feat(regulator): enhance authentication logs (#2622)

This adds additional logging to the authentication logs such as type, remote IP, request method, redirect URL, and if the attempt was done during a ban. This also means we log attempts that occur when the attempt was blocked by the regulator for record keeping purposes, as well as record 2FA attempts which can be used to inform admins and later to regulate based on other factors.

Fixes #116, Fixes #1293.

1 files changed, 4 insertions, 2 deletions

diff --git a/internal/storage/sql_provider.go b/internal/storage/sql_provider.go
index 9ff5dad2b..5b876f4cf 100644
--- a/internal/storage/sql_provider.go
+++ b/internal/storage/sql_provider.go
@@ -355,8 +355,10 @@ func (p *SQLProvider) LoadU2FDevice(ctx context.Context, username string) (devic
 
 // AppendAuthenticationLog append a mark to the authentication log.
 func (p *SQLProvider) AppendAuthenticationLog(ctx context.Context, attempt models.AuthenticationAttempt) (err error) {
-	if _, err = p.db.ExecContext(ctx, p.sqlInsertAuthenticationAttempt, attempt.Time, attempt.Successful, attempt.Username); err != nil {
-		return fmt.Errorf("error inserting authentiation attempt: %w", err)
+	if _, err = p.db.ExecContext(ctx, p.sqlInsertAuthenticationAttempt,
+		attempt.Time, attempt.Successful, attempt.Banned, attempt.Username,
+		attempt.Type, attempt.RemoteIP, attempt.RequestURI, attempt.RequestMethod); err != nil {
+		return fmt.Errorf("error inserting authentication attempt: %w", err)
 	}
 
 	return nil