Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
id
auth
Commits
0932991a
Commit
0932991a
authored
Oct 27, 2018
by
ale
Browse files
Enable logging of user logins to usermetadb
parent
58623036
Changes
3
Hide whitespace changes
Inline
Side-by-side
server/authserver.go
View file @
0932991a
...
...
@@ -286,6 +286,8 @@ func (c *Config) compile() error {
}
}
// Enabling device tracking also enables user activity
// logging.
if
sc
.
EnableDeviceTracking
{
if
c
.
UserMetaDBConfig
==
nil
{
return
errors
.
New
(
"usermetadb config is missing"
)
...
...
@@ -295,6 +297,13 @@ func (c *Config) compile() error {
return
err
}
sc
.
filters
=
append
(
sc
.
filters
,
dt
)
// The logger conveniently comes last.
lf
,
err
:=
newUserActivityLogFilter
(
c
.
UserMetaDBConfig
)
if
err
!=
nil
{
return
err
}
sc
.
filters
=
append
(
sc
.
filters
,
lf
)
}
}
...
...
@@ -527,6 +536,12 @@ func (s *Server) authenticateUser(req *auth.Request, serviceConfig *ServiceConfi
// Process the response through filters (device info checks,
// etc) that may or may not change the response itself.
//
// TODO: it's unclear why we'd want to bail on errors, it
// makes it quite confusing for StatusInsufficientCredentials.
//
// Perhaps it would be easier to just run filters only on
// StatusOK?
for
_
,
f
:=
range
serviceConfig
.
filters
{
if
resp
.
Status
==
auth
.
StatusError
{
break
...
...
server/devices.go
View file @
0932991a
...
...
@@ -36,6 +36,11 @@ func (f *deviceFilter) Filter(user *User, req *auth.Request, resp *auth.Response
return
resp
}
// If the status is != OK, skip.
if
resp
.
Status
!=
auth
.
StatusOK
{
return
resp
}
// Check if the device is known already, in which case we're
// OK and don't need to do anything else.
ctx
,
cancel
:=
context
.
WithTimeout
(
context
.
Background
(),
usermetadbTimeout
)
...
...
server/userlog.go
0 → 100644
View file @
0932991a
package
server
import
(
"context"
"log"
"time"
"git.autistici.org/ai3/go-common/clientutil"
"git.autistici.org/id/auth"
"git.autistici.org/id/usermetadb"
"git.autistici.org/id/usermetadb/client"
)
type
addLogClient
interface
{
AddLog
(
context
.
Context
,
string
,
*
usermetadb
.
LogEntry
)
error
}
type
logFilter
struct
{
client
addLogClient
}
func
newUserActivityLogFilter
(
config
*
clientutil
.
BackendConfig
)
(
*
logFilter
,
error
)
{
c
,
err
:=
client
.
New
(
config
)
if
err
!=
nil
{
return
nil
,
err
}
return
&
logFilter
{
c
},
nil
}
func
(
f
*
logFilter
)
Filter
(
user
*
User
,
req
*
auth
.
Request
,
resp
*
auth
.
Response
)
*
auth
.
Response
{
if
resp
.
Status
!=
auth
.
StatusOK
{
return
resp
}
entry
:=
usermetadb
.
LogEntry
{
Timestamp
:
time
.
Now
(),
Username
:
user
.
Name
,
Type
:
usermetadb
.
LogTypeLogin
,
Message
:
"successful login"
,
Service
:
req
.
Service
,
LoginMethod
:
"web"
,
DeviceInfo
:
req
.
DeviceInfo
,
}
ctx
,
cancel
:=
context
.
WithTimeout
(
context
.
Background
(),
usermetadbTimeout
)
defer
cancel
()
if
err
:=
f
.
client
.
AddLog
(
ctx
,
user
.
Shard
,
&
entry
);
err
!=
nil
{
log
.
Printf
(
"usermetadb.AddLog error for %s: %v"
,
user
.
Name
,
err
)
}
return
resp
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment