Finishing up logging of authentication requests

stevebauman · stevebauman · commit d37b67cde44f · 2017-11-09T11:37:25.000-05:00
diff --git a/src/AdldapAuthServiceProvider.php b/src/AdldapAuthServiceProvider.php
@@ -97,13 +97,19 @@ protected function registerListeners()
         Event::listen(Authenticated::class, Listeners\BindsLdapUserModel::class);
 
         if ($this->isLogging()) {
+            // If logging is enabled, we will set up our event listeners that
+            // log each event fired throughout the authentication process.
             Event::listen(Events\Importing::class, Listeners\LogImport::class);
             Event::listen(Events\Synchronized::class, Listeners\LogSynchronized::class);
             Event::listen(Events\Synchronizing::class, Listeners\LogSynchronizing::class);
+            Event::listen(Events\Authenticated::class, Listeners\LogAuthenticated::class);
+            Event::listen(Events\Authenticating::class, Listeners\LogAuthentication::class);
+            Event::listen(Events\AuthenticationFailed::class, Listeners\LogAuthenticationFailure::class);
+            Event::listen(Events\AuthenticationRejected::class, Listeners\LogAuthenticationRejection::class);
+            Event::listen(Events\AuthenticationSuccessful::class, Listeners\LogAuthenticationSuccess::class);
             Event::listen(Events\DiscoveredWithCredentials::class, Listeners\LogDiscovery::class);
             Event::listen(Events\AuthenticatedWithWindows::class, Listeners\LogWindowsAuth::class);
             Event::listen(Events\AuthenticatedModelTrashed::class, Listeners\LogTrashedModel::class);
-            Event::listen(Events\AuthenticatedWithCredentials::class, Listeners\LogCredentialAuth::class);
         }
     }
 
diff --git a/src/Auth/DatabaseUserProvider.php b/src/Auth/DatabaseUserProvider.php
@@ -6,6 +6,8 @@
 use Adldap\Laravel\Facades\Resolver;
 use Adldap\Laravel\Commands\Import;
 use Adldap\Laravel\Commands\SyncPassword;
+use Adldap\Laravel\Events\AuthenticationRejected;
+use Adldap\Laravel\Events\AuthenticationSuccessful;
 use Adldap\Laravel\Events\DiscoveredWithCredentials;
 use Adldap\Laravel\Events\AuthenticatedWithCredentials;
 use Illuminate\Support\Facades\Bus;
@@ -131,15 +133,19 @@ public function validateCredentials(Authenticatable $model, array $credentials)
             // validation rules pass, we will allow the authentication
             // attempt. Otherwise, it is automatically rejected.
             if ($this->passesValidation($this->user, $model)) {
-                // Sync / set the users password since it has been verified.
+                // Here we can now synchronize / set the users password since
+                // they have successfully passed authentication
+                // and our validation rules.
                 Bus::dispatch(new SyncPassword($model, $credentials));
 
-                // All of our validation rules have passed and we can
-                // finally save the model in case of changes.
                 $model->save();
 
+                Event::fire(new AuthenticationSuccessful($this->user));
+
                 return true;
             }
+
+            Event::fire(new AuthenticationRejected($this->user));
         }
 
         if ($this->isFallingBack() && $model->exists) {
diff --git a/src/Auth/NoDatabaseUserProvider.php b/src/Auth/NoDatabaseUserProvider.php
@@ -3,6 +3,8 @@
 namespace Adldap\Laravel\Auth;
 
 use Adldap\Laravel\Facades\Resolver;
+use Adldap\Laravel\Events\AuthenticationRejected;
+use Adldap\Laravel\Events\AuthenticationSuccessful;
 use Adldap\Laravel\Events\DiscoveredWithCredentials;
 use Adldap\Laravel\Events\AuthenticatedWithCredentials;
 use Illuminate\Support\Facades\Event;
@@ -57,14 +59,16 @@ public function retrieveByCredentials(array $credentials)
      */
     public function validateCredentials(Authenticatable $user, array $credentials)
     {
-        // Perform LDAP authentication and validate the authenticated model.
-        if (
-            Resolver::authenticate($user, $credentials) &&
-            $this->passesValidation($user)
-        ) {
+        if (Resolver::authenticate($user, $credentials)) {
             Event::fire(new AuthenticatedWithCredentials($user));
 
