about summary refs log tree commit diff
path: root/app/controllers/auth
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2021-06-21 17:07:30 +0200
committerGitHub <noreply@github.com>2021-06-21 17:07:30 +0200
commitd174d12c831989bf1d5d3ca54d4f26d28c2c8925 (patch)
tree9a40d954c9983d6ecbef59c078079a5bd9b26dca /app/controllers/auth
parent946200b471685545878cec56e4959dd6b8d50ab8 (diff)
Add authentication history (#16408)
Diffstat (limited to 'app/controllers/auth')
-rw-r--r--app/controllers/auth/omniauth_callbacks_controller.rb9
-rw-r--r--app/controllers/auth/sessions_controller.rb44
2 files changed, 46 insertions, 7 deletions
diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb
index 682c77016..7925e23cb 100644
--- a/app/controllers/auth/omniauth_callbacks_controller.rb
+++ b/app/controllers/auth/omniauth_callbacks_controller.rb
@@ -10,6 +10,15 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
       @user = User.find_for_oauth(request.env['omniauth.auth'], current_user)
 
       if @user.persisted?
+        LoginActivity.create(
+          user: user,
+          success: true,
+          authentication_method: :omniauth,
+          provider: provider,
+          ip: request.remote_ip,
+          user_agent: request.user_agent
+        )
+
         sign_in_and_redirect @user, event: :authentication
         set_flash_message(:notice, :success, kind: provider_id.capitalize) if is_navigational_format?
       else
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index 13d158c67..9c73b39e2 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -25,9 +25,11 @@ class Auth::SessionsController < Devise::SessionsController
 
   def create
     super do |resource|
-      resource.update_sign_in!(request, new_sign_in: true)
-      remember_me(resource)
-      flash.delete(:notice)
+      # We only need to call this if this hasn't already been
+      # called from one of the two-factor or sign-in token
+      # authentication methods
+
+      on_authentication_success(resource, :password) unless @on_authentication_success_called
     end
   end
 
@@ -42,10 +44,8 @@ class Auth::SessionsController < Devise::SessionsController
   def webauthn_options
     user = find_user
 
-    if user.webauthn_enabled?
-      options_for_get = WebAuthn::Credential.options_for_get(
-        allow: user.webauthn_credentials.pluck(:external_id)
-      )
+    if user&.webauthn_enabled?
+      options_for_get = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id))
 
       session[:webauthn_challenge] = options_for_get.challenge
 
@@ -136,4 +136,34 @@ class Auth::SessionsController < Devise::SessionsController
     session.delete(:attempt_user_id)
     session.delete(:attempt_user_updated_at)
   end
+
+  def on_authentication_success(user, security_measure)
+    @on_authentication_success_called = true
+
+    clear_attempt_from_session
+
+    user.update_sign_in!(request, new_sign_in: true)
+    remember_me(user)
+    sign_in(user)
+    flash.delete(:notice)
+
+    LoginActivity.create(
+      user: user,
+      success: true,
+      authentication_method: security_measure,
+      ip: request.remote_ip,
+      user_agent: request.user_agent
+    )
+  end
+
+  def on_authentication_failure(user, security_measure, failure_reason)
+    LoginActivity.create(
+      user: user,
+      success: false,
+      authentication_method: security_measure,
+      failure_reason: failure_reason,
+      ip: request.remote_ip,
+      user_agent: request.user_agent
+    )
+  end
 end