nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2025-01-01 13:13:53 +08:00
Code Issues Projects Releases Packages Wiki Activity

Do not group auth events. Changed action names

Browse source
This commit is contained in:
Andris Reinman 2017-10-10 15:30:09 +03:00
parent 9c43fd0fc5
commit 2d2e6abaa0
2 changed files with 9 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
indexes.yaml
View file

@ -105,15 +105,6 @@ indexes:
key:
expires: 1
- collection: authlog
type: users # index applies to users database
index:
name: entry_by_group
sparse: true
key:
user: 1
group: 1
# Indexes for the filters collection
- collection: filters

77
lib/user-handler.js
View file

@ -143,7 +143,7 @@ class UserHandler {
}
if (!addressData) {
meta.address = address;
meta.username = address;
meta.result = 'unknown';
return this.logAuthEvent(null, meta, () => callback(null, false));
}
@ -188,8 +188,6 @@ class UserHandler {
if (userData.disabled) {
// disabled users can not log in
meta.result = 'disabled';
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => callback(null, false));
}
@ -237,7 +235,6 @@ class UserHandler {
if (enabled2fa.length) {
meta.require2fa = enabled2fa.length ? enabled2fa.join(',') : false;
}
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => {
let authResponse = {
user: userData._id,
@ -266,7 +263,6 @@ class UserHandler {
// only master password can be used for management tasks
meta.result = 'fail';
meta.source = 'master';
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => authFail(null, false));
}
@ -277,7 +273,6 @@ class UserHandler {
// does not look like an application specific password
meta.result = 'fail';
meta.source = 'master';
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => authFail(null, false));
}
@ -300,7 +295,6 @@ class UserHandler {
// user does not have app specific passwords set
meta.result = 'fail';
meta.source = 'master';
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => authFail(null, false));
}
@ -309,7 +303,6 @@ class UserHandler {
if (pos >= asps.length) {
meta.result = 'fail';
meta.source = 'master';
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => authFail(null, false));
}
@ -332,14 +325,12 @@ class UserHandler {
meta.result = 'fail';
meta.source = 'asp';
meta.asp = asp._id.toString();
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.asp, 'scope', meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => authFail(new Error('Authentication failed. Invalid scope')));
}
meta.result = 'success';
meta.source = 'asp';
meta.asp = asp._id.toString();
meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.asp, meta.ip].join(':');
return this.logAuthEvent(userData._id, meta, () => {
this.redis.del(rlkey, () => false);
authSuccess(null, {
@ -905,14 +896,8 @@ class UserHandler {
err.message = 'Failed to generate QR code';
return callback(err);
}
return this.logAuthEvent(
user,
{
action: 'new 2fa totp seed',
ip: data.ip
},
() => callback(null, data_url)
);
callback(null, data_url);
});
});
});
@ -970,7 +955,7 @@ class UserHandler {
return this.logAuthEvent(
user,
{
action: 'enable 2fa',
action: 'enable 2fa totp',
result: 'fail',
ip: data.ip
},
@ -1156,7 +1141,7 @@ class UserHandler {
return this.logAuthEvent(
user,
{
action: '2fa totp',
action: 'check 2fa totp',
ip: data.ip,
result: verified ? 'success' : 'fail'
},
@ -1224,14 +1209,7 @@ class UserHandler {
return callback(err);
}
return this.logAuthEvent(
user,
{
action: 'new u2f session',
ip: data.ip
},
() => callback(null, registrationRequest)
);
callback(null, registrationRequest);
});
});
}
@ -1469,16 +1447,7 @@ class UserHandler {
if (!authRequest) {
return callback(null, false);
}
return this.logAuthEvent(
user,
{
action: '2fa start u2f',
ip: data.ip
},
() => {
callback(null, authRequest);
}
);
callback(null, authRequest);
});
});
}
@ -1557,7 +1526,7 @@ class UserHandler {
return this.logAuthEvent(
user,
{
action: '2fa u2f',
action: 'check 2fa u2f',
ip: data.ip,
result: verified ? 'success' : 'fail'
},
@ -1750,35 +1719,7 @@ class UserHandler {
entry.expires = new Date(Date.now() + Math.abs(this.authlogExpireDays) * 24 * 3600 * 1000);
}
if (!entry.groupKey) {
return this.users.collection('authlog').insertOne(entry, callback);
}
entry.count = 1;
entry.groupKey = crypto
.createHash('sha1')
.update(entry.groupKey + ':' + Math.floor(Date.now() / (6 * 3600 * 1000)))
.digest('base64');
entry.updated = entry.created;
this.users.collection('authlog').findOneAndUpdate({
user,
groupKey: entry.groupKey
}, {
$inc: { count: 1 },
$set: {
updated: entry.updated
}
}, (err, r) => {
if (err) {
return callback(err);
}
if (r && r.value) {
// an existing entry was updated
return callback(null, true);
}
// add new entry
this.users.collection('authlog').insertOne(entry, callback);
});
return this.users.collection('authlog').insertOne(entry, callback);
}
logout(user, reason, callback) {