diff --git a/apps/admin_audit/actions/action.php b/apps/admin_audit/actions/action.php
new file mode 100644
index 0000000000..6aafacc618
--- /dev/null
+++ b/apps/admin_audit/actions/action.php
@@ -0,0 +1,76 @@
+
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+use OCP\ILogger;
+
+class Action {
+ /** @var ILogger */
+ private $logger;
+
+ /**
+ * @param ILogger $logger
+ */
+ public function __construct(ILogger $logger) {
+ $this->logger = $logger;
+ }
+
+ /**
+ * Log a single action with a log level of info
+ *
+ * @param string $text
+ * @param array $params
+ * @param array $elements
+ */
+ public function log($text,
+ array $params,
+ array $elements) {
+ foreach($elements as $element) {
+ if(!isset($params[$element])) {
+ $this->logger->critical(
+ sprintf(
+ '$params["'.$element.'"] was missing. Transferred value: %s',
+ print_r($params, true)
+ )
+ );
+ return;
+ }
+ }
+
+ $replaceArray = [];
+ foreach($elements as $element) {
+ if($params[$element] instanceof \DateTime) {
+ $params[$element] = $params[$element]->format('Y-m-d H:i:s');
+ }
+ $replaceArray[] = $params[$element];
+ }
+
+ $this->logger->info(
+ vsprintf(
+ $text,
+ $replaceArray
+ ),
+ [
+ 'app' => 'admin_audit'
+ ]
+ );
+ }
+}
diff --git a/apps/admin_audit/actions/auth.php b/apps/admin_audit/actions/auth.php
new file mode 100644
index 0000000000..4061ca89c4
--- /dev/null
+++ b/apps/admin_audit/actions/auth.php
@@ -0,0 +1,56 @@
+
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+/**
+ * Class Auth logs all auth related actions
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class Auth extends Action {
+ public function loginAttempt(array $params) {
+ $this->log(
+ 'Login attempt: "%s"',
+ $params,
+ [
+ 'uid',
+ ]
+ );
+ }
+
+ public function loginSuccessful(array $params) {
+ $this->log(
+ 'Login successful: "%s"',
+ $params,
+ [
+ 'uid',
+ ]
+ );
+ }
+
+ public function logout(array $params) {
+ $this->log(
+ 'Logout occurred',
+ [],
+ []
+ );
+ }
+}
diff --git a/apps/admin_audit/actions/files.php b/apps/admin_audit/actions/files.php
new file mode 100644
index 0000000000..46da0ade6b
--- /dev/null
+++ b/apps/admin_audit/actions/files.php
@@ -0,0 +1,135 @@
+
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+/**
+ * Class Files logs the actions to files
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class Files extends Action {
+ /**
+ * Logs file read actions
+ *
+ * @param array $params
+ */
+ public function read(array $params) {
+ $this->log(
+ 'File accessed: "%s"',
+ $params,
+ [
+ 'path',
+ ]
+ );
+ }
+
+ /**
+ * Logs rename actions of files
+ *
+ * @param array $params
+ */
+ public function rename(array $params) {
+ $this->log(
+ 'File renamed: "%s" to "%s"',
+ $params,
+ [
+ 'oldpath',
+ 'newpath',
+ ]
+ );
+ }
+
+ /**
+ * Logs creation of files
+ *
+ * @param array $params
+ */
+ public function create(array $params) {
+ $this->log(
+ 'File created: "%s"',
+ $params,
+ [
+ 'path',
+ ]
+ );
+ }
+
+ /**
+ * Logs copying of files
+ *
+ * @param array $params
+ */
+ public function copy(array $params) {
+ $this->log(
+ 'File copied: "%s" to "%s"',
+ $params,
+ [
+ 'oldpath',
+ 'newpath',
+ ]
+ );
+ }
+
+ /**
+ * Logs writing of files
+ *
+ * @param array $params
+ */
+ public function write(array $params) {
+ $this->log(
+ 'File written to: "%s"',
+ $params,
+ [
+ 'path',
+ ]
+ );
+ }
+
+ /**
+ * Logs update of files
+ *
+ * @param array $params
+ */
+ public function update(array $params) {
+ $this->log(
+ 'File updated: "%s"',
+ $params,
+ [
+ 'path',
+ ]
+ );
+ }
+
+ /**
+ * Logs deletions of files
+ *
+ * @param array $params
+ */
+ public function delete(array $params) {
+ $this->log(
+ 'File deleted: "%s"',
