enigma-bbs/core/user_login.js

/* jslint node: true */
'use strict';

//  ENiGMA½
const setClientTheme = require('./theme.js').setClientTheme;
const clientConnections = require('./client_connections.js').clientConnections;
const StatLog = require('./stat_log.js');
const logger = require('./logger.js');
const Events = require('./events.js');
const Config = require('./config.js').get;
const { Errors, ErrorReasons } = require('./enig_error.js');
const UserProps = require('./user_property.js');
const SysProps = require('./system_property.js');
const SystemLogKeys = require('./system_log.js');
const User = require('./user.js');
const {
    getMessageConferenceByTag,
    getMessageAreaByTag,
    getSuitableMessageConfAndAreaTags,
} = require('./message_area.js');
const { getFileAreaByTag, getDefaultFileAreaTag } = require('./file_base_area.js');

//  deps
const async             = require('async');
const _                 = require('lodash');
const assert            = require('assert');
const moment            = require('moment');

exports.userLogin = userLogin;
exports.recordLogin = recordLogin;
exports.transformLoginError = transformLoginError;

function userLogin(client, username, password, options, cb) {
    if (!cb && _.isFunction(options)) {
        cb = options;
        options = {};
    }

    const config = Config();

    if(config.users.badUserNames.includes(username.toLowerCase())) {
        client.log.info( { username, ip : client.remoteAddress }, `Attempt to login with banned username "${username}"`);

        //  slow down a bit to thwart brute force attacks
        return setTimeout(() => {
            return cb(Errors.BadLogin('Disallowed username', ErrorReasons.NotAllowed));
        }, 2000);
    }

    const authInfo = {
        username,
        password,
    };

    authInfo.type = options.authType || User.AuthFactor1Types.Password;
    authInfo.pubKey = options.ctx;

    client.user.authenticateFactor1(authInfo, err => {
        if (err) {
            return cb(transformLoginError(err, client, username));
        }

        const user = client.user;

        //  Good login; reset any failed attempts
        delete client.sessionFailedLoginAttempts;

        //
        //  Ensure this user is not already logged in.
        //
        const existingClientConnection = clientConnections.find(cc => {
            return (
                user !== cc.user && //  not current connection
                user.userId === cc.user.userId
            ); //  ...but same user
        });

        if(existingClientConnection) {
            client.log.warn(
                {
                    existingNodeId: existingClientConnection.node,
                    username: user.username,
                    userId: user.userId,
                },
                `User "${user.username}" already logged in on node ${existingClientConnection.node}`
            );

            return cb(
                Errors.BadLogin(
                    `User ${user.username} already logged in.`,
                    ErrorReasons.AlreadyLoggedIn
                )
            );
        }

        //  update client logger with addition of username
        client.log = logger.log.child({
            nodeId: client.log.fields.nodeId,
            sessionId: client.log.fields.sessionId,
            username: user.username,
        });

        client.log.info(`User "${user.username}" successfully logged in`);

        //  User's unique session identifier is the same as the connection itself
        user.sessionId = client.session.uniqueId; //  convenience

        Events.emit(Events.getSystemEvents().UserLogin, { user });

        setClientTheme(client, user.properties[UserProps.ThemeId]);

        postLoginPrep(client, err => {
            if (err) {
                return cb(err);
            }

            if (user.authenticated) {
                return recordLogin(client, cb);
            }

            //  recordLogin() must happen after 2FA!
            return cb(null);
        });
    });
}

function postLoginPrep(client, cb) {
    async.series(
        [
            callback => {
                //
                //  User may (no longer) have read (view) rights to their current
                //  message, conferences and/or areas. Move them out if so.
                //
                const confTag = client.user.getProperty(UserProps.MessageConfTag);
                const conf = getMessageConferenceByTag(confTag) || {};
                const area =
                    getMessageAreaByTag(
                        client.user.getProperty(UserProps.MessageAreaTag),
                        confTag
                    ) || {};

