We have moved to GitHub Issues
Created by Jeffrey Schoemaker 22 Jun 2016, 13:50:57 Updated by Sebastiaan Janssen 19 Sep 2017, 06:04:06
Relates to: U4-1841
Subtask of: U4-10324
In Umbraco 7.x logging of user logon-attempts where added. But their currently written to the txt-logfile in /App_Data/Logs/UmbracoTraceLog.txt.
2016-06-22 15:17:38,688 [P25496/D3/T71] INFO Umbraco.Core.Security.BackOfficeSignInManager - Event Id: 0, state: Login attempt succeeded for username firstname.lastname@example.org from IP address 192.168.1.150 2016-06-22 15:17:38,688 [P25496/D3/T71] INFO Umbraco.Core.Security.BackOfficeSignInManager - Event Id: 0, state: User: email@example.com logged in from IP address 192.168.1.150 2016-06-22 15:21:55,654 [P25496/D4/T11] INFO Umbraco.Web.Editors.AuthenticationController - User firstname.lastname@example.org from IP address 192.168.1.150 has logged out
By doing this you won't be able to make an overview of all actions that one user performed by simply "SELECT * FROM UmbracoUserAction WHERE UserId = x", because these actions are scattered over several logfiles. Furthermore these logfiles are deleted after 30 days and last of all; if you set the loglevel to WARN you won't see them at all.
=== Proposal ===
#1 Log authentication attempts to a databasetable UmbracoUserAuthenticationLog with the columns 'Username', 'IP', 'Date', 'Result' (0 is unsuccesfull, 1 is succesfull), 'Url'. In this table we can't use UserId yet because if the logonname isn't a user we wouldn't be able to log.
#2 Log all user actions to a databasetable UmbracoUserAuditLog with the columns 'UserId', 'Date', 'IP', 'Action', 'Url', 'ByUserId' and 'Comment'. For action we have the following options
With this stuff in place we have a pretty complete overview for auditing reasons and eventually can make a dashboard like http://umbraco.usermanagement.perplex.eu/ (Last tab => Logging)
Preliminary PR: https://github.com/umbraco/Umbraco-CMS/pull/1923
Instead of logging these events to a table, for now we'll raise events that can be handled, even by logging them to a custom table. The benefit of adding events is that you can hook in to them and actually immediately do something, think of (for example): Someone gets locked out because they entered their password wrong more than 5 times. With an event you can now:
In the future (v7.7.0 is the first opportunity for adding a new table to the database) it could be good for us to add a table storing the info from the events, and showing the audit info on each user in the users section. It would of course be super awesome if all of the functionality in the example above (http://umbraco.usermanagement.perplex.eu/) would natively be implemented as well!
Attached is the App_Code file I've been testing with.
It's a pretty shallow test but proves that everything works, would be good to think of some creative ways to hook into these events that I haven't imagined yet and see if that works too!
OK I got all the events to fire from your test App_Code file @sebastiaan and this is mostly OK, however when using Pete's 2FA package threw up some interesting scenarios for events that was not fired.
Login correctly with email & password - Login event fired (but I have not passed 2FA - yet as I may fail 2FA
Login correctly with email & password - Fail 2FA we get failed login events but no LockedEvent fired after the 5 failed 2FA code attempts
Couldn't repro first issue, but forgot to raise loginsuccess after 2FA login, this is now fixed and also the second issue is fixed. https://github.com/umbraco/Umbraco-CMS/pull/1923/commits/388d660e110a0b2aed9c068075c18a693712722f
Thanks for the review @warren.buckley !
Type: Feature (request)
Backwards Compatible: True
Due in version: 7.6.7
Sprint: Sprint 67
Story Points: 1