+ $params,
+ [
+ 'path',
+ ]
+ );
+ }
+}
diff --git a/apps/admin_audit/actions/sharing.php b/apps/admin_audit/actions/sharing.php
new file mode 100644
index 0000000000..5f26374846
--- /dev/null
+++ b/apps/admin_audit/actions/sharing.php
@@ -0,0 +1,189 @@
+
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+use OCP\Share;
+
+/**
+ * Class Sharing logs the sharing actions
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class Sharing extends Action {
+ /**
+ * Logs sharing of data
+ *
+ * @param array $params
+ */
+ public function shared(array $params) {
+ if($params['shareType'] === Share::SHARE_TYPE_LINK) {
+ $this->log(
+ 'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)',
+ $params,
+ [
+ 'itemType',
+ 'itemTarget',
+ 'itemSource',
+ 'permissions',
+ 'id',
+ ]
+ );
+ } elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
+ $this->log(
+ 'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s" (Share ID: %s)',
+ $params,
+ [
+ 'itemType',
+ 'itemTarget',
+ 'itemSource',
+ 'shareWith',
+ 'permissions',
+ 'id',
+ ]
+ );
+ } elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
+ $this->log(
+ 'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s" (Share ID: %s)',
+ $params,
+ [
+ 'itemType',
+ 'itemTarget',
+ 'itemSource',
+ 'shareWith',
+ 'permissions',
+ 'id',
+ ]
+ );
+ }
+ }
+
+ /**
+ * Logs unsharing of data
+ *
+ * @param array $params
+ */
+ public function unshare(array $params) {
+ if($params['shareType'] === Share::SHARE_TYPE_LINK) {
+ $this->log(
+ 'The %s "%s" with ID "%s" has been unshared (Share ID: %s)',
+ $params,
+ [
+ 'itemType',
+ 'fileTarget',
+ 'itemSource',
+ 'id',
+ ]
+ );
+ } elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
+ $this->log(
+ 'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)',
+ $params,
+ [
+ 'itemType',
+ 'fileTarget',
+ 'itemSource',
+ 'shareWith',
+ 'id',
+ ]
+ );
+ } elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
+ $this->log(
+ 'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)',
+ $params,
+ [
+ 'itemType',
+ 'fileTarget',
+ 'itemSource',
+ 'shareWith',
+ 'id',
+ ]
+ );
+ }
+ }
+
+ /**
+ * Logs the updating of permission changes for shares
+ *
+ * @param array $params
+ */
+ public function updatePermissions(array $params) {
+ $this->log(
+ 'The permissions of the shared %s "%s" with ID "%s" have been changed to "%s"',
+ $params,
+ [
+ 'itemType',
+ 'path',
+ 'itemSource',
+ 'permissions',
+ ]
+ );
+ }
+
+ /**
+ * Logs the password changes for a share
+ *
+ * @param array $params
+ */
+ public function updatePassword(array $params) {
+ $this->log(
+ 'The password of the publicly shared %s "%s" with ID "%s" has been changed',
+ $params,
+ [
+ 'itemType',
+ 'token',
+ 'itemSource',
+ ]
+ );
+ }
+
+ /**
+ * Logs the expiration date changes for a share
+ *
+ * @param array $params
+ */
+ public function updateExpirationDate(array $params) {
+ $this->log(
+ 'The expiration date of the publicly shared %s with ID "%s" has been changed to "%s"',
+ $params,
+ [
+ 'itemType',
+ 'itemSource',
+ 'date',
+ ]
+ );
+ }
+
+ /**
+ * Logs access of shared files
+ *
+ * @param array $params
+ */
+ public function shareAccessed(array $params) {
+ $this->log(
+ 'The shared %s with the token "%s" by "%s" has been accessed.',
+ $params,
+ [
+ 'itemType',
+ 'token',
+ 'uidOwner',
+ ]
+ );
+ }
+}
diff --git a/apps/admin_audit/actions/usermanagement.php b/apps/admin_audit/actions/usermanagement.php
new file mode 100644
index 0000000000..be8b4a8602
--- /dev/null
+++ b/apps/admin_audit/actions/usermanagement.php
@@ -0,0 +1,77 @@
+
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+/**
+ * Class UserManagement logs all user management related actions.
