logging auth, conversations, and contacts
This commit is contained in:
112
routes/auth.py
112
routes/auth.py
@@ -2,8 +2,8 @@ from flask import render_template, request, flash, redirect, url_for
|
||||
from flask_login import login_user, logout_user, login_required, current_user
|
||||
from models import db, User
|
||||
from functools import wraps
|
||||
from utils import log_event
|
||||
from datetime import datetime
|
||||
from utils import log_event
|
||||
|
||||
def require_password_change(f):
|
||||
@wraps(f)
|
||||
@@ -29,24 +29,32 @@ def init_routes(auth_bp):
|
||||
|
||||
if not user or not user.check_password(password):
|
||||
# Log failed login attempt
|
||||
log_event('user_login', {
|
||||
'email': email,
|
||||
'success': False,
|
||||
'reason': 'invalid_credentials'
|
||||
})
|
||||
log_event(
|
||||
event_type='user_login',
|
||||
details={
|
||||
'email': email,
|
||||
'success': False,
|
||||
'reason': 'invalid_credentials'
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
flash('Please check your login details and try again.', 'danger')
|
||||
return redirect(url_for('auth.login'))
|
||||
|
||||
login_user(user, remember=remember)
|
||||
|
||||
# Log successful login
|
||||
log_event('user_login', {
|
||||
'user_id': user.id,
|
||||
'email': email,
|
||||
'success': True,
|
||||
'remember': remember,
|
||||
'using_default_password': password == 'changeme'
|
||||
}, user.id)
|
||||
log_event(
|
||||
event_type='user_login',
|
||||
details={
|
||||
'user_id': user.id,
|
||||
'user_name': f"{user.username} {user.last_name}",
|
||||
'email': user.email,
|
||||
'success': True,
|
||||
'remember': remember
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
# Check if user is using default password
|
||||
if password == 'changeme':
|
||||
@@ -86,15 +94,17 @@ def init_routes(auth_bp):
|
||||
db.session.add(new_user)
|
||||
db.session.commit()
|
||||
|
||||
# Log user registration
|
||||
log_event('user_register', {
|
||||
'email': email,
|
||||
'username': username,
|
||||
'timestamp': datetime.utcnow().isoformat(),
|
||||
'ip_address': request.remote_addr,
|
||||
'user_agent': request.user_agent.string,
|
||||
'registration_method': 'web_form'
|
||||
}, new_user.id)
|
||||
# Log successful registration
|
||||
log_event(
|
||||
event_type='user_create',
|
||||
details={
|
||||
'user_id': new_user.id,
|
||||
'user_name': f"{new_user.username} {new_user.last_name}",
|
||||
'email': new_user.email,
|
||||
'method': 'web_form'
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
login_user(new_user)
|
||||
return redirect(url_for('main.dashboard'))
|
||||
@@ -104,12 +114,16 @@ def init_routes(auth_bp):
|
||||
@auth_bp.route('/logout')
|
||||
@login_required
|
||||
def logout():
|
||||
# Log logout event
|
||||
log_event('user_logout', {
|
||||
'user_id': current_user.id,
|
||||
'email': current_user.email
|
||||
}, current_user.id)
|
||||
|
||||
# Log logout event before logging out
|
||||
log_event(
|
||||
event_type='user_logout',
|
||||
details={
|
||||
'user_id': current_user.id,
|
||||
'user_name': f"{current_user.username} {current_user.last_name}",
|
||||
'email': current_user.email
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
logout_user()
|
||||
return redirect(url_for('auth.login'))
|
||||
|
||||
@@ -122,22 +136,50 @@ def init_routes(auth_bp):
|
||||
confirm_password = request.form.get('confirm_password')
|
||||
|
||||
if not current_user.check_password(current_password):
|
||||
# Log failed password change attempt
|
||||
log_event(
|
||||
event_type='user_update',
|
||||
details={
|
||||
'user_id': current_user.id,
|
||||
'user_name': f"{current_user.username} {current_user.last_name}",
|
||||
'update_type': 'password_change',
|
||||
'success': False,
|
||||
'reason': 'invalid_current_password'
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
flash('Current password is incorrect.', 'danger')
|
||||
return redirect(url_for('auth.change_password'))
|
||||
|
||||
if new_password != confirm_password:
|
||||
# Log failed password change attempt
|
||||
log_event(
|
||||
event_type='user_update',
|
||||
details={
|
||||
'user_id': current_user.id,
|
||||
'user_name': f"{current_user.username} {current_user.last_name}",
|
||||
'update_type': 'password_change',
|
||||
'success': False,
|
||||
'reason': 'passwords_dont_match'
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
flash('New passwords do not match.', 'danger')
|
||||
return redirect(url_for('auth.change_password'))
|
||||
|
||||
current_user.set_password(new_password)
|
||||
db.session.commit()
|
||||
|
||||
# Log password change
|
||||
log_event('user_update', {
|
||||
'user_id': current_user.id,
|
||||
'email': current_user.email,
|
||||
'update_type': 'password_change'
|
||||
}, current_user.id)
|
||||
# Log successful password change
|
||||
log_event(
|
||||
event_type='user_update',
|
||||
details={
|
||||
'user_id': current_user.id,
|
||||
'user_name': f"{current_user.username} {current_user.last_name}",
|
||||
'update_type': 'password_change',
|
||||
'success': True
|
||||
}
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
flash('Password changed successfully!', 'success')
|
||||
return redirect(url_for('main.dashboard'))
|
||||
|
||||
Reference in New Issue
Block a user