-            return true;
+            if ($this->passesValidation($user)) {
+                Event::fire(new AuthenticationSuccessful($user));
+
+                return true;
+            }
+
+            Event::fire(new AuthenticationRejected($user));
         }
 
         return false;
diff --git a/src/Events/Authenticated.php b/src/Events/Authenticated.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Adldap\Laravel\Events;
+
+use Adldap\Models\User;
+
+class Authenticated
+{
+    /**
+     * The LDAP user that has successfully authenticated.
+     *
+     * @var User
+     */
+    public $user;
+
+    /**
+     * Constructor.
+     *
+     * @param User $user
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}
diff --git a/src/Events/Authenticating.php b/src/Events/Authenticating.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Adldap\Laravel\Events;
+
+use Adldap\Models\User;
+
+class Authenticating
+{
+    /**
+     * The LDAP user that is authenticating.
+     *
+     * @var User
+     */
+    public $user;
+
+    /**
+     * The username that is being authenticated.
+     *
+     * @var string
+     */
+    public $username = '';
+
+    /**
+     * Constructor.
+     *
+     * @param User   $user
+     * @param string $username
+     */
+    public function __construct(User $user, $username = '')
+    {
+        $this->user = $user;
+        $this->username = $username;
+    }
+}
diff --git a/src/Events/AuthenticationFailed.php b/src/Events/AuthenticationFailed.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Adldap\Laravel\Events;
+
+use Adldap\Models\User;
+
+class AuthenticationFailed
+{
+    /**
+     * The user that failed authentication.
+     *
+     * @var User
+     */
+    public $user;
+
+    /**
+     * Constructor.
+     *
+     * @param User $user
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}
diff --git a/src/Events/AuthenticationRejected.php b/src/Events/AuthenticationRejected.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Adldap\Laravel\Events;
+
+use Adldap\Models\User;
+
+class AuthenticationRejected
+{
+    /**
+     * The user that has been denied authentication.
+     *
+     * @var User
+     */
+    public $user;
+
+    /**
+     * Constructor.
+     *
+     * @param User $user
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}
diff --git a/src/Events/AuthenticationSuccessful.php b/src/Events/AuthenticationSuccessful.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Adldap\Laravel\Events;
+
+use Adldap\Models\User;
+
+class AuthenticationSuccessful
+{
+    /**
+     * The LDAP user that has successfully authenticated.
+     *
+     * @var User
+     */
+    public $user;
+
+    /**
+     * Constructor.
+     *
+     * @param User $user
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}
diff --git a/src/Listeners/LogAuthenticated.php b/src/Listeners/LogAuthenticated.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Adldap\Laravel\Listeners;
+
+use Adldap\Laravel\Events\Authenticated;
+
+class LogAuthenticated
+{
+    /**
+     * Handle the event.
+     *
+     * @param Authenticated $event
+     *
+     * @return void
+     */
+    public function handle(Authenticated $event)
+    {
+        info("User '{$event->user->getCommonName()}' has successfully passed LDAP authentication.");
+    }
+}
diff --git a/src/Listeners/LogAuthentication.php b/src/Listeners/LogAuthentication.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Adldap\Laravel\Listeners;
+
+use Illuminate\Support\Facades\Config;
+use Adldap\Laravel\Events\Authenticating;
+
+class LogAuthentication
+{
+    /**
+     * Handle the event.
+     *
+     * @param Authenticating $event
+     *
+     * @return void
+     */
+    public function handle(Authenticating $event)
+    {
+        $username = $this->getPrefix().$event->username.$this->getSuffix();
+
+        info("User '{$event->user->getCommonName()}' is authenticating with username: '{$username}'");
