From 3f77a284cdb89e84bba62853f4a3c577251c4310 Mon Sep 17 00:00:00 2001
From: Ben Brooks <ben.brooks@couchbase.com>
Date: Mon, 22 Jul 2024 12:40:13 +0100
Subject: [PATCH] Correct handleAllDbs audit fields

---
 base/audit_events.go        |  4 +++-
 base/audit_events_fields.go |  1 +
 rest/api.go                 | 17 ++++++++++++-----
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/base/audit_events.go b/base/audit_events.go
index 83fcefd28e..689d109a74 100644
--- a/base/audit_events.go
+++ b/base/audit_events.go
@@ -431,8 +431,10 @@ var AuditEvents = events{
 	AuditIDDatabaseAllRead: {
 		Name:        "Read all databases",
 		Description: "All databases were viewed",
+		MandatoryFields: AuditFields{
+			AuditFieldDBNames: []string{"list", "of", "db", "names"},
+		},
 		mandatoryFieldGroups: []fieldGroup{
-			fieldGroupDatabase,
 			fieldGroupRequest,
 			// fieldGroupAuthenticated, // FIXME: CBG-3973,
 		},
diff --git a/base/audit_events_fields.go b/base/audit_events_fields.go
index a389af94da..5c7b05442b 100644
--- a/base/audit_events_fields.go
+++ b/base/audit_events_fields.go
@@ -33,6 +33,7 @@ const (
 	AuditEffectiveUserID = "effective_userid"
 	AuditFieldAuditScope = "audit_scope"
 	AuditFieldFileName   = "filename"
+	AuditFieldDBNames    = "db_names"
 
 	// AuditIDSyncGatewayStartup AuditID = 53260
 	AuditFieldSGVersion                      = "sg_version"
diff --git a/rest/api.go b/rest/api.go
index 13d6f0f9fe..338030f03c 100644
--- a/rest/api.go
+++ b/rest/api.go
@@ -80,12 +80,19 @@ func (h *handler) handlePing() error {
 }
 
 func (h *handler) handleAllDbs() error {
-	base.Audit(h.ctx(), base.AuditIDDatabaseAllRead, nil)
-	if h.getBoolQuery("verbose") {
-		h.writeJSON(h.server.allDatabaseSummaries())
-		return nil
+	verbose := h.getBoolQuery("verbose")
+	var dbNames []string
+	if verbose {
+		summaries := h.server.allDatabaseSummaries()
+		for _, summary := range summaries {
+			dbNames = append(dbNames, summary.DBName)
+		}
+		h.writeJSON(summaries)
+	} else {
+		dbNames = h.server.AllDatabaseNames()
+		h.writeJSON(dbNames)
 	}
-	h.writeJSON(h.server.AllDatabaseNames())
+	base.Audit(h.ctx(), base.AuditIDDatabaseAllRead, base.AuditFields{base.AuditFieldDBNames: dbNames, "verbose": verbose})
 	return nil
 }