feat(audit): add authentication events (!766) · Merge requests · core / picodata

Dmitry Ivanov requested to merge funbringer/audit-auth-events into master Nov 30, 2023

Summary

fix(auth): check if user exists in auth attempts tracker

This patch fixes a possible DOS by checking whether the user exists before creating a record for its unsuccessful auth attempt. This is due to the fact that box.session.on_auth will be called even for unknown users (this helps vanilla users log such events).

feat(audit): add authentication events

This patch adds two new events:

auth_ok
auth_fail, which may contain "verdict" describing user suspension.

Examples:

{
  "id": "1.1.19",
  "message": "successfully authenticated user `guest`",
  "severity": "low",
  "time": "2023-11-30T19:02:10.708+0300",
  "title": "auth_ok",
  "user": "guest"
}

{
  "id": "1.0.11",
  "message": "failed to authenticate user `borat`",
  "severity": "high",
  "time": "2023-11-30T18:58:48.635+0300",
  "title": "auth_failed",
  "user": "borat"
}

Part of #349 (closed)

Ensure that

New code is covered by tests
~~API is documented~~
~~Changelog is up to date~~
~~(if Lua API changed) Lua API version is bumped in luamod.rs~~
~~(if necessary) A follow-up doc issue is created in picodata/docs and linked here~~

feat(audit): add authentication events

Summary

Ensure that

Merge request reports