Add activity log event description

crates/defguard_core/src/db/models/activity_log/metadata.rs

@@ -2,25 +2,41 @@ use chrono::NaiveDateTime;
 
 use crate::{
     db::{
-        Device, Group, Id, MFAMethod, User, WebAuthn, WebHook, WireguardNetwork,
+        Device, Group, Id, MFAMethod, Settings, User, WebAuthn, WebHook, WireguardNetwork,
         models::{
             authentication_key::{AuthenticationKey, AuthenticationKeyType},
             oauth2client::OAuth2Client,
+            settings::{OpenidUsernameHandling, SmtpEncryption},
         },
     },
-    enterprise::db::models::{
-        activity_log_stream::{ActivityLogStream, ActivityLogStreamType},
-        api_tokens::ApiToken,
-        openid_provider::{DirectorySyncTarget, DirectorySyncUserBehavior, OpenIdProvider},
+    enterprise::{
+        db::models::{
+            activity_log_stream::{ActivityLogStream, ActivityLogStreamType},
+            api_tokens::ApiToken,
+            openid_provider::{DirectorySyncTarget, DirectorySyncUserBehavior, OpenIdProvider},
+            snat::UserSnatBinding,
+        },
+        ldap::sync::SyncStatus,
     },
     events::ClientMFAMethod,
 };
 
+#[derive(Serialize)]
+pub struct LoginFailedMetadata {
+    pub message: String,
+}
+
 #[derive(Serialize)]
 pub struct MfaLoginMetadata {
     pub mfa_method: MFAMethod,
 }
 
+#[derive(Serialize)]
+pub struct MfaLoginFailedMetadata {
+    pub mfa_method: MFAMethod,
+    pub message: String,
+}
+
 #[derive(Serialize)]
 pub struct UserNoSecrets {
     pub id: Id,
@@ -163,6 +179,14 @@ pub struct VpnClientMfaMetadata {
     pub method: ClientMFAMethod,
 }
 
+#[derive(Serialize)]
+pub struct VpnClientMfaFailedMetadata {
+    pub location: WireguardNetwork<Id>,
+    pub device: Device<Id>,
+    pub method: ClientMFAMethod,
+    pub message: String,
+}
+
 #[derive(Serialize)]
 pub struct EnrollmentDeviceAddedMetadata {
     pub device: Device<Id>,
@@ -301,6 +325,130 @@ impl From<OpenIdProvider<Id>> for OpenIdProviderNoSecrets {
     }
 }
 
