Skip to content

Commit 63192fa

Browse files
author
Kristan Kenney
committed
Merge branch 'feature/user-auth-log' into feature/user-roles
2 parents f3cb067 + a58c040 commit 63192fa

File tree

10 files changed

+151
-95
lines changed

10 files changed

+151
-95
lines changed

bin/v-list-user-auth-log

Lines changed: 44 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -23,19 +23,23 @@ json_list() {
2323
objects=$(echo "$logs" |wc -l)
2424
echo "{"
2525
for str in $logs; do
26-
IP=$(echo "$str" |cut -f 2 -d \')
27-
FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
28-
STATUS=$(echo "$str" |cut -f 6 -d \')
29-
DATE=$(echo "$str" |cut -f 8 -d \')
30-
TIME=$(echo "$str" |cut -f 10 -d \')
31-
ACTIVE=$(echo "$str" |cut -f 12 -d \')
26+
DATE=$(echo "$str" |cut -f 2 -d \')
27+
TIME=$(echo "$str" |cut -f 4 -d \')
28+
IP=$(echo "$str" |cut -f 6 -d \')
29+
ACTION=$(echo "$str" |cut -f 8 -d \')
30+
STATUS=$(echo "$str" |cut -f 10 -d \')
31+
USER_AGENT=$(echo "$str" |cut -f 12 -d \')
32+
SESSION=$(echo "$str" |cut -f 14 -d \')
33+
ACTIVE=$(echo "$str" |cut -f 16 -d \')
3234
echo -n ' "'$i'": {
33-
"IP": "'$IP'",
34-
"FINGERPRINT": "'$FINGERPRINT'",
35-
"TIME": "'$TIME'",
3635
"DATE": "'$DATE'",
37-
"ACTIVE": "'$ACTIVE'",
38-
"STATUS": "'$STATUS'"
36+
"TIME": "'$TIME'",
37+
"IP": "'$IP'",
38+
"ACTION": "'$ACTION'",
39+
"STATUS": "'$STATUS'",
40+
"USER_AGENT": "'$USER_AGENT'",
41+
"SESSION": "'$SESSION'",
42+
"ACTIVE": "'$ACTIVE'"
3943
}'
4044
if [ "$i" -lt "$objects" ]; then
4145
echo ','
@@ -49,45 +53,51 @@ json_list() {
4953

5054
shell_list() {
5155
IFS=$'\n'
52-
echo "DATE~TIME~IP~FINGERPRINT~ACTIVE~STATUS"
56+
echo "DATE~TIME~IP~SESSION~ACTIVE~STATUS"
5357
echo "----~----~--~-----------~------"
5458
for str in $logs; do
55-
IP=$(echo "$str" |cut -f 2 -d \')
56-
FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
57-
STATUS=$(echo "$str" |cut -f 6 -d \')
58-
DATE=$(echo "$str" |cut -f 8 -d \')
59-
TIME=$(echo "$str" |cut -f 10 -d \')
60-
ACTIVE=$(echo "$str" |cut -f 12 -d \')
61-
echo "$DATE~$TIME~$IP~$FINGERPRINT~$ACTIVE~$STATUS"
59+
DATE=$(echo "$str" |cut -f 2 -d \')
60+
TIME=$(echo "$str" |cut -f 4 -d \')
61+
IP=$(echo "$str" |cut -f 6 -d \')
62+
ACTION=$(echo "$str" |cut -f 8 -d \')
63+
STATUS=$(echo "$str" |cut -f 10 -d \')
64+
USER_AGENT=$(echo "$str" |cut -f 12 -d \')
65+
SESSION=$(echo "$str" |cut -f 14 -d \')
66+
ACTIVE=$(echo "$str" |cut -f 16 -d \')
67+
echo "$DATE~$TIME~$IP~$ACTION~$STATUS~$USER_AGENT~$SESSION~$ACTIVE"
6268
done
6369
}
6470

