Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

user_id cannot be nil when manually triggering login failure appsec events #3840

Closed
jwoodrow opened this issue Aug 12, 2024 · 4 comments · Fixed by #3841
Closed

user_id cannot be nil when manually triggering login failure appsec events #3840

jwoodrow opened this issue Aug 12, 2024 · 4 comments · Fixed by #3841
Assignees
@y9v
Labels
appsec Application Security monitoring product bug Involves a bug community Was opened by a community member
Milestone
2.3.0

Comments

@jwoodrow
Copy link

Current behaviour

When a user tries to sign in using alternative sign in flows then login success/failures are tracked manually. But when this alternative login attempt fails because the user does not exist then there can be no user_id for the Datadog::Kit::AppSec::Events.track_login_failure

This results in an ArgumentError user_id cannot be nil even if user_exists: false is provided

Expected behaviour

if user_exists: false is provided, a nil value should be allowed.

Steps to reproduce

Call Datadog::Kit::AppSec::Events.track_login_failure with user_id: nil, user_exists: false

How does datadog help you?

We use datadog for log management, APM and security protection

Environment

  • datadog version: 7
  • Configuration block (Datadog.configure ...):
  • Ruby version: 3.3.4
  • Operating system: Heroku ubuntu
  • Relevant library versions:
@jwoodrow jwoodrow added bug Involves a bug community Was opened by a community member labels Aug 12, 2024
@y9v
Copy link
Member

y9v commented Aug 12, 2024
edited
Loading

hey @jwoodrow, thanks for bringing this to our attention. We will work on a fix.

@y9v y9v self-assigned this Aug 12, 2024
@y9v y9v added the appsec Application Security monitoring product label Aug 12, 2024
@y9v y9v mentioned this issue Aug 12, 2024
Merged
@y9v y9v closed this as completed in 44834a4 Aug 12, 2024
@y9v y9v closed this as completed in #3841 Aug 12, 2024
@y9v
Copy link
Member

y9v commented Aug 15, 2024

@jwoodrow this issue should be fixed in the upcoming 2.3.0 release

@y9v
Copy link
Member

y9v commented Aug 22, 2024

@jwoodrow We just released version 2.3.0 that fixes the issue you had.

@jwoodrow
Copy link
Author

Going to try out the latest release next week and see how it goes, but from I saw in the PR I don't expect there'll be any issues on that front. Thanks for the quick fix

@ivoanjo ivoanjo added this to the 2.3.0 milestone Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@y9v y9v

Labels
appsec Application Security monitoring product bug Involves a bug community Was opened by a community member
Projects
None yet
Milestone
2.3.0
Development

Successfully merging a pull request may close this issue.

Make user_id optional for track_login_failure DataDog/dd-trace-rb
3 participants
@y9v @ivoanjo @jwoodrow