+#[derive(Serialize)]
+pub struct SettingsUpdateMetadata {
+    pub before: SettingsNoSecrets,
+    pub after: SettingsNoSecrets,
+}
+
+#[derive(Serialize)]
+pub struct SettingsNoSecrets {
+    // Modules
+    pub openid_enabled: bool,
+    pub wireguard_enabled: bool,
+    pub webhooks_enabled: bool,
+    pub worker_enabled: bool,
+    // MFA
+    pub challenge_template: String,
+    // Branding
+    pub instance_name: String,
+    pub main_logo_url: String,
+    pub nav_logo_url: String,
+    // SMTP
+    pub smtp_server: Option<String>,
+    pub smtp_port: Option<i32>,
+    pub smtp_encryption: SmtpEncryption,
+    pub smtp_user: Option<String>,
+    pub smtp_sender: Option<String>,
+    // Enrollment
+    pub enrollment_vpn_step_optional: bool,
+    pub enrollment_welcome_message: Option<String>,
+    pub enrollment_welcome_email: Option<String>,
+    pub enrollment_welcome_email_subject: Option<String>,
+    pub enrollment_use_welcome_message_as_email: bool,
+    // LDAP
+    pub ldap_url: Option<String>,
+    pub ldap_bind_username: Option<String>,
+    pub ldap_group_search_base: Option<String>,
+    pub ldap_user_search_base: Option<String>,
+    // The structural user class
+    pub ldap_user_obj_class: Option<String>,
+    // The structural group class
+    pub ldap_group_obj_class: Option<String>,
+    pub ldap_username_attr: Option<String>,
+    pub ldap_groupname_attr: Option<String>,
+    pub ldap_group_member_attr: Option<String>,
+    pub ldap_member_attr: Option<String>,
+    pub ldap_use_starttls: bool,
+    pub ldap_tls_verify_cert: bool,
+    pub ldap_sync_status: SyncStatus,
+    pub ldap_enabled: bool,
+    pub ldap_sync_enabled: bool,
+    pub ldap_is_authoritative: bool,
+    pub ldap_uses_ad: bool,
+    pub ldap_sync_interval: i32,
+    // Additional object classes for users which determine the added attributes
+    pub ldap_user_auxiliary_obj_classes: Vec<String>,
+    // The attribute which is used to map LDAP usernames to Defguard usernames
+    pub ldap_user_rdn_attr: Option<String>,
+    pub ldap_sync_groups: Vec<String>,
+    // Whether to create a new account when users try to log in with external OpenID
+    pub openid_create_account: bool,
+    pub openid_username_handling: OpenidUsernameHandling,
+    pub use_openid_for_mfa: bool,
+    pub license: Option<String>,
+    // Gateway disconnect notifications
+    pub gateway_disconnect_notifications_enabled: bool,
+    pub gateway_disconnect_notifications_inactivity_threshold: i32,
+    pub gateway_disconnect_notifications_reconnect_notification_enabled: bool,
+}
+
+impl From<Settings> for SettingsNoSecrets {
+    fn from(value: Settings) -> Self {
+        Self {
+            openid_enabled: value.openid_enabled,
+            wireguard_enabled: value.wireguard_enabled,
+            webhooks_enabled: value.webhooks_enabled,
+            worker_enabled: value.worker_enabled,
+            challenge_template: value.challenge_template,
+            instance_name: value.instance_name,
+            main_logo_url: value.main_logo_url,
+            nav_logo_url: value.nav_logo_url,
+            smtp_server: value.smtp_server,
+            smtp_port: value.smtp_port,
+            smtp_encryption: value.smtp_encryption,
+            smtp_user: value.smtp_user,
+            smtp_sender: value.smtp_sender,
+            enrollment_vpn_step_optional: value.enrollment_vpn_step_optional,
+            enrollment_welcome_message: value.enrollment_welcome_message,
+            enrollment_welcome_email: value.enrollment_welcome_email,
+            enrollment_welcome_email_subject: value.enrollment_welcome_email_subject,
+            enrollment_use_welcome_message_as_email: value.enrollment_use_welcome_message_as_email,
+            ldap_url: value.ldap_url,
+            ldap_bind_username: value.ldap_bind_username,
+            ldap_group_search_base: value.ldap_group_search_base,
+            ldap_user_search_base: value.ldap_user_search_base,
+            ldap_user_obj_class: value.ldap_user_obj_class,
+            ldap_group_obj_class: value.ldap_group_obj_class,
+            ldap_username_attr: value.ldap_username_attr,
+            ldap_groupname_attr: value.ldap_groupname_attr,
+            ldap_group_member_attr: value.ldap_group_member_attr,
+            ldap_member_attr: value.ldap_member_attr,
+            ldap_use_starttls: value.ldap_use_starttls,
+            ldap_tls_verify_cert: value.ldap_tls_verify_cert,
+            ldap_sync_status: value.ldap_sync_status,
+            ldap_enabled: value.ldap_enabled,
+            ldap_sync_enabled: value.ldap_sync_enabled,
+            ldap_is_authoritative: value.ldap_is_authoritative,
+            ldap_uses_ad: value.ldap_uses_ad,
+            ldap_sync_interval: value.ldap_sync_interval,
+            ldap_user_auxiliary_obj_classes: value.ldap_user_auxiliary_obj_classes,
+            ldap_user_rdn_attr: value.ldap_user_rdn_attr,
+            ldap_sync_groups: value.ldap_sync_groups,
+            openid_create_account: value.openid_create_account,
+            openid_username_handling: value.openid_username_handling,
+            use_openid_for_mfa: value.use_openid_for_mfa,
+            license: value.license,
+            gateway_disconnect_notifications_enabled: value
+                .gateway_disconnect_notifications_enabled,
+            gateway_disconnect_notifications_inactivity_threshold: value
+                .gateway_disconnect_notifications_inactivity_threshold,
+            gateway_disconnect_notifications_reconnect_notification_enabled: value
+                .gateway_disconnect_notifications_reconnect_notification_enabled,
+        }
+    }
+}
+
 #[derive(Serialize)]
 pub struct GroupsBulkAssignedMetadata {
     pub users: Vec<UserNoSecrets>,
@@ -384,7 +532,24 @@ pub struct PasswordResetMetadata {
     pub user: UserNoSecrets,
 }
 