6571
# PLAIN list function
6672
plain_list() {
6773
IFS=$'\n'
6874
for str in $logs; do
69-
IP=$(echo "$str" |cut -f 2 -d \')
70-
FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
71-
STATUS=$(echo "$str" |cut -f 6 -d \')
72-
DATE=$(echo "$str" |cut -f 8 -d \')
73-
TIME=$(echo "$str" |cut -f 10 -d \')
74-
ACTIVE=$(echo "$str" |cut -f 12 -d \')
75-
echo -e "$DATE\t$TIME\t$IP\t$FINGERPRINT\t$ACTIVE\t$STATUS"
75+
DATE=$(echo "$str" |cut -f 2 -d \')
76+
TIME=$(echo "$str" |cut -f 4 -d \')
77+
IP=$(echo "$str" |cut -f 6 -d \')
78+
ACTION=$(echo "$str" |cut -f 8 -d \')
79+
STATUS=$(echo "$str" |cut -f 10 -d \')
80+
USER_AGENT=$(echo "$str" |cut -f 12 -d \')
81+
SESSION=$(echo "$str" |cut -f 14 -d \')
82+
ACTIVE=$(echo "$str" |cut -f 16 -d \')
83+
echo -e "$DATE\t$TIME\t$IP\t$ACTION\t$STATUS\t$USER_AGENT\t$SESSION\t$ACTIVE"
7684
done
7785
}
7886

7987
# CSV list function
8088
csv_list() {
8189
IFS=$'\n'
82-
echo "DATE,TIME,IP,FINGERPRINT,ACTIVE,STATUS"
90+
echo "DATE,TIME,IP,ACTION,STATUS,USER_AGENT,SESSION,ACTIVE"
8391
for str in $logs; do
84-
IP=$(echo "$str" |cut -f 2 -d \')
85-
FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
86-
STATUS=$(echo "$str" |cut -f 6 -d \')
87-
DATE=$(echo "$str" |cut -f 8 -d \')
88-
TIME=$(echo "$str" |cut -f 10 -d \')
89-
ACTIVE=$(echo "$str" |cut -f 12 -d \')
90-
echo "$DATE,$TIME,$IP,$FINGERPRINT,$ACTIVE,$STATUS"
92+
DATE=$(echo "$str" |cut -f 2 -d \')
93+
TIME=$(echo "$str" |cut -f 4 -d \')
94+
IP=$(echo "$str" |cut -f 6 -d \')
95+
ACTION=$(echo "$str" |cut -f 8 -d \')
96+
STATUS=$(echo "$str" |cut -f 10 -d \')
97+
USER_AGENT=$(echo "$str" |cut -f 12 -d \')
98+
SESSION=$(echo "$str" |cut -f 14 -d \')
99+
ACTIVE=$(echo "$str" |cut -f 16 -d \')
100+
echo "$DATE,$TIME,$IP,$ACTION,$STATUS,$USER_AGENT,$SESSION,$ACTIVE"
91101

92102
done
93103
}

bin/v-log-user-login

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,11 @@
66
user=$1
77
ip=$2
88
status=$3
9-
fingerprint=${4}
9+
session_id=$4
10+
user_agent=$5
1011

1112
active="yes"
12-
if [ $status = "failed" ]; then
13+
if [ "$status" = "failed" ]; then
1314
active="no"
1415
fi
1516

@@ -21,7 +22,7 @@ source $HESTIA/conf/hestia.conf
2122
# Verifications #
2223
#----------------------------------------------------------#
2324

24-
check_args '2' "$#" 'USER IP [FINGERPRINT]'
25+
check_args '2' "$#" 'USER IP SESSION_ID USER_AGENT'
2526
is_format_valid 'user' 'ip'
2627
is_object_valid 'user' 'USER' "$user"
2728

@@ -31,16 +32,14 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ )
3132
date=$(echo "$time_n_date" |cut -f 2 -d \ )
3233

3334
if [ ! -f $USER_DATA/auth.log ]; then
34-
touch $USER_DATA/auth.log
35+
touch $USER_DATA/auth.log
3536
fi
3637

3738
#----------------------------------------------------------#
3839
# Action #
3940
#----------------------------------------------------------#
4041