                if (
                    !client.acs.hasMessageConfRead(conf) ||
                    !client.acs.hasMessageAreaRead(area)
                ) {
                    //  move them out of both area and possibly conf to something suitable, hopefully.
                    const [newConfTag, newAreaTag] =
                        getSuitableMessageConfAndAreaTags(client);
                    client.user.persistProperties(
                        {
                            [UserProps.MessageConfTag]: newConfTag,
                            [UserProps.MessageAreaTag]: newAreaTag,
                        },
                        err => {
                            return callback(err);
                        }
                    );
                } else {
                    return callback(null);
                }
            },
            callback => {
                //  Likewise for file areas
                const area =
                    getFileAreaByTag(client.user.getProperty(UserProps.FileAreaTag)) ||
                    {};
                if (!client.acs.hasFileAreaRead(area)) {
                    const areaTag = getDefaultFileAreaTag(client) || '';
                    client.user.persistProperty(UserProps.FileAreaTag, areaTag, err => {
                        return callback(err);
                    });
                } else {
                    return callback(null);
                }
            },
        ],
        err => {
            return cb(err);
        }
    );
}

function recordLogin(client, cb) {
    assert(client.user.authenticated); //  don't get in situations where this isn't true

    const user = client.user;
    const loginTimestamp = StatLog.now;

    async.parallel(
        [
            callback => {
                StatLog.incrementNonPersistentSystemStat(SysProps.LoginsToday, 1);
                return StatLog.incrementSystemStat(SysProps.LoginCount, 1, callback);
            },
            (callback) => {
                return StatLog.setUserStat(user, UserProps.LastLoginTs, loginTimestamp, callback);
            },
            callback => {
                return StatLog.incrementUserStat(user, UserProps.LoginCount, 1, callback);
            },
            callback => {
                const loginHistoryMax = Config().statLog.systemEvents.loginHistoryMax;
                const historyItem = JSON.stringify({
                    userId: user.userId,
                    sessionId: user.sessionId,
                });

                return StatLog.appendSystemLogEntry(
                    SystemLogKeys.UserLoginHistory,
                    historyItem,
                    loginHistoryMax,
                    StatLog.KeepType.Max,
                    callback
                );
            },
            (callback) => {
                //  Update live last login information which includes additional
                //  (pre-resolved) information such as user name/etc.
                const lastLogin = {
                    userId          : user.userId,
                    sessionId       : user.sessionId,
                    userName        : user.username,
                    realName        : user.getProperty(UserProps.RealName),
                    affiliation     : user.getProperty(UserProps.Affiliations),
                    emailAddress    : user.getProperty(UserProps.EmailAddress),
                    sex             : user.getProperty(UserProps.Sex),
                    location        : user.getProperty(UserProps.Location),
                    timestamp       : moment(loginTimestamp),
                };

                StatLog.setNonPersistentSystemStat(SysProps.LastLogin, lastLogin);
                return callback(null);
            }
        ],
        err => {
            return cb(err);
        }
    );
}

function transformLoginError(err, client, username) {
    client.sessionFailedLoginAttempts =
        _.get(client, 'sessionFailedLoginAttempts', 0) + 1;
    const disconnect = Config().users.failedLogin.disconnect;
    if (disconnect > 0 && client.sessionFailedLoginAttempts >= disconnect) {
        err = Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany);
    }

    client.log.warn( { username, ip : client.remoteAddress, reason : err.message }, `Failed login attempt for user "${username}", ${client.friendlyRemoteAddress()}`);
    return err;
}
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00			`/* jslint node: true */`
			`'use strict';`

