Add credential to Register and RequestPasswordReset audits (#3666)

NuGet · Mar 17, 2017 · d424e79 · d424e79
1 parent 5e9b0ed
commit d424e79
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/NuGetGallery/Authentication/AuthenticationService.cs b/src/NuGetGallery/Authentication/AuthenticationService.cs
@@ -295,7 +295,7 @@ public virtual async Task<AuthenticatedUser> Register(string username, string em
             }
 
             // Write an audit record
-            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(newUser, AuditedUserAction.Register));
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(newUser, AuditedUserAction.Register, credential));
 
             Entities.Users.Add(newUser);
             await Entities.SaveChangesAsync();
@@ -399,7 +399,10 @@ public virtual async Task GeneratePasswordResetToken(User user, int expirationIn
             user.PasswordResetToken = CryptographyService.GenerateToken();
             user.PasswordResetTokenExpirationDate = _dateTimeProvider.UtcNow.AddMinutes(expirationInMinutes);
 
-            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.RequestPasswordReset));
+            var passwordCredential = user.Credentials.FirstOrDefault(
+                credential => credential.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase));
+
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.RequestPasswordReset, passwordCredential));
 
             await Entities.SaveChangesAsync();
         }