diff --git a/services/web/app/src/Features/Subscription/TeamInvitesHandler.mjs b/services/web/app/src/Features/Subscription/TeamInvitesHandler.mjs index 477127a0b1..53d5237e7b 100644 --- a/services/web/app/src/Features/Subscription/TeamInvitesHandler.mjs +++ b/services/web/app/src/Features/Subscription/TeamInvitesHandler.mjs @@ -29,7 +29,7 @@ async function getInvite(token) { return { invite, subscription } } -async function createInvite(teamManagerId, subscription, email) { +async function createInvite(teamManagerId, subscription, email, auditLog) { email = EmailHelper.parseEmail(email) if (!email) { throw new Error('invalid email') @@ -37,7 +37,7 @@ async function createInvite(teamManagerId, subscription, email) { const teamManager = await UserGetter.promises.getUser(teamManagerId) await _removeLegacyInvite(subscription.id, email) - return _createInvite(subscription, email, teamManager) + return _createInvite(subscription, email, teamManager, auditLog) } async function importInvite(subscription, inviterName, email, token, sentAt) { @@ -171,7 +171,7 @@ async function createTeamInvitesForLegacyInvitedEmail(email) { ) } -async function _createInvite(subscription, email, inviter) { +async function _createInvite(subscription, email, inviter, auditLog) { const { possible, reason } = await _checkIfInviteIsPossible( subscription, email @@ -257,6 +257,23 @@ async function _createInvite(subscription, email, inviter) { await subscription.save() if (subscription.managedUsersEnabled) { + const auditLogData = { + initiatorId: auditLog?.initiatorId, + ipAddress: auditLog?.ipAddress, + groupId: subscription._id, + operation: 'group-invite-sent', + info: { invitedEmail: email }, + } + + try { + await Modules.promises.hooks.fire('addGroupAuditLogEntry', auditLogData) + } catch (error) { + logger.error( + { error, auditLog }, + 'Error adding group audit log entry for group-invite-sent' + ) + } + let admin = {} try { admin = await SubscriptionLocator.promises.getAdminEmailAndName( diff --git a/services/web/test/unit/src/Subscription/TeamInvitesHandler.test.mjs b/services/web/test/unit/src/Subscription/TeamInvitesHandler.test.mjs index 9167cdfffb..0f7cadb9f2 100644 --- a/services/web/test/unit/src/Subscription/TeamInvitesHandler.test.mjs +++ b/services/web/test/unit/src/Subscription/TeamInvitesHandler.test.mjs @@ -365,6 +365,55 @@ describe('TeamInvitesHandler', function () { .create.calledWith(invite) .should.eq(true) }) + + it('creates an audit log entry for group-invite-sent for managed subscription', async function (ctx) { + ctx.subscription.managedUsersEnabled = true + + const auditLog = { + initiatorId: ctx.manager._id, + ipAddress: '192.0.2.1', + } + + await ctx.TeamInvitesHandler.promises.createInvite( + ctx.manager._id, + ctx.subscription, + 'John.Snow@example.com', + auditLog + ) + + sinon.assert.calledWith( + ctx.Modules.promises.hooks.fire, + 'addGroupAuditLogEntry', + sinon.match({ + initiatorId: auditLog.initiatorId, + ipAddress: auditLog.ipAddress, + groupId: ctx.subscription._id, + operation: 'group-invite-sent', + info: { invitedEmail: 'john.snow@example.com' }, + }) + ) + }) + + it('does not create an audit log entry for non-managed subscription', async function (ctx) { + ctx.subscription.managedUsersEnabled = false + + const auditLog = { + initiatorId: ctx.manager._id, + ipAddress: '192.0.2.1', + } + + await ctx.TeamInvitesHandler.promises.createInvite( + ctx.manager._id, + ctx.subscription, + 'John.Snow@example.com', + auditLog + ) + + sinon.assert.neverCalledWith( + ctx.Modules.promises.hooks.fire, + 'addGroupAuditLogEntry' + ) + }) }) describe('importInvite', function () {