mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
bc3b0fda35
This adds additional logging to the authentication logs such as type, remote IP, request method, redirect URL, and if the attempt was done during a ban. This also means we log attempts that occur when the attempt was blocked by the regulator for record keeping purposes, as well as record 2FA attempts which can be used to inform admins and later to regulate based on other factors. Fixes #116, Fixes #1293.
161 lines
3.9 KiB
Go
161 lines
3.9 KiB
Go
package storage
|
|
|
|
const (
|
|
queryFmtSelectMigrations = `
|
|
SELECT id, applied, version_before, version_after, application_version
|
|
FROM %s;`
|
|
|
|
queryFmtSelectLatestMigration = `
|
|
SELECT id, applied, version_before, version_after, application_version
|
|
FROM %s
|
|
ORDER BY id DESC
|
|
LIMIT 1;`
|
|
|
|
queryFmtInsertMigration = `
|
|
INSERT INTO %s (applied, version_before, version_after, application_version)
|
|
VALUES (?, ?, ?, ?);`
|
|
)
|
|
|
|
const (
|
|
queryMySQLSelectExistingTables = `
|
|
SELECT table_name
|
|
FROM information_schema.tables
|
|
WHERE table_type = 'BASE TABLE' AND table_schema = database();`
|
|
|
|
queryPostgreSelectExistingTables = `
|
|
SELECT table_name
|
|
FROM information_schema.tables
|
|
WHERE table_type = 'BASE TABLE' AND table_schema = 'public';`
|
|
|
|
querySQLiteSelectExistingTables = `
|
|
SELECT name
|
|
FROM sqlite_master
|
|
WHERE type = 'table';`
|
|
)
|
|
|
|
const (
|
|
queryFmtSelectUserInfo = `
|
|
SELECT second_factor_method, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_totp, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_u2f
|
|
FROM %s
|
|
WHERE username = ?;`
|
|
|
|
queryFmtSelectPreferred2FAMethod = `
|
|
SELECT second_factor_method
|
|
FROM %s
|
|
WHERE username = ?;`
|
|
|
|
queryFmtUpsertPreferred2FAMethod = `
|
|
REPLACE INTO %s (username, second_factor_method)
|
|
VALUES (?, ?);`
|
|
|
|
queryFmtPostgresUpsertPreferred2FAMethod = `
|
|
INSERT INTO %s (username, second_factor_method)
|
|
VALUES ($1, $2)
|
|
ON CONFLICT (username)
|
|
DO UPDATE SET second_factor_method = $2;`
|
|
)
|
|
|
|
const (
|
|
queryFmtSelectExistsIdentityVerification = `
|
|
SELECT EXISTS (
|
|
SELECT id
|
|
FROM %s
|
|
WHERE token = ?
|
|
);`
|
|
|
|
queryFmtInsertIdentityVerification = `
|
|
INSERT INTO %s (token)
|
|
VALUES (?);`
|
|
|
|
queryFmtDeleteIdentityVerification = `
|
|
DELETE FROM %s
|
|
WHERE token = ?;`
|
|
)
|
|
|
|
const (
|
|
queryFmtSelectTOTPConfiguration = `
|
|
SELECT id, username, algorithm, digits, totp_period, secret
|
|
FROM %s
|
|
WHERE username = ?;`
|
|
|
|
queryFmtSelectTOTPConfigurations = `
|
|
SELECT id, username, algorithm, digits, totp_period, secret
|
|
FROM %s
|
|
LIMIT ?
|
|
OFFSET ?;`
|
|
|
|
//nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials.
|
|
queryFmtUpdateTOTPConfigurationSecret = `
|
|
UPDATE %s
|
|
SET secret = ?
|
|
WHERE id = ?;`
|
|
|
|
//nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials.
|
|
queryFmtUpdateTOTPConfigurationSecretByUsername = `
|
|
UPDATE %s
|
|
SET secret = ?
|
|
WHERE username = ?;`
|
|
|
|
queryFmtUpsertTOTPConfiguration = `
|
|
REPLACE INTO %s (username, algorithm, digits, totp_period, secret)
|
|
VALUES (?, ?, ?, ?, ?);`
|
|
|
|
queryFmtPostgresUpsertTOTPConfiguration = `
|
|
INSERT INTO %s (username, algorithm, digits, totp_period, secret)
|
|
VALUES ($1, $2, $3, $4, $5)
|
|
ON CONFLICT (username)
|
|
DO UPDATE SET algorithm = $2, digits = $3, totp_period = $4, secret = $5;`
|
|
|
|
queryFmtDeleteTOTPConfiguration = `
|
|
DELETE FROM %s
|
|
WHERE username = ?;`
|
|
)
|
|
|
|
const (
|
|
queryFmtSelectU2FDevice = `
|
|
SELECT key_handle, public_key
|
|
FROM %s
|
|
WHERE username = ?;`
|
|
|
|
queryFmtUpsertU2FDevice = `
|
|
REPLACE INTO %s (username, key_handle, public_key)
|
|
VALUES (?, ?, ?);`
|
|
|
|
queryFmtPostgresUpsertU2FDevice = `
|
|
INSERT INTO %s (username, key_handle, public_key)
|
|
VALUES ($1, $2, $3)
|
|
ON CONFLICT (username)
|
|
DO UPDATE SET key_handle=$2, public_key=$3;`
|
|
)
|
|
|
|
const (
|
|
queryFmtInsertAuthenticationLogEntry = `
|
|
INSERT INTO %s (time, successful, banned, username, auth_type, remote_ip, request_uri, request_method)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?);`
|
|
|
|
queryFmtSelect1FAAuthenticationLogEntryByUsername = `
|
|
SELECT time, successful, username
|
|
FROM %s
|
|
WHERE time > ? AND username = ? AND auth_type = '1FA' AND banned = 0
|
|
ORDER BY time DESC
|
|
LIMIT ?
|
|
OFFSET ?;`
|
|
)
|
|
|
|
const (
|
|
queryFmtSelectEncryptionValue = `
|
|
SELECT (value)
|
|
FROM %s
|
|
WHERE name = ?`
|
|
|
|
queryFmtUpsertEncryptionValue = `
|
|
REPLACE INTO %s (name, value)
|
|
VALUES (?, ?);`
|
|
|
|
queryFmtPostgresUpsertEncryptionValue = `
|
|
INSERT INTO %s (name, value)
|
|
VALUES ($1, $2)
|
|
ON CONFLICT (name)
|
|
DO UPDATE SET value=$2;`
|
|
)
|