$bp->delete();
+					$this->logger->info(
+						"Bot password {op} for {user}@{app_id}",
+						[
+							'app_id' => $this->par,
+							'user' => $this->getUser()->getName(),
+							'centralId' => $this->userId,
+							'op' => 'delete',
+							'client_ip' => $this->getRequest()->getIP()
+						]
+					);
 				}
 				return Status::newGood();
 
@@ -289,6 +305,18 @@ class SpecialBotPasswords extends FormSpecialPage {
 		}
 
 		if ( $bp->save( $this->operation, $password ) ) {
+			$this->logger->info(
+				"Bot password {op} for {user}@{app_id}",
+				[
+					'op' => $this->operation,
+					'user' => $this->getUser()->getName(),
+					'app_id' => $this->par,
+					'centralId' => $this->userId,
+					'restrictions' => $data['restrictions'],
+					'grants' => $bp->getGrants(),
+					'client_ip' => $this->getRequest()->getIP()
+				]
+			);
 			return Status::newGood();
 		} else {
 			// Messages: botpasswords-insert-failed, botpasswords-update-failed
-- 
2.20.1