Merge pull request #20 from rappasoft/develop

v1.2

.github/workflows/run-tests.yml

@@ -13,7 +13,7 @@ jobs:
       fail-fast: true
       matrix:
         os: [ubuntu-latest, windows-latest]
-        php: [8.0]
+        php: [8.0, 7.4]
         laravel: [8.*]
         stability: [prefer-lowest, prefer-stable]
         include:

CHANGELOG.md

@@ -2,6 +2,15 @@
 
 All notable changes to `Laravel Authentication Log` will be documented in this file.
 
+### 1.2.0 - 2021-11-21
+
+### Added
+
+- Fire a successful login after a failed login on an unknown (new) device. - https://github.com/rappasoft/laravel-authentication-log/pull/15
+- Make the events the package is listening for configurable in the config file
+- Added French translation and missing location translations - https://github.com/rappasoft/laravel-authentication-log/pull/18
+- PHP 7.4 Support
+
 ### 1.1.1 - 2021-10-20
 
 ### Changed

composer.json

@@ -16,7 +16,7 @@
         }
     ],
     "require": {
-        "php": "^8.0",
+        "php": "^7.4|^8.0",
         "illuminate/contracts": "^8.37",
         "spatie/laravel-package-tools": "^1.4.3"
     },

config/authentication-log.php

@@ -8,6 +8,14 @@
     // The database connection where the authentication_log table resides. Leave empty to use the default
     'db_connection' => null,
 
+    // The events the package listens for to log
+    'events' => [
+        'login' => \Illuminate\Auth\Events\Login::class,
+        'failed' => \Illuminate\Auth\Events\Failed::class,
+        'logout' => \Illuminate\Auth\Events\Logout::class,
+        'logout-other-devices' => \Illuminate\Auth\Events\OtherDeviceLogout::class,
+    ],
+
     'notifications' => [
         'new-device' => [
             // Send the NewDevice notification

docs/known-issues.md

@@ -3,10 +3,11 @@ title: Known Issues
 weight: 2
 ---
 
-Curable:
+Fixed:
 
 - [This cache store is not supported. - torann/geoip](https://github.com/Torann/laravel-geoip/issues/147#issuecomment-528414630)
+- When the session renews Laravel fires the Login event which results in a new login row [1](https://github.com/rappasoft/laravel-authentication-log/issues/13) [2](https://rappasoft.com/docs/laravel-authentication-log/v1/start/configuration#user-content-example-event-override)
 
 Unsolved:
 
-- [When the session renews Laravel fires the Login event which results in a new login row](https://github.com/rappasoft/laravel-authentication-log/issues/13)
+- None

docs/start/configuration.md

@@ -32,6 +32,14 @@ return [
 
     // The database connection where the authentication_log table resides. Leave empty to use the default
     'db_connection' => null,
+
+    // The events the package listens for to log (as of v1.3)
+    'events' => [
+        'login' => \Illuminate\Auth\Events\Login::class,
+        'failed' => \Illuminate\Auth\Events\Failed::class,
+        'logout' => \Illuminate\Auth\Events\Logout::class,
+        'logout-other-devices' => \Illuminate\Auth\Events\OtherDeviceLogout::class,
+    ],
 
