Open
Bug 296924
Opened 20 years ago
Updated 11 years ago
Add a hook so extensions can log user authentication (success or failure)
Categories
(Bugzilla :: User Accounts, enhancement)
Bugzilla
User Accounts
Tracking
()
NEW
People
(Reporter: richard, Unassigned)
Details
(Whiteboard: [wanted-bmo][infrasec:logging])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.8
Build Identifier: 2.19.1
I need to monitor who is logging into my instalation and can not find any
existing tool/log to do this, is this feature already in or planned?
I have made the following changes to query.cgi to do this for me:
if (defined $::FORM{"GoAheadAndLogIn"}) {
# We got here from a login page, probably from relogin.cgi. We better
# make sure the password is legit.
Bugzilla->login(LOGIN_REQUIRED);
# Login Tracking Code, Richard Wood
require Bugzilla::User;
my $ulog = Bugzilla->user->identity;
open (LOGFILE, ">> /export1/bugzilla/bzlogin.log") or die "Can't open
error.log: $!";
print LOGFILE $ulog, scalar(localtime), "\n";
close LOGFILE;
# END Tracking Code
Reproducible: Always
|
||
Comment 1•20 years ago
|
||
Richard: could you write the code using SQL? It would be trivial to convert
since you already wrote its functionality, but it would have the advantage of
scaling with a lot of logins and big Bugzillas when querying.
Summary: is it possible to track bugzilla Logins → Log Bugzilla logins
|
|
||
Comment 2•20 years ago
|
||
The logincookies table already allows access to who's logged in recently, as
long as they didn't explicitly log out.
Perhaps an easy way would be to set the value in the 'cookie' column to NULL
when a user logs out (or otherwise marking it as unusable rather than deleting
the row), thus *only* deleting rows from the logincookies table when they expire
after <N> days.
Immediately this gives a ready log of who has logged in / used bugzilla recently.
|
|
||
Comment 3•20 years ago
|
||
Actually, I find it much more useful to include a graphic in the global header
such as ....
<img src="images/header1.gif?uname=[% user.login FILTER url_quote %]>
Then, the access to the site winds up in the webserver access log right
alongside the other accesses.
|
|
||
Comment 4•18 years ago
|
||
Maybe it's a dupe, but I cannot find the original one. So confirming this request.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•14 years ago
|
Whiteboard: [wanted-bmo]
|
|
||
Updated•14 years ago
|
Whiteboard: [wanted-bmo] → [wanted-bmo][infrasec:logging]
as there are a lot of different ways sites would want to gather this sort of data, it's better suited as an extension.
unfortunately there doesn't appear to be a suitable hook which is called following authentication success or failure; morphing bug.
Summary: Log Bugzilla logins → Add a hook so extensions can log user authentication (success or failure)
You need to log in
before you can comment on or make changes to this bug.
Description
•