diff --git a/indexes.yaml b/indexes.yaml index e138f303..4a4035a4 100644 --- a/indexes.yaml +++ b/indexes.yaml @@ -105,15 +105,6 @@ indexes: key: expires: 1 -- collection: authlog - type: users # index applies to users database - index: - name: entry_by_group - sparse: true - key: - user: 1 - group: 1 - # Indexes for the filters collection - collection: filters diff --git a/lib/user-handler.js b/lib/user-handler.js index 760b2cb6..47ffc45b 100644 --- a/lib/user-handler.js +++ b/lib/user-handler.js @@ -143,7 +143,7 @@ class UserHandler { } if (!addressData) { - meta.address = address; + meta.username = address; meta.result = 'unknown'; return this.logAuthEvent(null, meta, () => callback(null, false)); } @@ -188,8 +188,6 @@ class UserHandler { if (userData.disabled) { // disabled users can not log in meta.result = 'disabled'; - - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => callback(null, false)); } @@ -237,7 +235,6 @@ class UserHandler { if (enabled2fa.length) { meta.require2fa = enabled2fa.length ? enabled2fa.join(',') : false; } - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => { let authResponse = { user: userData._id, @@ -266,7 +263,6 @@ class UserHandler { // only master password can be used for management tasks meta.result = 'fail'; meta.source = 'master'; - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => authFail(null, false)); } @@ -277,7 +273,6 @@ class UserHandler { // does not look like an application specific password meta.result = 'fail'; meta.source = 'master'; - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => authFail(null, false)); } @@ -300,7 +295,6 @@ class UserHandler { // user does not have app specific passwords set meta.result = 'fail'; meta.source = 'master'; - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => authFail(null, false)); } @@ -309,7 +303,6 @@ class UserHandler { if (pos >= asps.length) { meta.result = 'fail'; meta.source = 'master'; - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.source, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => authFail(null, false)); } @@ -332,14 +325,12 @@ class UserHandler { meta.result = 'fail'; meta.source = 'asp'; meta.asp = asp._id.toString(); - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.asp, 'scope', meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => authFail(new Error('Authentication failed. Invalid scope'))); } meta.result = 'success'; meta.source = 'asp'; meta.asp = asp._id.toString(); - meta.groupKey = ['authenticate', meta.protocol, meta.result, meta.asp, meta.ip].join(':'); return this.logAuthEvent(userData._id, meta, () => { this.redis.del(rlkey, () => false); authSuccess(null, { @@ -905,14 +896,8 @@ class UserHandler { err.message = 'Failed to generate QR code'; return callback(err); } - return this.logAuthEvent( - user, - { - action: 'new 2fa totp seed', - ip: data.ip - }, - () => callback(null, data_url) - ); + + callback(null, data_url); }); }); }); @@ -970,7 +955,7 @@ class UserHandler { return this.logAuthEvent( user, { - action: 'enable 2fa', + action: 'enable 2fa totp', result: 'fail', ip: data.ip }, @@ -1156,7 +1141,7 @@ class UserHandler { return this.logAuthEvent( user, { - action: '2fa totp', + action: 'check 2fa totp', ip: data.ip, result: verified ? 'success' : 'fail' }, @@ -1224,14 +1209,7 @@ class UserHandler { return callback(err); } - return this.logAuthEvent( - user, - { - action: 'new u2f session', - ip: data.ip - }, - () => callback(null, registrationRequest) - ); + callback(null, registrationRequest); }); }); } @@ -1469,16 +1447,7 @@ class UserHandler { if (!authRequest) { return callback(null, false); } - return this.logAuthEvent( - user, - { - action: '2fa start u2f', - ip: data.ip - }, - () => { - callback(null, authRequest); - } - ); + callback(null, authRequest); }); }); } @@ -1557,7 +1526,7 @@ class UserHandler { return this.logAuthEvent( user, { - action: '2fa u2f', + action: 'check 2fa u2f', ip: data.ip, result: verified ? 'success' : 'fail' }, @@ -1750,35 +1719,7 @@ class UserHandler { entry.expires = new Date(Date.now() + Math.abs(this.authlogExpireDays) * 24 * 3600 * 1000); } - if (!entry.groupKey) { - return this.users.collection('authlog').insertOne(entry, callback); - } - - entry.count = 1; - entry.groupKey = crypto - .createHash('sha1') - .update(entry.groupKey + ':' + Math.floor(Date.now() / (6 * 3600 * 1000))) - .digest('base64'); - entry.updated = entry.created; - this.users.collection('authlog').findOneAndUpdate({ - user, - groupKey: entry.groupKey - }, { - $inc: { count: 1 }, - $set: { - updated: entry.updated - } - }, (err, r) => { - if (err) { - return callback(err); - } - if (r && r.value) { - // an existing entry was updated - return callback(null, true); - } - // add new entry - this.users.collection('authlog').insertOne(entry, callback); - }); + return this.users.collection('authlog').insertOne(entry, callback); } logout(user, reason, callback) {