Pardon the noise. More tab to space conversion! 2018-06-23 03:26:46 +00:00			`// ENiGMA½`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`const setClientTheme = require('./theme.js').setClientTheme;`
Pardon the noise. More tab to space conversion! 2018-06-23 03:26:46 +00:00			`const clientConnections = require('./client_connections.js').clientConnections;`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`const StatLog = require('./stat_log.js');`
			`const logger = require('./logger.js');`
			`const Events = require('./events.js');`
			`const Config = require('./config.js').get;`
			`const { Errors, ErrorReasons } = require('./enig_error.js');`
			`const UserProps = require('./user_property.js');`
			`const SysProps = require('./system_property.js');`
			`const SystemLogKeys = require('./system_log.js');`
			`const User = require('./user.js');`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`const {`
			`getMessageConferenceByTag,`
			`getMessageAreaByTag,`
Message ACS improvements & minor fixes + getSuitableMessageConfAndAreaTags(): Get a suitable conf/area tag pair with priority on defaults + hasMessageConfAndAreaRead() helper + filterMessageAreaTagsByReadACS() helper * Always include confTag/areaTag when fetching a conf or area (convenience) * Fix 'toRemoteUser' assignment in message * Better kick out of message conf/areas users does not have access to 2019-09-12 03:21:33 +00:00			`getSuitableMessageConfAndAreaTags,`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`} = require('./message_area.js');`
			`const { getFileAreaByTag, getDefaultFileAreaTag } = require('./file_base_area.js');`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
Pardon the noise. More tab to space conversion! 2018-06-23 03:26:46 +00:00			`// deps`
			`const async = require('async');`
SECURITY UPDATE * Handle failed login attempts via Telnet * New lockout features for >= N failed attempts * New auto-unlock over email feature * New auto-unlock after N minutes feature * Code cleanup in users * Add user_property.js - start using consts for user properties. Clean up over time. * Update email docs 2018-11-23 06:07:37 +00:00			`const _ = require('lodash');`
Good progress on QR support 2019-05-10 01:56:04 +00:00			`const assert = require('assert');`
Last caller information / MCI 2020-11-27 02:51:00 +00:00			`const moment = require('moment');`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`exports.userLogin = userLogin;`
			`exports.recordLogin = recordLogin;`
			`exports.transformLoginError = transformLoginError;`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
+ Implement SSH PubKey authentication * Security related items to config/security dir 2019-02-21 06:55:09 +00:00			`function userLogin(client, username, password, options, cb) {`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`if (!cb && _.isFunction(options)) {`
+ Implement SSH PubKey authentication * Security related items to config/security dir 2019-02-21 06:55:09 +00:00			`cb = options;`
			`options = {};`
			`}`

Check bad usernames @ login 2018-12-24 22:32:38 +00:00			`const config = Config();`

			`if(config.users.badUserNames.includes(username.toLowerCase())) {`
Some logging cleanup 2022-05-07 17:47:04 +00:00			client.log.info( { username, ip : client.remoteAddress }, `Attempt to login with banned username "${username}"`);
* Disconnect clients that attempt to login with banned usernames for Telnet as well * Slow disconnects to thwart brute force attacks - these names won't exist anyway, but we want the attacking client to not DoS us 2018-12-25 07:18:04 +00:00
			`// slow down a bit to thwart brute force attacks`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`return setTimeout(() => {`
* Disconnect clients that attempt to login with banned usernames for Telnet as well * Slow disconnects to thwart brute force attacks - these names won't exist anyway, but we want the attacking client to not DoS us 2018-12-25 07:18:04 +00:00			`return cb(Errors.BadLogin('Disallowed username', ErrorReasons.NotAllowed));`
			`}, 2000);`
Check bad usernames @ login 2018-12-24 22:32:38 +00:00			`}`
SECURITY UPDATE * Handle failed login attempts via Telnet * New lockout features for >= N failed attempts * New auto-unlock over email feature * New auto-unlock after N minutes feature * Code cleanup in users * Add user_property.js - start using consts for user properties. Clean up over time. * Update email docs 2018-11-23 06:07:37 +00:00
Use authInfo obj vs weird params. auth factor 1: factor 2 for 2FA, etc. 2019-02-23 05:51:12 +00:00			`const authInfo = {`
			`username,`
			`password,`
			`};`

First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`authInfo.type = options.authType \|\| User.AuthFactor1Types.Password;`
Use authInfo obj vs weird params. auth factor 1: factor 2 for 2FA, etc. 2019-02-23 05:51:12 +00:00			`authInfo.pubKey = options.ctx;`

			`client.user.authenticateFactor1(authInfo, err => {`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`if (err) {`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`return cb(transformLoginError(err, client, username));`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`}`
SECURITY UPDATE * Handle failed login attempts via Telnet * New lockout features for >= N failed attempts * New auto-unlock over email feature * New auto-unlock after N minutes feature * Code cleanup in users * Add user_property.js - start using consts for user properties. Clean up over time. * Update email docs 2018-11-23 06:07:37 +00:00
			`const user = client.user;`