+    }
+
+    /**
+     * Returns the account prefix that is applied to username's.
+     *
+     * @return string|null
+     */
+    protected function getPrefix()
+    {
+        return Config::get("{$this->getConfigSettingsPath()}.account_prefix");
+    }
+
+    /**
+     * Returns the account suffix that is applied to username's.
+     *
+     * @return string|null
+     */
+    protected function getSuffix()
+    {
+        return Config::get("{$this->getConfigSettingsPath()}.account_suffix");
+    }
+
+    /**
+     * Returns the current connections configuration path.
+     *
+     * @return string
+     */
+    protected function getConfigSettingsPath()
+    {
+        $connection = Config::get('adldap_auth.connection');
+
+        return "adldap.$connection.connection_settings";
+    }
+}
diff --git a/src/Listeners/LogAuthenticationFailure.php b/src/Listeners/LogAuthenticationFailure.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Adldap\Laravel\Listeners;
+
+use Adldap\Laravel\Events\AuthenticationFailed;
+
+class LogAuthenticationFailure
+{
+    /**
+     * Handle the event.
+     *
+     * @param AuthenticationFailed $event
+     *
+     * @return void
+     */
+    public function handle(AuthenticationFailed $event)
+    {
+        info("User '{$event->user->getCommonName()}' has failed LDAP authentication.");
+    }
+}
diff --git a/src/Listeners/LogAuthenticationRejection.php b/src/Listeners/LogAuthenticationRejection.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Adldap\Laravel\Listeners;
+
+use Adldap\Laravel\Events\AuthenticationRejected;
+
+class LogAuthenticationRejection
+{
+    /**
+     * Constructor.
+     *
+     * @param AuthenticationRejected $event
+     */
+    public function __construct(AuthenticationRejected $event)
+    {
+        info("User '{$event->user->getCommonName()}' has failed validation. They have been denied authentication.");
+    }
+}
diff --git a/src/Listeners/LogAuthenticationSuccess.php b/src/Listeners/LogAuthenticationSuccess.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Adldap\Laravel\Listeners;
+
+use Adldap\Laravel\Events\AuthenticationSuccessful;
+
+class LogAuthenticationSuccess
+{
+    /**
+     * Handle the event.
+     *
+     * @param AuthenticationSuccessful $event
+     *
+     * @return void
+     */
+    public function handle(AuthenticationSuccessful $event)
+    {
+        info("User '{$event->user->getCommonName()}' has been successfully logged in.");
+    }
+}
diff --git a/src/Listeners/LogCredentialAuth.php b/src/Listeners/LogCredentialAuth.php
diff --git a/src/Listeners/LogDiscovery.php b/src/Listeners/LogDiscovery.php
@@ -15,6 +15,6 @@ class LogDiscovery
      */
     public function handle(DiscoveredWithCredentials $event)
     {
-        info("User {$event->user->getCommonName()} has been successfully found for authentication.");
+        info("User '{$event->user->getCommonName()}' has been successfully found for authentication.");
     }
 }
diff --git a/src/Listeners/LogImport.php b/src/Listeners/LogImport.php
diff --git a/src/Listeners/LogSynchronized.php b/src/Listeners/LogSynchronized.php
diff --git a/src/Listeners/LogSynchronizing.php b/src/Listeners/LogSynchronizing.php
diff --git a/src/Listeners/LogTrashedModel.php b/src/Listeners/LogTrashedModel.php
diff --git a/src/Listeners/LogWindowsAuth.php b/src/Listeners/LogWindowsAuth.php
diff --git a/src/Resolvers/UserResolver.php b/src/Resolvers/UserResolver.php

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,6 @@ class LogDiscovery`
`15`	`15`	`*/`
`16`	`16`	`public function handle(DiscoveredWithCredentials $event)`
`17`	`17`	`{`
`18`		`- info("User {$event->user->getCommonName()} has been successfully found for authentication.");`
	`18`	`+ info("User '{$event->user->getCommonName()}' has been successfully found for authentication.");`
`19`	`19`	`}`
`20`	`20`	`}`