Commit 0932991a authored by ale's avatar ale

Enable logging of user logins to usermetadb

parent 58623036
Pipeline #1408 passed with stages
in 1 minute and 24 seconds
......@@ -286,6 +286,8 @@ func (c *Config) compile() error {
}
}
// Enabling device tracking also enables user activity
// logging.
if sc.EnableDeviceTracking {
if c.UserMetaDBConfig == nil {
return errors.New("usermetadb config is missing")
......@@ -295,6 +297,13 @@ func (c *Config) compile() error {
return err
}
sc.filters = append(sc.filters, dt)
// The logger conveniently comes last.
lf, err := newUserActivityLogFilter(c.UserMetaDBConfig)
if err != nil {
return err
}
sc.filters = append(sc.filters, lf)
}
}
......@@ -527,6 +536,12 @@ func (s *Server) authenticateUser(req *auth.Request, serviceConfig *ServiceConfi
// Process the response through filters (device info checks,
// etc) that may or may not change the response itself.
//
// TODO: it's unclear why we'd want to bail on errors, it
// makes it quite confusing for StatusInsufficientCredentials.
//
// Perhaps it would be easier to just run filters only on
// StatusOK?
for _, f := range serviceConfig.filters {
if resp.Status == auth.StatusError {
break
......
......@@ -36,6 +36,11 @@ func (f *deviceFilter) Filter(user *User, req *auth.Request, resp *auth.Response
return resp
}
// If the status is != OK, skip.
if resp.Status != auth.StatusOK {
return resp
}
// Check if the device is known already, in which case we're
// OK and don't need to do anything else.
ctx, cancel := context.WithTimeout(context.Background(), usermetadbTimeout)
......
package server
import (
"context"
"log"
"time"
"git.autistici.org/ai3/go-common/clientutil"
"git.autistici.org/id/auth"
"git.autistici.org/id/usermetadb"
"git.autistici.org/id/usermetadb/client"
)
type addLogClient interface {
AddLog(context.Context, string, *usermetadb.LogEntry) error
}
type logFilter struct {
client addLogClient
}
func newUserActivityLogFilter(config *clientutil.BackendConfig) (*logFilter, error) {
c, err := client.New(config)
if err != nil {
return nil, err
}
return &logFilter{c}, nil
}
func (f *logFilter) Filter(user *User, req *auth.Request, resp *auth.Response) *auth.Response {
if resp.Status != auth.StatusOK {
return resp
}
entry := usermetadb.LogEntry{
Timestamp: time.Now(),
Username: user.Name,
Type: usermetadb.LogTypeLogin,
Message: "successful login",
Service: req.Service,
LoginMethod: "web",
DeviceInfo: req.DeviceInfo,
}
ctx, cancel := context.WithTimeout(context.Background(), usermetadbTimeout)
defer cancel()
if err := f.client.AddLog(ctx, user.Shard, &entry); err != nil {
log.Printf("usermetadb.AddLog error for %s: %v", user.Name, err)
}
return resp
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment