Transparency log: track when user verified email address

src/Audit/AuditRecordType.php

@@ -32,6 +32,7 @@ enum AuditRecordType: string
 
     // user management
     case UserCreated = 'user_created';
+    case UserVerified = 'user_verified';
     case UserDeleted = 'user_deleted'; // TODO
     case PasswordResetRequested = 'password_reset_requested';
     case PasswordReset = 'password_reset';

src/Audit/Display/AuditLogDisplayFactory.php

@@ -15,11 +15,16 @@
 use App\Audit\AuditRecordType;
 use App\Audit\UserRegistrationMethod;
 use App\Entity\AuditRecord;
-use App\Audit\Display\TwoFaActivatedDisplay;
 use App\Audit\Display\TwoFaDeactivatedDisplay;
+use App\Entity\User;
+use Symfony\Bundle\SecurityBundle\Security;
 
 class AuditLogDisplayFactory
 {
+    public function __construct(
+        private readonly Security $security,
+    ) {}
+
     /**
      * @param iterable<AuditRecord> $auditRecords
      * @return array<AuditLogDisplayInterface>
@@ -135,6 +140,12 @@ public function buildSingle(AuditRecord $record): AuditLogDisplayInterface
                 $record->type,
                 $record->datetime,
                 $record->attributes['user']['username'] ?? 'unknown',
+                $this->buildACtor($record->attributes['actor'] ?? null),
+            ),
+            AuditRecordType::UserVerified => new UserVerifiedDisplay(
+                $record->datetime,
+                $this->buildActor($record->attributes['user'] ?? null),
+                $this->obfuscateEmail($record->attributes['email'], $record->attributes['user']['id'] ?? null),
                 $this->buildActor(null),
             ),
             default => throw new \LogicException(sprintf('Unsupported audit record type: %s', $record->type->value)),
@@ -156,4 +167,18 @@ private function buildActor(array|string|null $actor): ActorDisplay
 
         return new ActorDisplay($actor['id'], $actor['username']);
     }
+
+    private function obfuscateEmail(string $email, ?int $userId = null): string
+    {
+        if ($this->security->isGranted('ROLE_ADMIN')) {
+            return $email;
+        }
+
+        $currentUser = $this->security->getUser();
+        if ($currentUser instanceof User && $currentUser->getId() === $userId) {
+            return $email;
+        }
+
+        return '**@**.**';
+    }
 }

src/Audit/Display/UserVerifiedDisplay.php

@@ -0,0 +1,38 @@
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of Packagist.
+ *
+ * (c) Jordi Boggiano <[email protected]>
+ *     Nils Adermann <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace App\Audit\Display;
+
+use App\Audit\AuditRecordType;
+use App\Audit\UserRegistrationMethod;
+
+readonly class UserVerifiedDisplay extends AbstractAuditLogDisplay
+{
+    public function __construct(
+        \DateTimeImmutable $datetime,
+        public ActorDisplay $user,
+        public string $email,
+        ActorDisplay $actor,
+    ) {
+        parent::__construct($datetime, $actor);
+    }
+
+    public function getType(): AuditRecordType
+    {
+        return AuditRecordType::UserVerified;
+    }
+
+    public function getTemplateName(): string
+    {
+        return 'audit_log/display/user_verified.html.twig';
+    }
+}

src/Entity/AuditRecord.php

@@ -191,6 +191,11 @@ public static function passwordResetRequested(User $user): self
         return new self(AuditRecordType::PasswordResetRequested, ['user' => self::getUserData($user), 'actor' => self::getUserData($user)], actorId: $user->getId(), userId: $user->getId());
     }
 
+    public static function userVerified(User $user, string $email): self
+    {
+        return new self(AuditRecordType::UserVerified, ['user' => self::getUserdata($user), 'email' => $email, 'actor' => 'unknown'], userId: $user->getId());
+    }
+
     /**
      * @return array{id: int, username: string}|string
      */

src/Security/EmailVerifier.php

@@ -12,6 +12,7 @@
 
 namespace App\Security;
 
+use App\Entity\AuditRecord;
 use App\Entity\User;
 use App\Util\DoctrineTrait;
 use Doctrine\Persistence\ManagerRegistry;
@@ -65,9 +66,11 @@ public function handleEmailConfirmation(Request $request, UserInterface $user):
             throw new \UnexpectedValueException('Expected '.User::class.', got '.$user::class);
         }
 
-        $this->verifyEmailHelper->validateEmailConfirmationFromRequest($request, (string) $user->getId(), $user->getEmail());
+        $emailToVerify = $user->getEmail();
+        $this->verifyEmailHelper->validateEmailConfirmationFromRequest($request, (string) $user->getId(), $emailToVerify);
         $user->setEnabled(true);
 
+        $this->getEM()->persist(AuditRecord::userVerified($user, $emailToVerify));
         $this->getEM()->persist($user);
         $this->getEM()->flush();
     }

templates/audit_log/display/user_verified.html.twig

@@ -0,0 +1,2 @@
+<strong>{{ display.user.username }}</strong><br>
+Email: {{ display.email }}

tests/Audit/Display/AuditLogDisplayFactoryTest.php

@@ -13,29 +13,33 @@
 namespace App\Tests\Audit\Display;
 
 use App\Audit\AuditRecordType;
-use App\Audit\Display\ActorDisplay;
 use App\Audit\Display\AuditLogDisplayFactory;
 use App\Audit\Display\CanonicalUrlChangedDisplay;
 use App\Audit\Display\GenericUserDisplay;
 use App\Audit\Display\PackageAbandonedDisplay;
 use App\Audit\Display\PackageCreatedDisplay;
 use App\Audit\Display\PackageDeletedDisplay;
 use App\Audit\Display\PackageUnabandonedDisplay;
-use App\Audit\Display\TwoFaActivatedDisplay;
 use App\Audit\Display\TwoFaDeactivatedDisplay;
+use App\Audit\Display\UserVerifiedDisplay;
 use App\Audit\Display\VersionDeletedDisplay;
 use App\Audit\Display\VersionReferenceChangedDisplay;
 use App\Entity\AuditRecord;
-use PHPUnit\Framework\Attributes\DataProvider;
+use App\Entity\User;
+use PHPUnit\Framework\Attributes\TestWith;
+use PHPUnit\Framework\MockObject\Stub;
 use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\Security;
 
 class AuditLogDisplayFactoryTest extends TestCase
 {
     private AuditLogDisplayFactory $factory;
+    private Security&Stub $security;
 
     protected function setUp(): void
     {
-        $this->factory = new AuditLogDisplayFactory();
+        $this->security = $this->createStub(Security::class);
+        $this->factory = new AuditLogDisplayFactory($this->security);
     }
 
     public function testBuildPackageCreatedWithUserActor(): void
@@ -338,6 +342,41 @@ public function testBuildPackageUnabandonedWithoutPreviousReplacement(): void
         self::assertSame('maintainer', $display->actor->username);
     }
 
+    #[TestWith([false, 999, '**@**.**'])]
+    #[TestWith([true, 999, '[email protected]'])]
+    #[TestWith([false, 999, '**@**.**'])]
+    #[TestWith([false, 123, '[email protected]'])]
+    public function testBuildUserVerified(bool $isAdmin, int $authenticatedUserId, string $expectedEmail): void
+    {
+        $this->security
+            ->method('isGranted')
+            ->with('ROLE_ADMIN')
+            ->willReturn($isAdmin);
+
+        $user = new User();
+        $reflectionProperty = new \ReflectionProperty($user, 'id');
+        $reflectionProperty->setValue($user, $authenticatedUserId);
+
+        $this->security
+            ->method('getUser')
+            ->willReturn($user);
+
+        $auditRecord = $this->createAuditRecord(
+            AuditRecordType::UserVerified,
+            [
+                'user' => ['id' => 123, 'username' => 'johndoe'],
+                'email' => '[email protected]',
+                'actor' => 'unknown',
+            ],
+            userId: 123,
+        );
+
+        $display = $this->factory->buildSingle($auditRecord);
+        self::assertInstanceOf(UserVerifiedDisplay::class, $display);
+        self::assertSame('johndoe', $display->user->username);
+        self::assertSame($expectedEmail, $display->email);
+    }
+
     public function testBuildMultipleRecords(): void
     {
         $records = [
@@ -443,8 +482,10 @@ public function testBuildTwoFaDeactivated(): void
     private function createAuditRecord(
         AuditRecordType $type,
         array $attributes,
-        ?\DateTimeImmutable $datetime = null
-    ): AuditRecord {
+        ?\DateTimeImmutable $datetime = null,
+        ?int $userId = null,
+    ): AuditRecord
+    {
         $datetime = $datetime ?? new \DateTimeImmutable();
 
         $reflection = new \ReflectionClass(AuditRecord::class);
@@ -459,6 +500,9 @@ private function createAuditRecord(
         $attributesProperty = $reflection->getProperty('attributes');
         $attributesProperty->setValue($instance, $attributes);
 
+        $attributesProperty = $reflection->getProperty('userId');
+        $attributesProperty->setValue($instance, $userId);
+
         return $instance;
     }
 }

tests/Security/EmailVerifierTest.php

@@ -0,0 +1,62 @@
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of Packagist.
+ *
+ * (c) Jordi Boggiano <[email protected]>
+ *     Nils Adermann <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace App\Tests\Security;
+
+use App\Audit\AuditRecordType;
+use App\Entity\AuditRecord;
+use App\Entity\User;
+use App\Security\EmailVerifier;
+use App\Tests\IntegrationTestCase;
+use Symfony\Component\HttpFoundation\Request;
+use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
+use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
+
+class EmailVerifierTest extends IntegrationTestCase
+{
+    private EmailVerifier $emailVerifier;
+    private VerifyEmailHelperInterface $verifyEmailHelper;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->verifyEmailHelper = static::getContainer()->get(VerifyEmailHelperInterface::class);
+        $this->emailVerifier = static::getContainer()->get(EmailVerifier::class);
+    }
+
+    public function testHandleEmailConfirmationSuccess(): void
+    {
+        $user = self::createUser('user', '[email protected]', enabled: false);
+        $this->store($user);
+
+        $this->assertFalse($user->isEnabled());
+
+        $signatureComponents = $this->verifyEmailHelper->generateSignature(
+            'register_confirm_email',
+            (string) $user->getId(),
+            $user->getEmail(),
+            ['id' => $user->getId()]
+        );
+
+        $request = Request::create($signatureComponents->getSignedUrl());
+        $this->emailVerifier->handleEmailConfirmation($request, $user);
+
+        $this->assertTrue($user->isEnabled());
+
+        $em = self::getEM();
+        $record = $em->getRepository(AuditRecord::class)->findOneBy(['type' => AuditRecordType::UserVerified, 'userId' => $user->getId()]);
+        $this->assertNotNull($record, 'No audit record was created');
+        $this->assertSame('user', $record->attributes['user']['username']);
+        $this->assertSame('[email protected]', $record->attributes['email']);
+    }
+}

translations/messages.en.yml

@@ -188,6 +188,7 @@ audit_log:
         two_fa_activated: 2FA activated
         two_fa_deactivated: 2FA deactivated
         user_created: User created
+        user_verified: User verified
         user_deleted: User deleted
         username_changed: Username changed
         version_created: Version created