41-
awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME {$5=ACTIVE}1' $USER_DATA/auth.log
42-
43-
echo "IP='$ip' FINGERPRINT='$fingerprint' STATUS='$status' DATE='$date' TIME='$time' ACTIVE='$active'" >> $USER_DATA/auth.log
42+
echo "DATE='$date' TIME='$time' IP='$ip' ACTION='login' STATUS='$status' USER_AGENT='$user_agent' SESSION='$session_id' ACTIVE='$active'" >> $USER_DATA/auth.log
4443

4544
#----------------------------------------------------------#
4645
# Hestia #

bin/v-log-user-logout

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
# Argument definition
66
user=$1
7-
fingerprint=$2
7+
session_id=$2
88

99
# Includes
1010
source $HESTIA/func/main.sh
@@ -14,19 +14,19 @@ source $HESTIA/conf/hestia.conf
1414
# Verifications #
1515
#----------------------------------------------------------#
1616

17-
check_args '2' "$#" 'USER FINGERPRINT'
17+
check_args '2' "$#" 'USER SESSION_ID'
1818
is_format_valid 'user'
1919
is_object_valid 'user' 'USER' "$user"
2020

2121
if [ ! -f $USER_DATA/auth.log ]; then
22-
touch $USER_DATA/auth.log
22+
touch $USER_DATA/auth.log
2323
fi
2424

2525
#----------------------------------------------------------#
2626
# Action #
2727
#----------------------------------------------------------#
2828

29-
awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME {$5=active}1' $USER_DATA/auth.log
29+
sed -i "s/SESSION='$session_id' ACTIVE='yes'/SESSION='$session_id' ACTIVE='no'/g" $USER_DATA/auth.log
3030

3131
#----------------------------------------------------------#
3232
# Hestia #

web/delete/log/auth/index.php

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@
1313
// Clear log
1414
$v_username = escapeshellarg($user);
1515
exec (HESTIA_CMD."v-delete-user-auth-log ".$v_username, $output, $return_var);
16-
//check_return_code($return_var,$output);
17-
//unset($output);
16+
check_return_code($return_var,$output);
17+
unset($output);
1818

1919

2020
$ip = $_SERVER['REMOTE_ADDR'];
@@ -24,21 +24,21 @@
2424
}
2525
}
2626
$v_ip = escapeshellarg($ip);
27+
$user_agent = $_SERVER['HTTP_USER_AGENT'];
28+
$v_user_agent = escapeshellarg($user_agent);
2729

28-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
29-
exec(HESTIA_CMD."v-log-user-login ".$v_username." ".$v_ip." success ".$v_murmur, $output, $return_var);
30+
$v_session_id = escapeshellarg($_SESSION['token']);
3031

31-
// Render page
32-
//render_page($user, $TAB, 'list_auth');
32+
// Add current user session back to log unless impersonating another user
33+
if (!isset($_SESSION['look'])) {
34+
exec(HESTIA_CMD."v-log-user-login ".$v_username." ".$v_ip." success ".$v_session_id." ".$v_user_agent, $output, $return_var);
35+
}
3336

3437
// Flush session messages
3538
unset($_SESSION['error_msg']);
3639
unset($_SESSION['ok_msg']);
3740

38-
if (($_SESSION['userContext'] === 'admin') && (isset($_SESSION['look']))) {
39-
header("Location: /list/log/auth/?user=".$_SESSION['look']);
40-
} else {
41-
header("Location: /list/log/auth/?user=".$_SESSION['user']);
42-
}
41+
// Return to authentication history
42+
header("Location: /list/log/auth/");
4343

4444
exit;

web/inc/main.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@
3939
// Checking user to use session from the same IP he has been logged in
4040
if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){
4141
$v_user = escapeshellarg($_SESSION['user']);
42-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
43-
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
42+
$v_session_id = escapeshellarg($_SESSION['token']);
43+
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_session_id, $output, $return_var);
4444
session_destroy();
4545
session_start();
4646
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
@@ -80,8 +80,8 @@
8080
header("Location: /login/");
8181
} else if ($_SESSION['INACTIVE_SESSION_TIMEOUT'] * 60 + $_SESSION['LAST_ACTIVITY'] < time()) {
8282
$v_user = escapeshellarg($_SESSION['user']);
83-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
84-
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
83+
$v_session_id = escapeshellarg($_SESSION['token']);
84+
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_session_id, $output, $return_var);
8585
session_destroy();
8686
header("Location: /login/");
8787
} else {

