github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-10 07:58:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add user login and select organization audit logs

Browse Source
This commit is contained in:
Carlos Monastyrski
2025-11-13 21:27:32 -03:00
parent 731a0d5cd0
commit 09ac5c8df5
2 changed files with 112 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
backend/src/ee/services/audit-log/audit-log-types.ts
View File

@@ -365,6 +365,8 @@ export enum EventType {
LOAD_PROJECT_KMS_BACKUP = "load-project-kms-backup",
ORG_ADMIN_ACCESS_PROJECT = "org-admin-accessed-project",
ORG_ADMIN_BYPASS_SSO = "org-admin-bypassed-sso",
USER_LOGIN = "user-login",
USER_SELECT_ORGANIZATION = "user-select-organization",
CREATE_CERTIFICATE_TEMPLATE = "create-certificate-template",
UPDATE_CERTIFICATE_TEMPLATE = "update-certificate-template",
DELETE_CERTIFICATE_TEMPLATE = "delete-certificate-template",
@@ -2657,6 +2659,31 @@ interface OrgAdminBypassSSOEvent {
metadata: Record<string, string>; // no metadata yet
}
interface UserLoginEvent {
type: EventType.USER_LOGIN;
metadata: {
email: string;
userAgent: string;
ipAddress: string;
authMethod: string;
organizationId?: string;
organizationName?: string;
authProvider?: string;
};
}
interface UserSelectOrganizationEvent {
type: EventType.USER_SELECT_ORGANIZATION;
metadata: {
email: string;
userAgent: string;
ipAddress: string;
organizationId: string;
organizationName: string;
authMethod: string;
};
}
interface CreateCertificateTemplateEstConfig {
type: EventType.CREATE_CERTIFICATE_TEMPLATE_EST_CONFIG;
metadata: {
@@ -4535,4 +4562,6 @@ export type Event =
| UpdateCertificateRenewalConfigEvent
| DisableCertificateRenewalConfigEvent
| AutomatedRenewCertificate
| AutomatedRenewCertificateFailed;
| AutomatedRenewCertificateFailed
| UserLoginEvent
| UserSelectOrganizationEvent;

82
backend/src/services/auth/auth-login-service.ts
View File

@@ -454,6 +454,32 @@ export const authLoginServiceFactory = ({
});
}
if (organizationId) {
await auditLogService.createAuditLog({
orgId: organizationId,
ipAddress: ip,
userAgent,
userAgentType: getUserAgentType(userAgent),
actor: {
type: ActorType.USER,
metadata: {
email: userEnc.email,
userId: userEnc.userId,
username: userEnc.username
}
},
event: {
type: EventType.USER_LOGIN,
metadata: {
email,
userAgent,
ipAddress: ip,
authMethod
}
}
});
}
return {
tokens: {
accessToken: token.access,
@@ -646,6 +672,32 @@ export const authLoginServiceFactory = ({
}
}
await auditLogService.createAuditLog({
orgId: organizationId,
ipAddress,
userAgent,
userAgentType: getUserAgentType(userAgent),
actor: {
type: ActorType.USER,
metadata: {
email: user.email,
userId: user.id,
username: user.username
}
},
event: {
type: EventType.USER_SELECT_ORGANIZATION,
metadata: {
email: user.email || "",
userAgent,
ipAddress,
organizationId,
organizationName: selectedOrg.name,
authMethod: decodedToken.authMethod
}
}
});
return {
...tokens,
user,
@@ -1039,6 +1091,36 @@ export const authLoginServiceFactory = ({
organizationId
});
if (organizationId) {
await auditLogService.createAuditLog({
orgId: organizationId,
ipAddress: ip,
userAgent,
userAgentType: getUserAgentType(userAgent),
actor: {
type: ActorType.USER,
metadata: {
email: userEnc.email,
userId: userEnc.userId,
username: userEnc.username
}
},
event: {
type: EventType.USER_LOGIN,
metadata: {
email,
userAgent,
ipAddress: ip,
authMethod: decodedProviderToken.authMethod,
organizationId,
...(isAuthMethodSaml(decodedProviderToken.authMethod) && {
authProvider: decodedProviderToken.authMethod
})
}
}
});
}
return { token, isMfaEnabled: false, user: userEnc, decodedProviderToken } as const;
};