Return user tracking mode to old values

DataDog · Feb 13, 2025 · 92007d7 · 92007d7
1 parent 3147d4d
commit 92007d7
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 8 deletions.
diff --git a/lib/datadog/appsec/contrib/devise/configuration.rb b/lib/datadog/appsec/contrib/devise/configuration.rb
@@ -25,14 +25,32 @@ def auto_user_instrumentation_mode
             end
 
             case Datadog.configuration.appsec.track_user_events.mode
-            when AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE
-              AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
-            when AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
-              AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
+            when Datadog::AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE
+              Datadog::AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
+            when Datadog::AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
+              Datadog::AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
             else
               Datadog.configuration.appsec.auto_user_instrumentation.mode
             end
           end
+
+          # NOTE: Remove in next version of tracking
+          def track_user_events_mode
+            unless Datadog.configuration.appsec.auto_user_instrumentation.options[:mode].default_precedence?
+              mode = case Datadog.configuration.appsec.auto_user_instrumentation.mode
+                     when Datadog::AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
+                       Datadog::AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
+                     when Datadog::AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
+                       Datadog::AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE
+                     else
+                       Datadog.configuration.appsec.track_user_events.mode
+                     end
+
+              return mode
+            end
+
+            Datadog.configuration.appsec.track_user_events.mode
+          end
         end
       end
     end

diff --git a/lib/datadog/appsec/contrib/devise/tracking.rb b/lib/datadog/appsec/contrib/devise/tracking.rb
@@ -40,7 +40,7 @@ def self.track(event, trace, span, **others)
             return if trace.nil? || span.nil?
 
             span.set_tag("appsec.events.#{event}.track", 'true')
-            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Configuration.auto_user_instrumentation_mode)
+            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Configuration.track_user_events_mode)
 
             others.each do |k, v|
               raise ArgumentError, 'key cannot be :track' if k.to_sym == :track

diff --git a/sig/datadog/appsec/contrib/devise/configuration.rb b/sig/datadog/appsec/contrib/devise/configuration.rb
diff --git a/sig/datadog/appsec/contrib/devise/configuration.rbs b/sig/datadog/appsec/contrib/devise/configuration.rbs
@@ -6,6 +6,8 @@ module Datadog
           def self?.auto_user_instrumentation_enabled?: () -> bool
 
           def self?.auto_user_instrumentation_mode: () -> ::String
+
+          def self?.track_user_events_mode_mode: () -> ::String
         end
       end
     end

diff --git a/spec/datadog/appsec/contrib/devise/configuration_spec.rb b/spec/datadog/appsec/contrib/devise/configuration_spec.rb
@@ -134,4 +134,36 @@
       it { expect(described_class.auto_user_instrumentation_mode).to eq('anonymization') }
     end
   end
+
+  describe '.track_user_events_mode' do
+    context 'when auto_user_instrumentation is explicitly set to ident and track_user_events is default' do
+      before do
+        settings.appsec.auto_user_instrumentation.mode = 'identification'
+        # NOTE: triggering default value
+        settings.appsec.track_user_events.mode
+      end
+
+      it { expect(described_class.track_user_events_mode).to eq('extended') }
+    end
+
+    context 'when auto_user_instrumentation is explicitly set to anon and track_user_events is default' do
+      before do
+        settings.appsec.auto_user_instrumentation.mode = 'anonymization'
+        # NOTE: triggering default value
+        settings.appsec.track_user_events.mode
+      end
+
+      it { expect(described_class.track_user_events_mode).to eq('safe') }
+    end
+
+    context 'when track_user_events is explicitly set and auto_user_instrumentation is default' do
+      before do
+        settings.appsec.track_user_events.mode = 'safe'
+        # NOTE: triggering default value
+        settings.appsec.auto_user_instrumentation.mode
+      end
+
+      it { expect(described_class.track_user_events_mode).to eq('safe') }
+    end
+  end
 end
diff --git a/spec/datadog/appsec/contrib/integration/devise_auto_login_signup_events_spec.rb b/spec/datadog/appsec/contrib/integration/devise_auto_login_signup_events_spec.rb
@@ -203,7 +203,7 @@ def index
         expect(http_service_entry_trace.sampling_priority).to eq(Datadog::Tracing::Sampling::Ext::Priority::USER_KEEP)
 
         expect(http_service_entry_span.tags['appsec.events.users.login.success.track']).to eq('true')
-        expect(http_service_entry_span.tags['_dd.appsec.events.users.login.success.auto.mode']).to eq('identification')
+        expect(http_service_entry_span.tags['_dd.appsec.events.users.login.success.auto.mode']).to eq('extended')
         expect(http_service_entry_span.tags['usr.id']).to eq('1')
 
         # NOTE: not implemented yet
@@ -223,7 +223,7 @@ def index
         expect(http_service_entry_trace.sampling_priority).to eq(Datadog::Tracing::Sampling::Ext::Priority::USER_KEEP)
 
         expect(http_service_entry_span.tags['appsec.events.users.login.failure.track']).to eq('true')
-        expect(http_service_entry_span.tags['_dd.appsec.events.users.login.failure.auto.mode']).to eq('identification')
+        expect(http_service_entry_span.tags['_dd.appsec.events.users.login.failure.auto.mode']).to eq('extended')
         expect(http_service_entry_span.tags['appsec.events.users.login.failure.usr.exists']).to eq('false')
 
         # NOTE: not implemented yet
@@ -255,7 +255,7 @@ def index
         expect(http_service_entry_trace.sampling_priority).to eq(Datadog::Tracing::Sampling::Ext::Priority::USER_KEEP)
 
         expect(http_service_entry_span.tags['appsec.events.users.signup.track']).to eq('true')
-        expect(http_service_entry_span.tags['_dd.appsec.events.users.signup.auto.mode']).to eq('identification')
+        expect(http_service_entry_span.tags['_dd.appsec.events.users.signup.auto.mode']).to eq('extended')
 
         # NOTE: not implemented yet
         # expect(http_service_entry_span.tags['appsec.events.users.signup.usr.login']).to eq('john.doe@example.com')
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,8 @@ module Datadog @@
               def self?.auto_user_instrumentation_enabled?: () -> bool
               def self?.auto_user_instrumentation_mode: () -> ::String
+              def self?.track_user_events_mode_mode: () -> ::String
             end
           end
         end
@@ Expand Down @@