Expand activity tracking and add PasswordResetAlert job

2020-07-13 09:35:11 -05:00
parent d29e6f057a
commit 143fccf179
7 changed files with 136 additions and 15 deletions
--- a/app/services/activity.service.js
+++ b/app/services/activity.service.js
@@ -8,15 +8,11 @@ class ActivityService extends Service {
    }

    async login(req) {
-        const Activity = this.model()
-        const activity = new Activity({
-            user_id: req.session.auth.user_id,
-            session_id: req.session.id,
-            action: 'login',
-            metadata: {
-                ip: req.ip
-            }
-        })
+        const activity = this.from_req(req)
+        activity.action = 'login'
+        activity.metadata = {
+            ip: req.ip
+        }

        // If this is a new IP login, send an e-mail alert
        const foreign_ip = await this.foreign_login_ip(req.session.auth.user_id, req.ip)
@@ -30,6 +26,64 @@ class ActivityService extends Service {
        await activity.save()
    }

+    async api_access_denial({ req, reason, check, oauth_client_id = null }) {
+        const activity = this.from_req(req)
+        activity.action = 'api-access-denial'
+        activity.metadata = {
+            scope: check,
+            reason,
+            oauth_client_id,
+        }
+
+        await activity.save()
+    }
+
+    async mfa_enable({ req }) {
+        const activity = this.from_req(req)
+        activity.action = 'mfa-enable'
+        await activity.save()
+    }
+
+    async mfa_disable({ req }) {
+        const activity = this.from_req(req)
+        activity.action = 'mfa-disable'
+        await activity.save()
+    }
+
+    async mfa_recovery_created({ req }) {
+        const activity = this.from_req(req)
+        activity.action = 'mfa-recovery-created'
+        await activity.save()
+    }
+
+    async app_password_created({ req, name }) {
+        const activity = this.from_req(req)
+        activity.action = 'app-password-created'
+        activity.metadata = { name }
+        await activity.save()
+    }
+
+    async password_reset({ req, ip }) {
+        const activity = this.from_req(req)
+        activity.action = 'password-reset'
+        activity.metadata = { ip }
+        await activity.save()
+
+        // Send an alert to the user
+        await this.jobs.queue('notifications').add('PasswordResetAlert', {
+            ip, user_id: req.session.auth.user_id,
+        })
+    }
+
+    async api_token_created({ req, oauth_client_id }) {
+        const activity = this.from_req(req)
+        activity.action = 'api-token-created'
+        activity.metadata = {
+            ip: req.ip,
+            oauth_client_id,
+        }
+    }
+
    async foreign_login_ip(user_id, ip) {
        const Activity = this.model()
        const existing_ip = await Activity.findOne({
@@ -40,6 +94,14 @@ class ActivityService extends Service {

        return !existing_ip
    }
+
+    from_req(req) {
+        const Activity = this.model()
+        return new Activity({
+            user_id: req.session.auth.user_id,
+            session_id: req.session.id,
+        })
+    }
 }

 module.exports = exports = ActivityService