web/login/index.php

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -92,12 +92,15 @@ function authenticate_user($user, $password, $twofa = ''){
9292
if(isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) {
9393
$v_user = escapeshellarg($user);
9494
$ip = $_SERVER['REMOTE_ADDR'];
95+
$user_agent = $_SERVER['HTTP_USER_AGENT'];
9596
if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
9697
if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
9798
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
9899
}
99100
}
100101
$v_ip = escapeshellarg($ip);
102+
$v_user_agent = escapeshellarg($user_agent);
103+
101104
// Get user's salt
102105
$output = '';
103106
exec (HESTIA_CMD."v-get-user-salt ".$v_user." ".$v_ip." json" , $output, $return_var);
@@ -137,8 +140,8 @@ function authenticate_user($user, $password, $twofa = ''){
137140
if ( $return_var > 0 ) {
138141
sleep(2);
139142
$error = "<a class=\"error\">"._('Invalid username or password')."</a>";
140-
$v_murmur = escapeshellarg($_POST['murmur']);
141-
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_murmur, $output, $return_var);
143+
$v_session_id = escapeshellarg($_POST['token']);
144+
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_session_id." ".$v_user_agent, $output, $return_var);
142145

143146
return $error;
144147
} else {
@@ -161,8 +164,8 @@ function authenticate_user($user, $password, $twofa = ''){
161164
$error = "<a class=\"error\">"._('Invalid or missing 2FA token')."</a>";
162165
$_SESSION['login']['username'] = $user;
163166
$_SESSION['login']['password'] = $password;
164-
$v_murmur = escapeshellarg($_POST['murmur']);
165-
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_murmur, $output, $return_var);
167+
$v_session_id = escapeshellarg($_POST['token']);
168+
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." failed ".$v_session_id." ".$v_user_agent, $output, $return_var);
166169
return $error;
167170
unset($_POST['twofa']);
168171
}
@@ -175,8 +178,8 @@ function authenticate_user($user, $password, $twofa = ''){
175178
$_SESSION['user'] = key($data);
176179
$v_user = $_SESSION['user'];
177180
//log successfull login attempt
178-
$v_murmur = escapeshellarg($_POST['murmur']);
179-
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." success ".$v_murmur, $output, $return_var);
181+
$v_session_id = escapeshellarg($_POST['token']);
182+
exec(HESTIA_CMD."v-log-user-login ".$v_user." ".$v_ip." success ".$v_session_id." ".$v_user_agent, $output, $return_var);
180183

181184
$_SESSION['LAST_ACTIVITY'] = time();
182185
$_SESSION['MURMUR'] = $_POST['murmur'];

web/logout/index.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,10 @@
1212
unset($_SESSION['_sf2_meta']);
1313
header("Location: /");
1414
} else {
15-
if($_SESSION['MURMUR'] && $_SESSION['user']){
15+
if($_SESSION['token'] && $_SESSION['user']){
1616
$v_user = escapeshellarg($_SESSION['user']);
17-
$v_murmur = escapeshellarg($_SESSION['MURMUR']);
18-
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_murmur, $output, $return_var);
17+
$v_session_id = escapeshellarg($_SESSION['token']);
18+
exec(HESTIA_CMD."v-log-user-logout ".$v_user." ".$v_session_id, $output, $return_var);
1919
}
2020

2121
session_destroy();

