Logging around accoung lock/unlocking

This commit is contained in:
Bryan Ashby 2018-11-23 11:44:46 -07:00
parent f0e7b46a2f
commit a4823c0c4a
3 changed files with 11 additions and 3 deletions

View File

@ -152,6 +152,7 @@ module.exports = class User {
if(!_.has(tempUser.properties, UserProps.AccountLockedPrevStatus)) { if(!_.has(tempUser.properties, UserProps.AccountLockedPrevStatus)) {
props[UserProps.AccountLockedPrevStatus] = tempUser.getProperty(UserProps.AccountStatus); props[UserProps.AccountLockedPrevStatus] = tempUser.getProperty(UserProps.AccountStatus);
} }
Log.info( { userId, failedAttempts }, '(Re)setting account to locked due to failed logins');
return tempUser.persistProperties(props, callback); return tempUser.persistProperties(props, callback);
} }
@ -243,6 +244,10 @@ module.exports = class User {
const minutesSinceLocked = moment().diff(lockedTs, 'minutes'); const minutesSinceLocked = moment().diff(lockedTs, 'minutes');
if(minutesSinceLocked >= autoUnlockMinutes) { if(minutesSinceLocked >= autoUnlockMinutes) {
// allow the login - we will clear any lock there // allow the login - we will clear any lock there
Log.info(
{ username, userId : tempAuthInfo.userId, lockedAt : lockedTs.format() },
'Locked account will now be unlocked due to auto-unlock minutes policy'
);
return callback(null); return callback(null);
} }
} }

View File

@ -24,14 +24,13 @@ function userLogin(client, username, password, cb) {
const config = Config(); const config = Config();
if(err) { if(err) {
client.log.info( { username : username, error : err.message }, 'Failed login attempt');
client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1; client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1;
const disconnect = config.users.failedLogin.disconnect; const disconnect = config.users.failedLogin.disconnect;
if(disconnect > 0 && client.user.sessionFailedLoginAttempts >= disconnect) { if(disconnect > 0 && client.user.sessionFailedLoginAttempts >= disconnect) {
return cb(Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany)); err = Errors.BadLogin('To many failed login attempts', ErrorReasons.TooMany);
} }
client.log.info( { username : username, error : err.message }, 'Failed login attempt');
return cb(err); return cb(err);
} }

View File

@ -288,6 +288,10 @@ class WebPasswordReset {
user.removeProperties([ UserProps.EmailPwResetToken, UserProps.EmailPwResetTokenTs ]); user.removeProperties([ UserProps.EmailPwResetToken, UserProps.EmailPwResetTokenTs ]);
if(true === _.get(config, 'users.unlockAtEmailPwReset')) { if(true === _.get(config, 'users.unlockAtEmailPwReset')) {
Log.info(
{ username : user.username, userId : user.userId },
'Remove any lock on account due to password reset policy'
);
user.unlockAccount( () => { /* dummy */ } ); user.unlockAccount( () => { /* dummy */ } );
} }