From 882e8285c44f76f14e6878eebd6e7b258e073ae5 Mon Sep 17 00:00:00 2001
From: Andrew Walker <awalker@ixsystems.com>
Date: Mon, 5 Aug 2024 12:34:05 -0700
Subject: [PATCH 1/2] Add auditing for 2fa configuration

Generate audit trail for changes related to two-factor authentication.
---
 src/middlewared/middlewared/plugins/account_/2fa.py | 9 +++++++--
 src/middlewared/middlewared/plugins/auth_/2fa.py    | 3 ++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/middlewared/middlewared/plugins/account_/2fa.py b/src/middlewared/middlewared/plugins/account_/2fa.py
index 19292866fb6eb..48d1c2559f7d2 100644
--- a/src/middlewared/middlewared/plugins/account_/2fa.py
+++ b/src/middlewared/middlewared/plugins/account_/2fa.py
@@ -102,7 +102,7 @@ async def translate_username(self, username):
 
         return await self.middleware.call('user.query', [['username', '=', user['pw_name']]], {'get': True})
 
-    @accepts(Str('username'))
+    @accepts(Str('username'), audit='Unset two-factor authentication secret:', audit_extended=lambda username: username)
     @returns()
     async def unset_2fa_secret(self, username):
         """
@@ -132,7 +132,12 @@ async def unset_2fa_secret(self, username):
         )
 
     @no_authz_required
-    @api_method(UserRenew2faSecretArgs, UserRenew2faSecretResult)
+    @api_method(
+        UserRenew2faSecretArgs,
+        UserRenew2faSecretResult,
+        audit='Renew two-factor authentication secret:',
+        audit_extended=lambda username,options: username
+    )
     @pass_app()
     async def renew_2fa_secret(self, app, username, twofactor_options):
         """
diff --git a/src/middlewared/middlewared/plugins/auth_/2fa.py b/src/middlewared/middlewared/plugins/auth_/2fa.py
index 56125562eb3ef..ded6eb11155ec 100644
--- a/src/middlewared/middlewared/plugins/auth_/2fa.py
+++ b/src/middlewared/middlewared/plugins/auth_/2fa.py
@@ -62,7 +62,8 @@ async def two_factor_extend(self, data):
             'auth_twofactor_entry', 'auth_twofactor_update',
             ('rm', {'name': 'id'}),
             ('attr', {'update': True}),
-        )
+        ),
+        audit='Update two-factor authentication service configuration'
     )
     async def do_update(self, data):
         """

From b59441ff16865e00f0f850a5f965d50df1559dab Mon Sep 17 00:00:00 2001
From: Andrew Walker <awalker@ixsystems.com>
Date: Tue, 6 Aug 2024 04:37:00 -0700
Subject: [PATCH 2/2] Add space

---
 src/middlewared/middlewared/plugins/account_/2fa.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middlewared/middlewared/plugins/account_/2fa.py b/src/middlewared/middlewared/plugins/account_/2fa.py
index 48d1c2559f7d2..8c1bea08f8240 100644
--- a/src/middlewared/middlewared/plugins/account_/2fa.py
+++ b/src/middlewared/middlewared/plugins/account_/2fa.py
@@ -136,7 +136,7 @@ async def unset_2fa_secret(self, username):
         UserRenew2faSecretArgs,
         UserRenew2faSecretResult,
         audit='Renew two-factor authentication secret:',
-        audit_extended=lambda username,options: username
+        audit_extended=lambda username, options: username
     )
     @pass_app()
     async def renew_2fa_secret(self, app, username, twofactor_options):