Now putting SSO user login events in event log.

2024-08-15 19:50:44 +03:00 · 2022-03-15 15:03:58 -07:00 · 2022-03-15 15:03:58 -07:00 · f9c6d8194c
commit f9c6d8194c
parent 4252205b74
2 changed files with 16 additions and 1 deletions
--- a/views/default.handlebars
+++ b/views/default.handlebars
@ -15871,6 +15871,7 @@
                if (v == 'cookie') { return "Remember Device"; }
                if (v == 'tokenlogin') { return "Login Token"; }
                if (v == 'ipaddr') { return "IP Address"; }
+                if (v == 'sso') { return "Single Sign-on"; }
            }
            return EscapeHtml(v);
        }
--- a/webserver.js
+++ b/webserver.js
@ -2473,6 +2473,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF

                    req.session.userid = userid;
                    setSessionRandom(req);
+
+                    // Notify account login using SSO
+                    var targets = ['*', 'server-users', user._id];
+                    if (user.groups) { for (var i in user.groups) { targets.push('server-users:' + i); } }
+                    const ua = getUserAgentInfo(req);
+                    const loginEvent = { etype: 'user', userid: user._id, username: user.name, account: obj.CloneSafeUser(user), action: 'login', msgid: 107, msgArgs: [req.clientIp, ua.browserStr, ua.osStr], msg: 'Account login', domain: domain.id, ip: req.clientIp, userAgent: req.headers['user-agent'], twoFactorType: 'sso' };
+                    obj.parent.DispatchEvent(targets, obj, loginEvent);
                } else {
                    // New users not allowed
                    parent.debug('web', 'handleStrategyLogin: Can\'t create new accounts');
@ -2489,7 +2496,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                if (userChange) {
                    obj.db.SetUser(user);

-                    // Event user creation
+                    // Event user change
                    var targets = ['*', 'server-users'];
                    var event = { etype: 'user', userid: user._id, username: user.name, account: obj.CloneSafeUser(user), action: 'accountchange', msg: 'Account changed', domain: domain.id };
                    if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the user. Another event will come.
@ -2498,6 +2505,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                parent.debug('web', 'handleStrategyLogin: succesful login: ' + userid);
                req.session.userid = userid;
                setSessionRandom(req);
+
+                // Notify account login using SSO
+                var targets = ['*', 'server-users', user._id];
+                if (user.groups) { for (var i in user.groups) { targets.push('server-users:' + i); } }
+                const ua = getUserAgentInfo(req);
+                const loginEvent = { etype: 'user', userid: user._id, username: user.name, account: obj.CloneSafeUser(user), action: 'login', msgid: 107, msgArgs: [req.clientIp, ua.browserStr, ua.osStr], msg: 'Account login', domain: domain.id, ip: req.clientIp, userAgent: req.headers['user-agent'], twoFactorType: 'sso' };
+                obj.parent.DispatchEvent(targets, obj, loginEvent);
            }
        }
        //res.redirect(domain.url); // This does not handle cookie correctly.