user logging

2025-05-29 22:33:05 +02:00
parent 5dbdd43785
commit 8f24e21d5d
9 changed files with 340 additions and 113 deletions
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -2,6 +2,8 @@ from flask import render_template, request, flash, redirect, url_for
 from flask_login import login_user, logout_user, login_required, current_user
 from models import db, User
 from functools import wraps
+from utils import log_event
+from datetime import datetime

 def require_password_change(f):
    @wraps(f)
@@ -26,11 +28,26 @@ def init_routes(auth_bp):
            user = User.query.filter_by(email=email).first()
            
            if not user or not user.check_password(password):
+                # Log failed login attempt
+                log_event('user_login', {
+                    'email': email,
+                    'success': False,
+                    'reason': 'invalid_credentials'
+                })
                flash('Please check your login details and try again.', 'danger')
                return redirect(url_for('auth.login'))
            
            login_user(user, remember=remember)
            
+            # Log successful login
+            log_event('user_login', {
+                'user_id': user.id,
+                'email': email,
+                'success': True,
+                'remember': remember,
+                'using_default_password': password == 'changeme'
+            }, user.id)
+            
            # Check if user is using default password
            if password == 'changeme':
                flash('Please change your password before continuing.', 'warning')
@@ -69,6 +86,16 @@ def init_routes(auth_bp):
            db.session.add(new_user)
            db.session.commit()
            
+            # Log user registration
+            log_event('user_register', {
+                'email': email,
+                'username': username,
+                'timestamp': datetime.utcnow().isoformat(),
+                'ip_address': request.remote_addr,
+                'user_agent': request.user_agent.string,
+                'registration_method': 'web_form'
+            }, new_user.id)
+            
            login_user(new_user)
            return redirect(url_for('main.dashboard'))
            
@@ -77,6 +104,12 @@ def init_routes(auth_bp):
    @auth_bp.route('/logout')
    @login_required
    def logout():
+        # Log logout event
+        log_event('user_logout', {
+            'user_id': current_user.id,
+            'email': current_user.email
+        }, current_user.id)
+        
        logout_user()
        return redirect(url_for('auth.login'))

@@ -98,6 +131,14 @@ def init_routes(auth_bp):
                
            current_user.set_password(new_password)
            db.session.commit()
+            
+            # Log password change
+            log_event('user_update', {
+                'user_id': current_user.id,
+                'email': current_user.email,
+                'update_type': 'password_change'
+            }, current_user.id)
+            
            flash('Password changed successfully!', 'success')
            return redirect(url_for('main.dashboard'))