feat: log login/logout events to event log with auth source
This commit is contained in:
@@ -589,6 +589,7 @@ async def start(
|
|||||||
if user is None:
|
if user is None:
|
||||||
return web.json_response({"error": "Invalid credentials"}, status=401)
|
return web.json_response({"error": "Invalid credentials"}, status=401)
|
||||||
token = users_mod.create_session(username)
|
token = users_mod.create_session(username)
|
||||||
|
eventlog("hbd", "INFO", f"Login: {username} via api")
|
||||||
resp = web.json_response({"token": token, "username": username})
|
resp = web.json_response({"token": token, "username": username})
|
||||||
resp.set_cookie(
|
resp.set_cookie(
|
||||||
SESSION_COOKIE,
|
SESSION_COOKIE,
|
||||||
@@ -612,6 +613,7 @@ async def start(
|
|||||||
user = users_mod.authenticate(username, password)
|
user = users_mod.authenticate(username, password)
|
||||||
if user:
|
if user:
|
||||||
token = users_mod.create_session(username)
|
token = users_mod.create_session(username)
|
||||||
|
eventlog("hbd", "INFO", f"Login: {username} via password")
|
||||||
redirect_to = request.rel_url.query.get("next", "/")
|
redirect_to = request.rel_url.query.get("next", "/")
|
||||||
resp = web.HTTPFound(redirect_to)
|
resp = web.HTTPFound(redirect_to)
|
||||||
resp.set_cookie(
|
resp.set_cookie(
|
||||||
@@ -685,7 +687,10 @@ async def start(
|
|||||||
async def web_logout(request):
|
async def web_logout(request):
|
||||||
"""GET /logout — clear session cookie and redirect to /login."""
|
"""GET /logout — clear session cookie and redirect to /login."""
|
||||||
token = request.cookies.get(SESSION_COOKIE, "")
|
token = request.cookies.get(SESSION_COOKIE, "")
|
||||||
|
_user = users_mod.get_session_user(token)
|
||||||
users_mod.delete_session(token)
|
users_mod.delete_session(token)
|
||||||
|
if _user:
|
||||||
|
eventlog("hbd", "INFO", f"Logout: {_user.username}")
|
||||||
resp = web.HTTPFound("/login")
|
resp = web.HTTPFound("/login")
|
||||||
resp.del_cookie(SESSION_COOKIE)
|
resp.del_cookie(SESSION_COOKIE)
|
||||||
raise resp
|
raise resp
|
||||||
@@ -693,7 +698,10 @@ async def start(
|
|||||||
async def api_logout(request):
|
async def api_logout(request):
|
||||||
"""POST /api/0/auth/logout"""
|
"""POST /api/0/auth/logout"""
|
||||||
token = _get_token(request)
|
token = _get_token(request)
|
||||||
|
_user = users_mod.get_session_user(token)
|
||||||
users_mod.delete_session(token)
|
users_mod.delete_session(token)
|
||||||
|
if _user:
|
||||||
|
eventlog("hbd", "INFO", f"Logout: {_user.username}")
|
||||||
resp = web.json_response({"success": True})
|
resp = web.json_response({"success": True})
|
||||||
resp.del_cookie(SESSION_COOKIE)
|
resp.del_cookie(SESSION_COOKIE)
|
||||||
return resp
|
return resp
|
||||||
@@ -969,6 +977,7 @@ async def start(
|
|||||||
profile["avatar_url"],
|
profile["avatar_url"],
|
||||||
)
|
)
|
||||||
session_token = users_mod.create_session(user.username)
|
session_token = users_mod.create_session(user.username)
|
||||||
|
eventlog("hbd", "INFO", f"Login: {user.username} via {provider.type}")
|
||||||
resp = web.HTTPFound("/")
|
resp = web.HTTPFound("/")
|
||||||
resp.set_cookie(
|
resp.set_cookie(
|
||||||
SESSION_COOKIE,
|
SESSION_COOKIE,
|
||||||
|
|||||||
Reference in New Issue
Block a user