Properly detect new user agents and location

2021-04-30 13:21:50 +02:00
parent af2c096975
commit fb5c2a5e52
6 changed files with 72 additions and 12 deletions
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -34,7 +34,6 @@ let assert = require('assert'),
    externalLdap = require('../externalldap.js'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
-    mailer = require('../mailer.js'),
    sysinfo = require('../sysinfo.js'),
    system = require('../system.js'),
    tokendb = require('../tokendb.js'),
@@ -51,6 +50,7 @@ function login(req, res, next) {

    const type = req.body.type || tokens.ID_WEBADMIN;
    const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
+    const userAgent = req.headers['user-agent'] || '';
    const auditSource = { authType: 'basic', ip: ip };

    const error = tokens.validateTokenType(type);
@@ -59,15 +59,11 @@ function login(req, res, next) {
    tokens.add(type, req.user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, token) {
        if (error) return next(new HttpError(500, error));

-        eventlog.getAllPaged([ eventlog.ACTION_USER_LOGIN ], ip, 1, 100, function (error, result) {
-            if (error) console.error(error);
+        eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: req.user.id, user: users.removePrivateFields(req.user) });

-            if (!error && result.length === 0) mailer.sendNewLoginLocation(req.user, ip);
+        users.checkLoginLocation(req.user, ip, userAgent);

-            eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: req.user.id, user: users.removePrivateFields(req.user) });
-
-            next(new HttpSuccess(200, token));
-        });
+        next(new HttpSuccess(200, token));
    });
 }