web/templates/admin/list_log_auth.html

Lines changed: 33 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,15 @@
55
</div>
66
<div class="l-unit-toolbar__buttonstrip float-right">
77
<a href="javascript:location.reload();" class="ui-button cancel" dir="ltr"><i class="fas fa-redo status-icon green"></i><?=_('Refresh')?></a>
8+
<div class="actions-panel display-inline-block" key-action="js">
9+
<a class="data-controls do_delete ui-button danger cancel">
10+
<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
11+
<input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />
12+
<div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
13+
<p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
14+
</div>
15+
</a>
16+
</div>
817
</div>
918
</div>
1019
</div>
@@ -14,13 +23,16 @@
1423
<div class="l-center units">
1524
<div class="header table-header">
1625
<div class="l-unit__col l-unit__col--right">
17-
<div class="clearfix l-unit__stat-col--left super-compact">
18-
&nbsp;
19-
</div>
20-
<div class="clearfix l-unit__stat-col--left small"><b><?php print _('Date');?></b></div>
21-
<div class="clearfix l-unit__stat-col--left"><b><?php print _('Time');?></b></div>
26+
<div class="clearfix l-unit__stat-col--left super-compact text-center">
27+
<b><?php print _('Active');?></b>
28+
</div>
29+
<div class="clearfix l-unit__stat-col--left compact text-center">
30+
<b><?php print _('Status');?></b>
31+
</div>
32+
<div class="clearfix l-unit__stat-col--left"><b><?php print _('Date');?></b></div>
33+
<div class="clearfix l-unit__stat-col--left compact"><b><?php print _('Time');?></b></div>
2234
<div class="clearfix l-unit__stat-col--left"><b><?php print _('IP address');?></b></div>
23-
<div class="clearfix l-unit__stat-col--left"><b><?php print _('Active');?></b></div>
35+
<div class="clearfix l-unit__stat-col--left wide-6"><b><?php print _('Browser');?></b></div>
2436
</div>
2537
</div>
2638
<?php
@@ -29,17 +41,26 @@
2941
?>
3042
<div class="l-unit header animated fadeIn">
3143
<div class="l-unit__col l-unit__col--right">
32-
<div class="clearfix l-unit__stat-col--left super-compact">
44+
<div class="clearfix l-unit__stat-col--left super-compact text-center">
45+
<? if ($data[$key]['ACTION'] == 'login') { ?>
46+
<? if ($data[$key]['ACTIVE'] === 'yes') {?>
47+
<i class="fas fa-sign-in-alt status-icon maroon icon-pad-right" title="<?=_('Login')?>"></i>
48+
<? } else {?>
49+
<i class="fas fa-sign-in-alt status-icon dim icon-pad-right" title="<?=_('Login')?>"></i>
50+
<? } ?>
51+
<? } ?>
52+
</div>
53+
<div class="clearfix l-unit__stat-col--left compact text-center">
3354
<? if ($data[$key]['STATUS'] == 'success') { ?>
34-
<i class="fas fa-check-circle status-icon green icon-pad-right"></i>
55+
<i class="fas fa-check-circle status-icon green icon-pad-right" title="<?=_('Success')?>"></i>
3556
<? } else {?>
36-
<i class="fas fa-minus-circle status-icon red icon-pad-right"></i>
57+
<i class="fas fa-minus-circle status-icon red icon-pad-right" title="<?=_('Failed')?>"></i>
3758
<? } ?>
3859
</div>
39-
<div class="clearfix l-unit__stat-col--left small"><b><?=translate_date($data[$key]['DATE'])?></b></div>
40-
<div class="clearfix l-unit__stat-col--left"><b><?=$data[$key]['TIME']?></b></div>
60+
<div class="clearfix l-unit__stat-col--left"><b><?=translate_date($data[$key]['DATE'])?></b></div>
61+
<div class="clearfix l-unit__stat-col--left compact"><b><?=$data[$key]['TIME']?></b></div>
4162
<div class="clearfix l-unit__stat-col--left"><?=$data[$key]['IP']?></div>
42-
<div class="clearfix l-unit__stat-col--left"><?=$data[$key]['ACTIVE']?></div>
63+
<div class="clearfix l-unit__stat-col--left wide-7"><?=$data[$key]['USER_AGENT']?></b></div>
4364
</div>
4465
</div>
4566
<?}?>

web/templates/login_1.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
<form method="post" action="/login/" id="form_login">
1212
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
1313
<input type="hidden" name="user" value="<?php echo $_POST['user']; ?>">
14-
<input type="hidden" name="murmur" value="<?php echo $_POST['murmur']; ?>" id="murmur">
14+
<input type="hidden" name="murmur" value="<?php echo $_SESSION['token']; ?>" id="murmur">
1515
<table class="login-box">
1616
<tr>
1717
<td style="padding: 12px 0 0 2px;" class="login-welcome">

0 commit comments

Comments
 (0)