     'notifications' => [
         'new-device' => [
@@ -84,3 +92,88 @@ class User extends Authenticatable
 ```
 
 The package will listen for Laravel's Login, Logout, Failed, and OtherDeviceLogout events.
+
+## Overriding default Laravel events
+
+If you would like to listen to your own events you may override them in the package config (as of v1.3).
+
+### Example event override
+
+You may notice that Laravel [fires a Login event when the session renews](https://github.com/laravel/framework/blob/master/src/Illuminate/Auth/SessionGuard.php#L149) if the user clicked 'remember me' when logging in. This will produce empty login rows each time which is not what we want. The way around this is to fire your own `Login` event instead of listening for Laravels.
+
+You can create a Login event that takes the user:
+
+```php
+<?php
+
+namespace App\Domains\Auth\Events;
+
+use Illuminate\Queue\SerializesModels;
+
+class Login
+{
+    use SerializesModels;
+
+    public $user;
+
+    public function __construct($user)
+    {
+        $this->user = $user;
+    }
+}
+```
+
+Then override it in the package config:
+
+```php
+// The events the package listens for to log
+'events' => [
+    'login' => \App\Domains\Auth\Events\Login::class,
+    ...
+],
+```
+
+Then call it where you login your user:
+
+```php
+event(new Login($user));
+```
+
+Now the package will only register actual login events, and not session re-authentications.
+
+### Overriding in Fortify
+
+If you are working with Fortify and would like to register your own Login event, you can append a class to the authentication stack:
+
+In FortifyServiceProvider:
+
+```php
+Fortify::authenticateThrough(function () {
+    return array_filter([
+        ...
+        FireLoginEvent::class,
+    ]);
+});
+```
+
+`FireLoginEvent` is just a class that fires the event:
+
+```php
+<?php
+
+namespace App\Domains\Auth\Actions;
+
+use App\Domains\Auth\Events\Login;
+
+class FireLoginEvent
+{
+    public function handle($request, $next)
+    {
+        if ($request->user()) {
+            event(new Login($request->user()));
+        }
+
+        return $next($request);
+    }
+}
+```

resources/lang/en.json

@@ -9,5 +9,7 @@
     "Regards": "Regards",
     "There has been a failed login attempt to your :app account.": "There has been a failed login attempt to your :app account.",
     "Time": "Time",
+    "Unknown City": "Unknown City",
+    "Unknown State": "Unknown State",
     "Your :app account logged in from a new device.": "Your :app account logged in from a new device."
 }

resources/lang/fr.json

@@ -0,0 +1,15 @@
+{
+    "A failed login to your account": "Échec de la connexion à votre compte",
+    "Account": "Compte",
+    "Browser": "Navigateur",
+    "Hello": "Bonjour",
+    "If this was you, you can ignore this alert. If you suspect any suspicious activity on your account, please change your password.": "Si c’était vous, vous pouvez ignorer cette alerte. Si vous soupçonnez une activité suspecte sur votre compte, veuillez modifier votre mot de passe.",
+    "IP Address": "Adresse IP",
+    "Location": "Emplacement",
+    "Regards": "Cordialement",
+    "There has been a failed login attempt to your :app account.": "Une tentative de connexion à votre compte sur :app a échoué.",
+    "Time": "Heure",
+    "Unknown City": "Ville inconnue",
+    "Unknown State": "État inconnu",
+    "Your :app account logged in from a new device.": "Connexion à votre compte sur :app depuis un nouvel appareil."
+}

resources/views/emails/failed.blade.php

@@ -8,7 +8,7 @@
 > **@lang('IP Address'):** {{ $ipAddress }}<br/>
 > **@lang('Browser'):** {{ $browser }}<br/>
 @if ($location && $location['default'] === false)
-> **@lang('Location'):** {{ $location['city'] ?? 'Unknown City' }}, {{ $location['state'], 'Unknown State' }}
+> **@lang('Location'):** {{ $location['city'] ?? __('Unknown City') }}, {{ $location['state'], __('Unknown State') }}
 @endif
 
 @lang('If this was you, you can ignore this alert. If you suspect any suspicious activity on your account, please change your password.')

resources/views/emails/new.blade.php

@@ -8,7 +8,7 @@
 > **@lang('IP Address'):** {{ $ipAddress }}<br/>
 > **@lang('Browser'):** {{ $browser }}<br/>
 @if ($location && $location['default'] === false)
-> **@lang('Location'):** {{ $location['city'] ?? 'Unknown City' }}, {{ $location['state'], 'Unknown State' }}
+> **@lang('Location'):** {{ $location['city'] ?? __('Unknown City') }}, {{ $location['state'], __('Unknown State') }}
 @endif
 
 @lang('If this was you, you can ignore this alert. If you suspect any suspicious activity on your account, please change your password.')

src/LaravelAuthenticationLogServiceProvider.php

@@ -27,9 +27,9 @@ public function configurePackage(Package $package): void
             ->hasCommand(PurgeAuthenticationLogCommand::class);
 
         $events = $this->app->make(Dispatcher::class);
-        $events->listen(Login::class, LoginListener::class);
-        $events->listen(Failed::class, FailedLoginListener::class);
-        $events->listen(Logout::class, LogoutListener::class);
-        $events->listen(OtherDeviceLogout::class, OtherDeviceLogoutListener::class);
+        $events->listen(config('authentication-log.events.login') ?? Login::class, LoginListener::class);
+        $events->listen(config('authentication-log.events.failed') ?? Failed::class, FailedLoginListener::class);
+        $events->listen(config('authentication-log.events.logout') ?? Logout::class, LogoutListener::class);
+        $events->listen(config('authentication-log.events.other-device-logout') ?? OtherDeviceLogout::class, OtherDeviceLogoutListener::class);
     }
 }

src/Listeners/FailedLoginListener.php

@@ -15,8 +15,12 @@ public function __construct(Request $request)
         $this->request = $request;
     }
 
-    public function handle(Failed $event): void
+    public function handle($event): void
     {
+        if (! $event instanceof (config('authentication-log.events.failed') ?? Failed::class)) {
+            return;
+        }
+
         if ($event->user) {
             $log = $event->user->authentications()->create([
                 'ip_address' => $ip = $this->request->ip(),

src/Listeners/LoginListener.php

@@ -16,13 +16,17 @@ public function __construct(Request $request)
         $this->request = $request;
     }
 
-    public function handle(Login $event): void
+    public function handle($event): void
     {
+        if (! $event instanceof (config('authentication-log.events.login') ?? Login::class)) {
+            return;
+        }
+
         if ($event->user) {
             $user = $event->user;
             $ip = $this->request->ip();
             $userAgent = $this->request->userAgent();
-            $known = $user->authentications()->whereIpAddress($ip)->whereUserAgent($userAgent)->first();
+            $known = $user->authentications()->whereIpAddress($ip)->whereUserAgent($userAgent)->whereLoginSuccessful(true)->first();
             $newUser = Carbon::parse($user->{$user->getCreatedAtColumn()})->diffInMinutes(Carbon::now()) < 1;
 
             $log = $user->authentications()->create([

src/Listeners/LogoutListener.php

@@ -15,8 +15,12 @@ public function __construct(Request $request)
         $this->request = $request;
     }
 
-    public function handle(Logout $event): void
+    public function handle($event): void
     {
+        if (! $event instanceof (config('authentication-log.events.logout') ?? Logout::class)) {
+            return;
+        }
+
         if ($event->user) {
             $user = $event->user;
             $ip = $this->request->ip();

src/Listeners/OtherDeviceLogoutListener.php

@@ -15,8 +15,12 @@ public function __construct(Request $request)
         $this->request = $request;
     }
 
-    public function handle(OtherDeviceLogout $event): void
+    public function handle($event): void
     {
+        if (! $event instanceof (config('authentication-log.events.other-device-logout') ?? OtherDeviceLogout::class)) {
+            return;
+        }
+
         if ($event->user) {
             $user = $event->user;
             $ip = $this->request->ip();