Logging around accoung lock/unlocking

2018-11-23 11:44:46 -07:00 · 2018-11-23 11:44:46 -07:00 · a4823c0c4a
parent f0e7b46a2f
commit a4823c0c4a
3 changed files with 11 additions and 3 deletions
--- a/core/user.js
+++ b/core/user.js
@ -152,6 +152,7 @@ module.exports = class User {
                        if(!_.has(tempUser.properties, UserProps.AccountLockedPrevStatus)) {
                            props[UserProps.AccountLockedPrevStatus] = tempUser.getProperty(UserProps.AccountStatus);
                        }
+                        Log.info( { userId, failedAttempts }, '(Re)setting account to locked due to failed logins');
                        return tempUser.persistProperties(props, callback);
                    }

@ -243,6 +244,10 @@ module.exports = class User {
                            const minutesSinceLocked = moment().diff(lockedTs, 'minutes');
                            if(minutesSinceLocked >= autoUnlockMinutes) {
                                //  allow the login - we will clear any lock there
+                                Log.info(
+                                    { username, userId : tempAuthInfo.userId, lockedAt : lockedTs.format() },
+                                    'Locked account will now be unlocked due to auto-unlock minutes policy'
+                                );
                                return callback(null);
                            }
                        }
--- a/core/user_login.js
+++ b/core/user_login.js
@ -24,14 +24,13 @@ function userLogin(client, username, password, cb) {
        const config = Config();

        if(err) {
-            client.log.info( { username : username, error : err.message }, 'Failed login attempt');
-
            client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1;
            const disconnect = config.users.failedLogin.disconnect;
            if(disconnect > 0 && client.user.sessionFailedLoginAttempts >= disconnect) {
-                return cb(Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany));
+                err = Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany);
            }

+            client.log.info( { username : username, error : err.message }, 'Failed login attempt');
            return cb(err);
        }

--- a/core/web_password_reset.js
+++ b/core/web_password_reset.js
@ -288,6 +288,10 @@ class WebPasswordReset {
                    user.removeProperties([ UserProps.EmailPwResetToken, UserProps.EmailPwResetTokenTs ]);

                    if(true === _.get(config, 'users.unlockAtEmailPwReset')) {
+                        Log.info(
+                            { username : user.username, userId : user.userId },
+                            'Remove any lock on account due to password reset policy'
+                        );
                        user.unlockAccount( () => { /* dummy */ } );
                    }