			`// Good login; reset any failed attempts`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`delete client.sessionFailedLoginAttempts;`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`//`
Pardon the noise. More tab to space conversion! 2018-06-23 03:26:46 +00:00			`// Ensure this user is not already logged in.`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`//`
Cleaner code 2018-11-22 02:50:03 +00:00			`const existingClientConnection = clientConnections.find(cc => {`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`return (`
			`user !== cc.user && // not current connection`
			`user.userId === cc.user.userId`
			`); // ...but same user`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`});`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`if(existingClientConnection) {`
Some logging cleanup 2022-05-07 17:47:04 +00:00			`client.log.warn(`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`{`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`existingNodeId: existingClientConnection.node,`
			`username: user.username,`
			`userId: user.userId,`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`},`
Some logging cleanup 2022-05-07 17:47:04 +00:00			`User "${user.username}" already logged in on node ${existingClientConnection.node}`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`);`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`return cb(`
			`Errors.BadLogin(`
			`User ${user.username} already logged in.`,
			`ErrorReasons.AlreadyLoggedIn`
			`)`
			`);`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`}`
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
Pardon the noise. More tab to space conversion! 2018-06-23 03:26:46 +00:00			`// update client logger with addition of username`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`client.log = logger.log.child({`
			`nodeId: client.log.fields.nodeId,`
			`sessionId: client.log.fields.sessionId,`
			`username: user.username,`
			`});`
Fix yet another bug with node IDs * Pick appropriate slot * Log nodeId vs clientId/etc. for less confusion 2020-05-14 01:30:57 +00:00
Some logging cleanup 2022-05-07 17:47:04 +00:00			client.log.info(`User "${user.username}" successfully logged in`);
* Separate login logic vs display * Work on SSH a bit -- major WIP, not working! 2015-10-19 23:21:47 +00:00
Pardon the noise. More tab to space conversion! 2018-06-23 03:26:46 +00:00			`// User's unique session identifier is the same as the connection itself`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`user.sessionId = client.session.uniqueId; // convenience`
+ Add unique session ID to client sessions * Aliased to user for convienence * Added to logs for easy tracing * Can be used from events/etc. for grouping 2018-06-04 01:58:31 +00:00
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`Events.emit(Events.getSystemEvents().UserLogin, { user });`
+ User login and logoff events 2018-06-03 23:59:16 +00:00
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`setClientTheme(client, user.properties[UserProps.ThemeId]);`

Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`postLoginPrep(client, err => {`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`if (err) {`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`return cb(err);`
			`}`

First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`if (user.authenticated) {`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`return recordLogin(client, cb);`
			`}`

			`// recordLogin() must happen after 2FA!`
			`return cb(null);`
			`});`
ENiGMA 1/2 WILL USE SPACES FROM THIS POINT ON VS TABS * Really just to make GitHub formatting happy. Arg. 2018-06-22 05:15:04 +00:00			`});`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`}`

Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`function postLoginPrep(client, cb) {`
			`async.series(`
			`[`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`callback => {`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`//`
			`// User may (no longer) have read (view) rights to their current`
			`// message, conferences and/or areas. Move them out if so.`
			`//`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`const confTag = client.user.getProperty(UserProps.MessageConfTag);`
			`const conf = getMessageConferenceByTag(confTag) \|\| {};`
			`const area =`
			`getMessageAreaByTag(`
			`client.user.getProperty(UserProps.MessageAreaTag),`
			`confTag`
			`) \|\| {};`

