From da99238905a43b1d88e339f0591a0e9508587375 Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Wed, 14 Nov 2018 15:28:12 +0200 Subject: [PATCH] log user domain on auth --- lib/user-handler.js | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lib/user-handler.js b/lib/user-handler.js index 11742f3e..4da12042 100644 --- a/lib/user-handler.js +++ b/lib/user-handler.js @@ -362,6 +362,9 @@ class UserHandler { meta = {}; } + username = (username || '').toString(); + let userDomain = username.indexOf('@') >= 0 ? username.split('@').pop() : ''; + meta = meta || {}; meta.requiredScope = requiredScope; @@ -372,6 +375,7 @@ class UserHandler { _error: 'Empty password', _authfail: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -389,6 +393,7 @@ class UserHandler { _error_code: err.code, _authfail: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -403,6 +408,7 @@ class UserHandler { _authfail: 'yes', _rate_limit: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -417,6 +423,7 @@ class UserHandler { _authfail: 'yes', _unknown: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -434,6 +441,7 @@ class UserHandler { projection: { _id: true, username: true, + address: true, tempPassword: true, password: true, enabled2fa: true, @@ -452,6 +460,7 @@ class UserHandler { _error_code: err.code, _authfail: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -471,6 +480,7 @@ class UserHandler { _error_code: err.code, _authfail: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -484,6 +494,7 @@ class UserHandler { _authfail: 'yes', _rate_limit: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -496,6 +507,7 @@ class UserHandler { _authfail: 'yes', _unknown: 'yes', _username: username, + _domain: userDomain, _scope: requiredScope, _ip: meta.ip }); @@ -503,6 +515,9 @@ class UserHandler { }); } + // make sure we use the primary domain if available + userDomain = (userData.address || '').split('@').pop() || userDomain; + // check if there are not too many auth attempts for that user this.rateLimitUser(userData._id, meta, 0, (err, res) => { if (err) { @@ -514,6 +529,7 @@ class UserHandler { _error_code: err.code, _authfail: 'yes', _username: username, + _domain: userDomain, _user: userData._id, _scope: requiredScope, _ip: meta.ip @@ -528,6 +544,7 @@ class UserHandler { _rate_limit: 'yes', _authfail: 'yes', _username: username, + _domain: userDomain, _user: userData._id, _scope: requiredScope, _ip: meta.ip @@ -545,6 +562,7 @@ class UserHandler { _disabled: 'yes', _authfail: 'yes', _username: username, + _domain: userDomain, _user: userData._id, _scope: requiredScope, _ip: meta.ip @@ -569,6 +587,7 @@ class UserHandler { short_message: '[AUTHOK] ' + username, _authenticated: 'yes', _username: username, + _domain: userDomain, _user: userData._id, _scope: requiredScope, _ip: meta.ip @@ -585,6 +604,7 @@ class UserHandler { _error_code: err.code, _authfail: 'yes', _username: username, + _domain: userDomain, _user: userData._id, _scope: requiredScope, _ip: meta.ip