diff --git a/src/oidc.js b/src/oidc.js index be0881d47..78c99eecc 100644 --- a/src/oidc.js +++ b/src/oidc.js @@ -22,6 +22,7 @@ const assert = require('assert'), debug = require('debug')('box:oidc'), ejs = require('ejs'), express = require('express'), + eventlog = require('./eventlog.js'), fs = require('fs'), middleware = require('./middleware'), path = require('path'), @@ -499,10 +500,12 @@ function interactionLogin(provider) { const [detailsError, details] = await safe(provider.interactionDetails(req, res)); if (detailsError) return next(new HttpError(500, detailsError)); - const prompt = details.prompt; - const name = prompt.name; + const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null; + const userAgent = req.headers['user-agent'] || ''; + const auditSource = { authType: 'basic', ip }; + const clientId = details.params.client_id; - assert.equal(name, 'login'); + debug(`interactionLogin: for OpenID client ${clientId} from ${ip}`); if (!req.body.username || typeof req.body.username !== 'string') return next(new HttpError(400, 'A username must be non-empty string')); if (!req.body.password || typeof req.body.password !== 'string') return next(new HttpError(400, 'A password must be non-empty string')); @@ -528,6 +531,9 @@ function interactionLogin(provider) { const [interactionFinishError, redirectTo] = await safe(provider.interactionResult(req, res, result)); if (interactionFinishError) return next(new HttpError(500, interactionFinishError)); + await eventlog.add(user.ghost ? eventlog.ACTION_USER_LOGIN_GHOST : eventlog.ACTION_USER_LOGIN, auditSource, { userId: user.id, user: users.removePrivateFields(user) }); + if (!user.ghost) safe(users.notifyLoginLocation(user, ip, userAgent, auditSource), { debug }); + debug(`route interaction login post result redirectTo:${redirectTo}`); res.status(200).send({ redirectTo });