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class UserManagement extends Action {
+ /**
+ * Log creation of users
+ *
+ * @param array $params
+ */
+ public function create(array $params) {
+ $this->log(
+ 'User created: "%s"',
+ $params,
+ [
+ 'uid',
+ ]
+ );
+ }
+
+ /**
+ * Log deletion of users
+ *
+ * @param array $params
+ */
+ public function delete(array $params) {
+ $this->log(
+ 'User deleted: "%s"',
+ $params,
+ [
+ 'uid',
+ ]
+ );
+ }
+
+ /**
+ * Logs changing of the user scope
+ *
+ * @param \OCP\IUser $user
+ */
+ public function setPassword(\OCP\IUser $user) {
+ if($user->getBackendClassName() === 'Database') {
+ $this->log(
+ 'Password of user "%s" has been changed',
+ [
+ 'user' => $user->getUID(),
+ ],
+ [
+ 'user',
+ ]
+ );
+ }
+ }
+}
diff --git a/apps/admin_audit/appinfo/app.php b/apps/admin_audit/appinfo/app.php
new file mode 100644
index 0000000000..4418ada2ed
--- /dev/null
+++ b/apps/admin_audit/appinfo/app.php
@@ -0,0 +1,142 @@
+
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+
+$logger = \OC::$server->getLogger();
+
+logUserManagement(
+ $logger,
+ \OC::$server->getUserSession()
+);
+logFileActions($logger);
+logAuthEvents($logger);
+logShareEvents($logger);
+
+/**
+ * Logs sharing events
+ *
+ * @param \OCP\ILogger $logger
+ */
+function logShareEvents($logger) {
+ $shareActions = new \OCA\Admin_Audit\Actions\Sharing(
+ $logger
+ );
+
+ OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
+ OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
+ OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
+ OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
+ OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
+ OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
+}
+
+/**
+ * Log authentication event related actions
+ *
+ * @param \OCP\ILogger $logger
+ */
+function logAuthEvents($logger) {
+ $authActions = new \OCA\Admin_Audit\Actions\Auth(
+ $logger
+ );
+ OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
+ OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
+ OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+}
+
+/**
+ * Log user management related actions
+ *
+ * @param \OCP\ILogger $logger
+ * @param \OC\User\Session $userSession
+ */
+function logUserManagement($logger, $userSession) {
+ $userActions = new \OCA\Admin_Audit\Actions\UserManagement(
+ $logger
+ );
+
+ OCP\Util::connectHook(
+ 'OC_User',
+ 'post_createUser',
+ $userActions,
+ 'create'
+ );
+ OCP\Util::connectHook(
+ 'OC_User',
+ 'post_deleteUser',
+ $userActions,
+ 'delete'
+ );
+ $userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+}
+
+/**
+ * Log file related actions
+ *
+ * @param \OCP\ILogger $logger
+ */
+function logFileActions($logger) {
+ $fileActions = new \OCA\Admin_Audit\Actions\Files(
+ $logger
+ );
+
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_post_rename,
+ $fileActions,
+ 'rename'
+ );
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_post_create,
+ $fileActions,
+ 'create'
+ );
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_post_copy,
+ $fileActions,
+ 'copy'
+ );
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_post_write,
+ $fileActions,
+ 'write'
+ );
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_post_update,
+ $fileActions,
+ 'update'
+ );
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_read,
+ $fileActions,
+ 'read'
+ );
+ OCP\Util::connectHook(
+ OC\Files\Filesystem::CLASSNAME,
+ OC\Files\Filesystem::signal_delete,
+ $fileActions,
+ 'delete'
+ );
+}
diff --git a/apps/admin_audit/appinfo/info.xml b/apps/admin_audit/appinfo/info.xml
new file mode 100644
index 0000000000..74fc880c88
--- /dev/null
+++ b/apps/admin_audit/appinfo/info.xml
@@ -0,0 +1,18 @@
+
+
+ admin_audit
+ Auditing / Logging
+ Provides logging abilities for Nextcloud such as logging file
+ accesses or otherwise sensitive actions.
+
+ AGPL
+ Nextcloud
+ 1.0.0
+
+
+
+
+
+
+
+