Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
id
auth
Commits
0932991a
Commit
0932991a
authored
Oct 27, 2018
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Enable logging of user logins to usermetadb
parent
58623036
Pipeline
#1408
passed with stages
in 1 minute and 24 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
72 additions
and
0 deletions
+72
-0
server/authserver.go
server/authserver.go
+15
-0
server/devices.go
server/devices.go
+5
-0
server/userlog.go
server/userlog.go
+52
-0
No files found.
server/authserver.go
View file @
0932991a
...
...
@@ -286,6 +286,8 @@ func (c *Config) compile() error {
}
}
// Enabling device tracking also enables user activity
// logging.
if
sc
.
EnableDeviceTracking
{
if
c
.
UserMetaDBConfig
==
nil
{
return
errors
.
New
(
"usermetadb config is missing"
)
...
...
@@ -295,6 +297,13 @@ func (c *Config) compile() error {
return
err
}
sc
.
filters
=
append
(
sc
.
filters
,
dt
)
// The logger conveniently comes last.
lf
,
err
:=
newUserActivityLogFilter
(
c
.
UserMetaDBConfig
)
if
err
!=
nil
{
return
err
}
sc
.
filters
=
append
(
sc
.
filters
,
lf
)
}
}
...
...
@@ -527,6 +536,12 @@ func (s *Server) authenticateUser(req *auth.Request, serviceConfig *ServiceConfi
// Process the response through filters (device info checks,
// etc) that may or may not change the response itself.
//
// TODO: it's unclear why we'd want to bail on errors, it
// makes it quite confusing for StatusInsufficientCredentials.
//
// Perhaps it would be easier to just run filters only on
// StatusOK?
for
_
,
f
:=
range
serviceConfig
.
filters
{
if
resp
.
Status
==
auth
.
StatusError
{
break
...
...
server/devices.go
View file @
0932991a
...
...
@@ -36,6 +36,11 @@ func (f *deviceFilter) Filter(user *User, req *auth.Request, resp *auth.Response
return
resp
}
// If the status is != OK, skip.
if
resp
.
Status
!=
auth
.
StatusOK
{
return
resp
}
// Check if the device is known already, in which case we're
// OK and don't need to do anything else.
ctx
,
cancel
:=
context
.
WithTimeout
(
context
.
Background
(),
usermetadbTimeout
)
...
...
server/userlog.go
0 → 100644
View file @
0932991a
package
server
import
(
"context"
"log"
"time"
"git.autistici.org/ai3/go-common/clientutil"
"git.autistici.org/id/auth"
"git.autistici.org/id/usermetadb"
"git.autistici.org/id/usermetadb/client"
)
type
addLogClient
interface
{
AddLog
(
context
.
Context
,
string
,
*
usermetadb
.
LogEntry
)
error
}
type
logFilter
struct
{
client
addLogClient
}
func
newUserActivityLogFilter
(
config
*
clientutil
.
BackendConfig
)
(
*
logFilter
,
error
)
{
c
,
err
:=
client
.
New
(
config
)
if
err
!=
nil
{
return
nil
,
err
}
return
&
logFilter
{
c
},
nil
}
func
(
f
*
logFilter
)
Filter
(
user
*
User
,
req
*
auth
.
Request
,
resp
*
auth
.
Response
)
*
auth
.
Response
{
if
resp
.
Status
!=
auth
.
StatusOK
{
return
resp
}
entry
:=
usermetadb
.
LogEntry
{
Timestamp
:
time
.
Now
(),
Username
:
user
.
Name
,
Type
:
usermetadb
.
LogTypeLogin
,
Message
:
"successful login"
,
Service
:
req
.
Service
,
LoginMethod
:
"web"
,
DeviceInfo
:
req
.
DeviceInfo
,
}
ctx
,
cancel
:=
context
.
WithTimeout
(
context
.
Background
(),
usermetadbTimeout
)
defer
cancel
()
if
err
:=
f
.
client
.
AddLog
(
ctx
,
user
.
Shard
,
&
entry
);
err
!=
nil
{
log
.
Printf
(
"usermetadb.AddLog error for %s: %v"
,
user
.
Name
,
err
)
}
return
resp
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment