feat(user): Show date of user creation

[kiblik]

I bumped into a situation when we were investigating when the user was created. I found it useful to add it to some of the views. Before it was only in the user's personal profile.
Now, it is in

• API response
• List of users
• It is useable for sorting
• User's profile (available by admins)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
AppSec Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	3 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request are focused on enhancing the user management and filtering functionality of the Defect Dojo application. The key changes include:

1. Addition of a new date_joined field to the UserSerializer class, which displays the date when a user was created. This is a common and reasonable addition to user metadata.
2. Updates to the view_user.html and users.html templates to display the "Date Joined" information for users. These changes do not introduce any obvious security concerns, as they are related to displaying user profile information.
3. Introduction of a comprehensive set of custom Django filters in the filters.py file. These filters provide advanced search and filtering capabilities for various models in the application, such as Findings, Engagements, Products, and more. The filters include features like related model filtering, tag-based filtering, and ordering capabilities.

While the changes do not directly introduce any security vulnerabilities, it is important to ensure that the application's access control mechanisms and permissions are properly implemented to prevent unauthorized access or modification of user data. Additionally, the filtering functionality should be thoroughly tested to ensure that it does not introduce any unintended security issues, such as exposing sensitive information or enabling malicious queries.

Files Changed:

1. dojo/api_v2/serializers.py: Added a new date_joined field to the UserSerializer class, which will display the date when the user was created.
2. dojo/templates/dojo/view_user.html: Added a new row to the "Default Information" table to display the "Date Joined" information for the user.
3. dojo/templates/dojo/users.html: Added a new column to the user table to display the "Date Joined" information for each user.
4. dojo/filters.py: Introduced a comprehensive set of custom Django filters for various models in the Defect Dojo application, providing advanced search and filtering capabilities.

Powered by DryRun Security

[mtesauro]

Approved