Group submission access logs

[rgraber]

Checklist

1. If you've added code that should be tested, add tests
2. If you've changed APIs, update (or create!) the documentation
3. Ensure the tests pass
4. Make sure that your code lints and that you've followed our coding style
5. Write a title and, if necessary, a description of your work suitable for publishing in our release notes
6. Mention any related issues in this repository (as #ISSUE) and in other repositories (as kobotoolbox/other#ISSUE)
7. Open an issue in the docs if there are UI/UX changes

Description

Group submission access logs together to make it easier to view and understand large collections of access logs.

Notes

Model changes:

1. Adds a submission_group field to the AuditLog model, used for grouping submission logs together.
2. Adds 2 new proxy models based on AuditLogs: SubmissionAccessLog and SubmissionGroup. These proxy models are in charge of creating instances with the correct auth_type.
3. The SubmissionGroup proxy model is also responsible for returning only those access logs with the 'submission-group' auth type when queried. This was not necessary for the SubmissionAccessLog so was left off.
4. The SubmissionAccessLog also has a method for adding itself to an existing SubmissionGroup or creating a new one

Signal changes:
Adds 2 new signals.

1. SubmissionAccessLog: On saving a new SubmissionAccessLog, we look for the most recent submission group for the same user if it exists. If that submission group contains a log whose creation date is within a specified number of minutes of the creation time of the calling log, we add the calling log to the existing group. Otherwise, create a new one.
2. SubmissionGroups: On saving a new SubmissionGroup, we assign it to itself (ie set submission_group=self). This makes the grouping query easier.

Api changes:

1. Replaces the queryset for the AccessLog endpoints with one that uses fields and annotate to group access logs by the submission_group, which should only be set on SubmissionAccessLogs and SubmissionGroups. If there is no submission_group, it groups by the id instead, so all other logs are effectively grouped with themselves.

• In order to improve query performance, this also removes fields that will be the same on all AccessLogs (model_type,app_name,action,and log_type). Removing these fields means the grouping clause doesn't have to check their equality each time.

2. Adds a new serializer to deal with the new query, which returns dicts instead of AuditLogs.
3. Sets the default search field on the /all endpoint to be the username since that's the only really searchable field the requirements call for (besides date, which doesn't make sense for a text search)

Replaces #5080
Depends on #5092

[notion-workspace]

Group similar and consecutive authentication events

[noliveleger]

I think I would add a Constance settings for that. Superuser may want to customize this without redeploying a new release.

[noliveleger]

I would move them after SubmissionAccessLogManager .
G comes after A :-P

If it is because of the typing annotations in SubmissionAccessLog, let's wrap it in single quotes.

[noliveleger]

What about moving this in its own file in kpi/fields?

[noliveleger]

I guess it has already fixed in other PR, but just in case, as per our discussion, we should get rid of object_id.

[noliveleger]

I think this part is called each time a submission comes in.
I'll try to optimize as much as possible to avoid any bottlenecks. What do you thing about something like that?

1) Retrieve only fields we need
We only need pk and user_uid from latest_group

latest_group = (
        SubmissionGroup.objects.only('pk', 'user_uid').filter(user_uid=instance.user_uid)
        .order_by('-date_created')
        .first()
    )

I would rather use .values() instead (to avoid loading the object, just retrieve the values) but it would involve to refactor for add_to_existing_submission_group and latest_entry to use only submission_group_id below.

It won't be way faster, but at least, IMO, a little bit lighter on memory footprint.

[noliveleger]

Way above 88 :-P

[noliveleger]

When can this happen in a real scenario? Should not we raise an exception instead of just logging the error and continue?

[rgraber]

This should never happen in a real scenario. It's for future-proofing in case other code needs to use this method. I wasn't sure not adding to a group would be a big enough problem to raise an exception but I'm pretty ambivalent about it

[noliveleger]

Maybe we should assert it equals 0 before submission access log is created?

[noliveleger]

even if group_query.count() == 2, I think it could be great to validate new_group.id != old_group.id just in case.

[noliveleger]

Why did you remove the example?

[rgraber]

Accident from moving things around

[noliveleger]

While I was testing the logs with mockobo, (which uses /api/v1/submissions with auth-token). I have noticed that it only logs one event even if I called the endpoints 40 times in less than a minute.

[rgraber]

Converting back to draft while I work on a different implementation