Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
<?php
|
|
|
|
|
2012-03-14 00:21:04 +01:00
|
|
|
final class PhabricatorUserLog extends PhabricatorUserDAO {
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
|
|
|
const ACTION_LOGIN = 'login';
|
|
|
|
const ACTION_LOGOUT = 'logout';
|
|
|
|
const ACTION_LOGIN_FAILURE = 'login-fail';
|
|
|
|
const ACTION_RESET_PASSWORD = 'reset-pass';
|
|
|
|
|
|
|
|
const ACTION_CREATE = 'create';
|
2012-05-25 16:30:44 +02:00
|
|
|
const ACTION_EDIT = 'edit';
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
|
|
|
const ACTION_ADMIN = 'admin';
|
2012-08-29 20:07:29 +02:00
|
|
|
const ACTION_SYSTEM_AGENT = 'system-agent';
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
const ACTION_DISABLE = 'disable';
|
2013-11-13 20:24:18 +01:00
|
|
|
const ACTION_APPROVE = 'approve';
|
2012-06-16 02:02:20 +02:00
|
|
|
const ACTION_DELETE = 'delete';
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
2011-06-14 21:17:14 +02:00
|
|
|
const ACTION_CONDUIT_CERTIFICATE = 'conduit-cert';
|
|
|
|
const ACTION_CONDUIT_CERTIFICATE_FAILURE = 'conduit-cert-fail';
|
|
|
|
|
2012-05-25 16:30:44 +02:00
|
|
|
const ACTION_EMAIL_PRIMARY = 'email-primary';
|
|
|
|
const ACTION_EMAIL_REMOVE = 'email-remove';
|
|
|
|
const ACTION_EMAIL_ADD = 'email-add';
|
|
|
|
|
|
|
|
const ACTION_CHANGE_PASSWORD = 'change-password';
|
2012-06-06 16:09:56 +02:00
|
|
|
const ACTION_CHANGE_USERNAME = 'change-username';
|
2012-05-25 16:30:44 +02:00
|
|
|
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
protected $actorPHID;
|
|
|
|
protected $userPHID;
|
|
|
|
protected $action;
|
|
|
|
protected $oldValue;
|
|
|
|
protected $newValue;
|
|
|
|
protected $details = array();
|
|
|
|
protected $remoteAddr;
|
|
|
|
protected $session;
|
|
|
|
|
|
|
|
public static function newLog(
|
|
|
|
PhabricatorUser $actor = null,
|
|
|
|
PhabricatorUser $user = null,
|
|
|
|
$action) {
|
|
|
|
|
|
|
|
$log = new PhabricatorUserLog();
|
|
|
|
|
|
|
|
if ($actor) {
|
|
|
|
$log->setActorPHID($actor->getPHID());
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($user) {
|
|
|
|
$log->setUserPHID($user->getPHID());
|
2012-01-12 21:56:11 +01:00
|
|
|
} else {
|
|
|
|
$log->setUserPHID('');
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($action) {
|
|
|
|
$log->setAction($action);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $log;
|
|
|
|
}
|
|
|
|
|
2011-06-14 21:17:14 +02:00
|
|
|
public static function loadRecentEventsFromThisIP($action, $timespan) {
|
|
|
|
return id(new PhabricatorUserLog())->loadAllWhere(
|
|
|
|
'action = %s AND remoteAddr = %s AND dateCreated > %d
|
|
|
|
ORDER BY dateCreated DESC',
|
|
|
|
$action,
|
|
|
|
idx($_SERVER, 'REMOTE_ADDR'),
|
|
|
|
time() - $timespan);
|
|
|
|
}
|
|
|
|
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
public function save() {
|
|
|
|
if (!$this->remoteAddr) {
|
2012-05-25 16:30:44 +02:00
|
|
|
$this->remoteAddr = idx($_SERVER, 'REMOTE_ADDR', '');
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
}
|
|
|
|
if (!$this->session) {
|
|
|
|
$this->setSession(idx($_COOKIE, 'phsid'));
|
|
|
|
}
|
|
|
|
$this->details['host'] = php_uname('n');
|
2013-02-10 00:01:57 +01:00
|
|
|
$this->details['user_agent'] = AphrontRequest::getHTTPHeader('User-Agent');
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
|
|
|
return parent::save();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setSession($session) {
|
|
|
|
// Store the hash of the session, not the actual session key, so that
|
|
|
|
// seeing the logs doesn't compromise all the sessions which appear in
|
|
|
|
// them. This just prevents casual leaks, like in a screenshot.
|
|
|
|
if (strlen($session)) {
|
2011-12-18 20:00:39 +01:00
|
|
|
$this->session = PhabricatorHash::digest($session);
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
}
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getConfiguration() {
|
|
|
|
return array(
|
|
|
|
self::CONFIG_SERIALIZATION => array(
|
|
|
|
'oldValue' => self::SERIALIZATION_JSON,
|
|
|
|
'newValue' => self::SERIALIZATION_JSON,
|
|
|
|
'details' => self::SERIALIZATION_JSON,
|
|
|
|
),
|
|
|
|
) + parent::getConfiguration();
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|