Log form_organisation_id field

As forms no longer have an `organisation_id` property, we are unable to use this property in Splunk searches to filter logs by the organisation the form is in. Add `form_organisation_id` field to log the organisation ID. Only log after we have looked up the `current_form` for the request to ensure that we aren't making a request to forms API to look up the form where we were not previously. We would expect all requests containing a `form_id` in the path params to lookup the form when authorizing the request. Logging this field will cause a database lookup to find the `group_form` and associated organisation_id.
alphagov · Sep 30, 2024 · 194be1b · 194be1b
1 parent 6f484eb
commit 194be1b
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 21 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -89,6 +89,8 @@ def authenticate_user!
 
   def current_form
     @current_form ||= Form.find(params[:form_id])
+    CurrentLoggingAttributes.form_organisation_id = @current_form&.group&.organisation&.id if params[:form_id].present?
+    @current_form
   end
 
   def groups_enabled

diff --git a/app/models/current_logging_attributes.rb b/app/models/current_logging_attributes.rb
@@ -1,4 +1,4 @@
 class CurrentLoggingAttributes < ActiveSupport::CurrentAttributes
   attribute :host, :request_id, :session_id_hash, :trace_id, :user_ip, :user_id, :user_email, :user_organisation_slug,
-            :form_id, :page_id
+            :form_id, :form_organisation_id, :page_id
 end
diff --git a/spec/requests/application_controller_spec.rb b/spec/requests/application_controller_spec.rb
@@ -23,35 +23,85 @@
     before do
       # Intercept the request logs so we can do assertions on them
       allow(Lograge).to receive(:logger).and_return(logger)
-
-      get root_path, headers: {
-        "HTTP_X_AMZN_TRACE_ID": trace_id,
-        "X-Request-ID": request_id,
-      }
     end
 
-    it "includes the trace ID on log lines" do
-      expect(log_lines[0]["trace_id"]).to eq(trace_id)
-    end
+    context "when the request does not have a form_id parameter" do
+      before do
+        get root_path, headers: {
+          "HTTP_X_AMZN_TRACE_ID": trace_id,
+          "X-Request-ID": request_id,
+        }
+      end
 
-    it "includes the request_id on log lines" do
-      expect(log_lines[0]["request_id"]).to eq(request_id)
-    end
+      it "includes the trace ID on log lines" do
+        expect(log_lines[0]["trace_id"]).to eq(trace_id)
+      end
 
-    it "includes the host on log lines" do
-      expect(log_lines[0]["host"]).to eq("www.example.com")
-    end
+      it "includes the request_id on log lines" do
+        expect(log_lines[0]["request_id"]).to eq(request_id)
+      end
+
+      it "includes the host on log lines" do
+        expect(log_lines[0]["host"]).to eq("www.example.com")
+      end
+
+      it "includes the user_id on log lines" do
+        expect(log_lines[0]["user_id"]).to eq(standard_user.id)
+      end
+
+      it "includes the user_email on log lines" do
+        expect(log_lines[0]["user_email"]).to eq(standard_user.email)
+      end
 
-    it "includes the user_id on log lines" do
-      expect(log_lines[0]["user_id"]).to eq(standard_user.id)
+      it "includes the user_organisation_slug on log lines" do
+        expect(log_lines[0]["user_organisation_slug"]).to eq(standard_user.organisation.slug)
+      end
     end
 
-    it "includes the user_email on log lines" do
-      expect(log_lines[0]["user_email"]).to eq(standard_user.email)
+    context "when the request has a form_id parameter" do
+      before do
+        ActiveResource::HttpMock.respond_to do |mock|
+          mock.get "/api/v1/forms/#{form.id}", headers, form.to_json, 200
+        end
+      end
+
+      it "includes the form_id on log lines" do
+        get form_path(form.id)
+        expect(log_lines[0]["form_id"]).to eq(form.id.to_s)
+      end
+
+      context "when form is not in a group" do
+        it "does not include the form_organisation_id on log lines" do
+          get form_path(form.id)
+          expect(log_lines[0]["form_organisation_id"]).to be_nil
+        end
+      end
+
+      context "when form is in a group" do
+        let(:organisation) { create(:organisation) }
+        let(:group) { create(:group, id: 11, organisation:) }
+
+        before do
+          GroupForm.create!(form_id: form.id, group:)
+          get form_path(form.id)
+        end
+
+        it "includes the form_organisation_id on log lines" do
+          expect(log_lines[0]["form_organisation_id"]).to eq(organisation.id)
+        end
+      end
     end
 
-    it "includes the user_organisation_slug on log lines" do
-      expect(log_lines[0]["user_organisation_slug"]).to eq(standard_user.organisation.slug)
+    context "when the request has a page_id parameter" do
+      let(:page) { build :page, id: 33 }
+
+      before do
+        get edit_question_path(form.id, page.id)
+      end
+
+      it "includes the page_id on log lines" do
+        expect(log_lines[0]["page_id"]).to eq(page.id.to_s)
+      end
     end
   end