Expand activity tracking and add PasswordResetAlert job

2020-07-13 09:35:11 -05:00
parent d29e6f057a
commit 143fccf179
7 changed files with 136 additions and 15 deletions
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@@ -638,6 +638,7 @@ class AuthController extends Controller {
        const token = req.user.mfa_token
        const codes = await token.generate_recovery()
        await req.user.save()
+        await this.activity.mfa_recovery_created({ req })
        return res.api({
            codes,
        })
@@ -704,6 +705,8 @@ class AuthController extends Controller {
        req.user.mfa_enable_date = new Date
        req.user.save()

+        await this.activity.mfa_enable({ req })
+
        // invalidate existing tokens and other logins
        const flitter = await this.auth.get_provider('flitter')
        await flitter.logout(req)
@@ -724,6 +727,8 @@ class AuthController extends Controller {
        req.user.app_passwords = []
        await req.user.save()

+        await this.activity.mfa_disable({ req })
+
        // invalidate existing login tokens and logins
        const flitter = await this.auth.get_provider('flitter')
        await flitter.logout(req)
--- a/app/controllers/api/v1/Password.controller.js
+++ b/app/controllers/api/v1/Password.controller.js
@@ -3,7 +3,7 @@ const zxcvbn = require('zxcvbn')

 class PasswordController extends Controller {
    static get services() {
-        return [...super.services, 'auth', 'jobs', 'models']
+        return [...super.services, 'auth', 'jobs', 'models', 'activity']
    }

    async get_resets(req, res, next) {
@@ -35,6 +35,7 @@ class PasswordController extends Controller {

        const { password, record } = await req.user.app_password(req.body.name)
        await req.user.save()
+        await this.activity.app_password_created({ req, name: req.body.name })

        return res.api({
            password,
@@ -86,6 +87,7 @@ class PasswordController extends Controller {
        // Create the password reset
        const reset = await req.user.reset_password(req.body.password)
        await req.user.save()
+        await this.activity.password_reset({ req, ip: req.ip })
        if ( req.trap.has_trap() && req.trap.get_trap() === 'password_reset' ) await req.trap.end()

        // invalidate existing tokens and other logins
--- a/app/controllers/api/v1/Reflect.controller.js
+++ b/app/controllers/api/v1/Reflect.controller.js
@@ -3,7 +3,7 @@ const uuid = require('uuid/v4')

 class ReflectController extends Controller {
    static get services() {
-        return [...super.services, 'routers', 'models']
+        return [...super.services, 'routers', 'models', 'activity']
    }

    async get_tokens(req, res, next) {
@@ -81,6 +81,7 @@ class ReflectController extends Controller {
        })

        await token.save()
+        await this.activity.api_token_created({ req, oauth_client_id: client.uuid })
        return res.api({
            id: token.id,
            token: token.accessToken,