+#[derive(Serialize)]
+pub struct UserMfaDisabledMetadata {
+    pub user: UserNoSecrets,
+}
+
 #[derive(Serialize)]
 pub struct ClientConfigurationTokenMetadata {
     pub user: UserNoSecrets,
 }
+#[derive(Serialize)]
+pub struct UserSnatBindingMetadata {
+    pub user: UserNoSecrets,
+    pub binding: UserSnatBinding<Id>,
+}
+
+#[derive(Serialize)]
+pub struct UserSnatBindingModifiedMetadata {
+    pub user: UserNoSecrets,
+    pub before: UserSnatBinding<Id>,
+    pub after: UserSnatBinding<Id>,
+}

crates/defguard_core/src/db/models/activity_log/mod.rs

@@ -34,6 +34,7 @@ pub enum EventType {
     UserLogout,
     // mfa management
     MfaDisabled,
+    UserMfaDisabled,
     MfaTotpDisabled,
     MfaTotpEnabled,
     MfaEmailDisabled,
@@ -109,6 +110,10 @@ pub enum EventType {
     AuthenticationKeyAdded,
     AuthenticationKeyRemoved,
     AuthenticationKeyRenamed,
+    // User SNAT bindings management
+    UserSnatBindingAdded,
+    UserSnatBindingRemoved,
+    UserSnatBindingModified,
 }
 
 #[derive(Model, FromRow, Serialize)]
@@ -124,5 +129,6 @@ pub struct ActivityLogEvent<I = NoId> {
     #[model(enum)]
     pub module: ActivityLogModule,
     pub device: String,
+    pub description: Option<String>,
     pub metadata: Option<serde_json::Value>,
 }

crates/defguard_core/src/db/models/authentication_key.rs

@@ -1,3 +1,5 @@
+use std::fmt::Display;
+
 use model_derive::Model;
 use sqlx::{Error as SqlxError, PgExecutor, Type, query_as};
 
@@ -11,16 +13,25 @@ pub enum AuthenticationKeyType {
     Gpg,
 }
 
-#[derive(Clone, Deserialize, Model, Serialize)]
+impl Display for AuthenticationKeyType {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            AuthenticationKeyType::Ssh => write!(f, "SSH"),
+            AuthenticationKeyType::Gpg => write!(f, "GPG"),
+        }
+    }
+}
+
+#[derive(Clone, Debug, Deserialize, Model, Serialize)]
 #[table(authentication_key)]
 pub struct AuthenticationKey<I = NoId> {
     pub(crate) id: I,
     pub(crate) yubikey_id: Option<i64>,
-    pub(crate) name: Option<String>,
+    pub name: Option<String>,
     pub(crate) user_id: Id,
     pub(crate) key: String,
     #[model(enum)]
-    pub(crate) key_type: AuthenticationKeyType,
+    pub key_type: AuthenticationKeyType,
 }
 
 impl AuthenticationKey {

crates/defguard_core/src/db/models/oauth2client.rs

@@ -7,7 +7,7 @@ use crate::{
     random::gen_alphanumeric,
 };
 
-#[derive(Clone, Deserialize, Model, Serialize)]
+#[derive(Clone, Debug, Deserialize, Model, Serialize)]
 pub struct OAuth2Client<I = NoId> {
     pub id: I,
     pub client_id: String, // unique