diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2021-06-21 17:07:30 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-21 17:07:30 +0200 |
commit | d174d12c831989bf1d5d3ca54d4f26d28c2c8925 (patch) | |
tree | 9a40d954c9983d6ecbef59c078079a5bd9b26dca /app/controllers/auth | |
parent | 946200b471685545878cec56e4959dd6b8d50ab8 (diff) |
Add authentication history (#16408)
Diffstat (limited to 'app/controllers/auth')
-rw-r--r-- | app/controllers/auth/omniauth_callbacks_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 44 |
2 files changed, 46 insertions, 7 deletions
diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb index 682c77016..7925e23cb 100644 --- a/app/controllers/auth/omniauth_callbacks_controller.rb +++ b/app/controllers/auth/omniauth_callbacks_controller.rb @@ -10,6 +10,15 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController @user = User.find_for_oauth(request.env['omniauth.auth'], current_user) if @user.persisted? + LoginActivity.create( + user: user, + success: true, + authentication_method: :omniauth, + provider: provider, + ip: request.remote_ip, + user_agent: request.user_agent + ) + sign_in_and_redirect @user, event: :authentication set_flash_message(:notice, :success, kind: provider_id.capitalize) if is_navigational_format? else diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 13d158c67..9c73b39e2 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -25,9 +25,11 @@ class Auth::SessionsController < Devise::SessionsController def create super do |resource| - resource.update_sign_in!(request, new_sign_in: true) - remember_me(resource) - flash.delete(:notice) + # We only need to call this if this hasn't already been + # called from one of the two-factor or sign-in token + # authentication methods + + on_authentication_success(resource, :password) unless @on_authentication_success_called end end @@ -42,10 +44,8 @@ class Auth::SessionsController < Devise::SessionsController def webauthn_options user = find_user - if user.webauthn_enabled? - options_for_get = WebAuthn::Credential.options_for_get( - allow: user.webauthn_credentials.pluck(:external_id) - ) + if user&.webauthn_enabled? + options_for_get = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id)) session[:webauthn_challenge] = options_for_get.challenge @@ -136,4 +136,34 @@ class Auth::SessionsController < Devise::SessionsController session.delete(:attempt_user_id) session.delete(:attempt_user_updated_at) end + + def on_authentication_success(user, security_measure) + @on_authentication_success_called = true + + clear_attempt_from_session + + user.update_sign_in!(request, new_sign_in: true) + remember_me(user) + sign_in(user) + flash.delete(:notice) + + LoginActivity.create( + user: user, + success: true, + authentication_method: security_measure, + ip: request.remote_ip, + user_agent: request.user_agent + ) + end + + def on_authentication_failure(user, security_measure, failure_reason) + LoginActivity.create( + user: user, + success: false, + authentication_method: security_measure, + failure_reason: failure_reason, + ip: request.remote_ip, + user_agent: request.user_agent + ) + end end |