			`if (`
			`!client.acs.hasMessageConfRead(conf) \|\|`
			`!client.acs.hasMessageAreaRead(area)`
			`) {`
Message ACS improvements & minor fixes + getSuitableMessageConfAndAreaTags(): Get a suitable conf/area tag pair with priority on defaults + hasMessageConfAndAreaRead() helper + filterMessageAreaTagsByReadACS() helper * Always include confTag/areaTag when fetching a conf or area (convenience) * Fix 'toRemoteUser' assignment in message * Better kick out of message conf/areas users does not have access to 2019-09-12 03:21:33 +00:00			`// move them out of both area and possibly conf to something suitable, hopefully.`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`const [newConfTag, newAreaTag] =`
			`getSuitableMessageConfAndAreaTags(client);`
			`client.user.persistProperties(`
			`{`
			`[UserProps.MessageConfTag]: newConfTag,`
			`[UserProps.MessageAreaTag]: newAreaTag,`
			`},`
			`err => {`
			`return callback(err);`
			`}`
			`);`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`} else {`
			`return callback(null);`
			`}`
			`},`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`callback => {`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`// Likewise for file areas`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`const area =`
			`getFileAreaByTag(client.user.getProperty(UserProps.FileAreaTag)) \|\|`
			`{};`
			`if (!client.acs.hasFileAreaRead(area)) {`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`const areaTag = getDefaultFileAreaTag(client) \|\| '';`
			`client.user.persistProperty(UserProps.FileAreaTag, areaTag, err => {`
			`return callback(err);`
			`});`
			`} else {`
			`return callback(null);`
			`}`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`},`
Clean up defualt mesage/file conf/areas at login if user no longer has read access 2019-09-10 03:35:12 +00:00			`],`
			`err => {`
			`return cb(err);`
			`}`
			`);`
			`}`

WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`function recordLogin(client, cb) {`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`assert(client.user.authenticated); // don't get in situations where this isn't true`
Good progress on QR support 2019-05-10 01:56:04 +00:00
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`const user = client.user;`
Last caller information / MCI 2020-11-27 02:51:00 +00:00			`const loginTimestamp = StatLog.now;`

WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`async.parallel(`
			`[`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`callback => {`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`StatLog.incrementNonPersistentSystemStat(SysProps.LoginsToday, 1);`
			`return StatLog.incrementSystemStat(SysProps.LoginCount, 1, callback);`
			`},`
			`(callback) => {`
Last caller information / MCI 2020-11-27 02:51:00 +00:00			`return StatLog.setUserStat(user, UserProps.LastLoginTs, loginTimestamp, callback);`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`},`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`callback => {`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`return StatLog.incrementUserStat(user, UserProps.LoginCount, 1, callback);`
			`},`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`callback => {`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`const loginHistoryMax = Config().statLog.systemEvents.loginHistoryMax;`
			`const historyItem = JSON.stringify({`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`userId: user.userId,`
			`sessionId: user.sessionId,`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`});`

			`return StatLog.appendSystemLogEntry(`
			`SystemLogKeys.UserLoginHistory,`
			`historyItem,`
			`loginHistoryMax,`
			`StatLog.KeepType.Max,`
			`callback`
			`);`
Last caller information / MCI 2020-11-27 02:51:00 +00:00			`},`
			`(callback) => {`
			`// Update live last login information which includes additional`
			`// (pre-resolved) information such as user name/etc.`
			`const lastLogin = {`
			`userId : user.userId,`
			`sessionId : user.sessionId,`
			`userName : user.username,`
			`realName : user.getProperty(UserProps.RealName),`
			`affiliation : user.getProperty(UserProps.Affiliations),`
			`emailAddress : user.getProperty(UserProps.EmailAddress),`
			`sex : user.getProperty(UserProps.Sex),`
			`location : user.getProperty(UserProps.Location),`
			`timestamp : moment(loginTimestamp),`
			`};`

			`StatLog.setNonPersistentSystemStat(SysProps.LastLogin, lastLogin);`
			`return callback(null);`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`}`
			`],`
			`err => {`
			`return cb(err);`
			`}`
			`);`
			`}`

			`function transformLoginError(err, client, username) {`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`client.sessionFailedLoginAttempts =`
			`_.get(client, 'sessionFailedLoginAttempts', 0) + 1;`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`const disconnect = Config().users.failedLogin.disconnect;`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`if (disconnect > 0 && client.sessionFailedLoginAttempts >= disconnect) {`
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`err = Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany);`
			`}`

Add client.friendlyRemoteAddress() for 'clean' remote IP 2022-06-04 23:39:48 +00:00			client.log.warn( { username, ip : client.remoteAddress, reason : err.message }, `Failed login attempt for user "${username}", ${client.friendlyRemoteAddress()}`);
WIP on OTP 2FA, stats, etc. 2019-05-08 03:36:33 +00:00			`return err;`
First pass formatting with Prettier * Added .prettierrc.json * Added .prettierignore * Formatted 2022-06-05 20:04:25 +00:00			`}`