Closes #21: Save IP and UA on login

This commit is contained in:
jendib 2015-05-15 17:30:21 +02:00
parent 0228d43442
commit b2a38cea62
8 changed files with 70 additions and 4 deletions

View File

@ -29,6 +29,18 @@ public class AuthenticationToken {
@Column(name = "AUT_IDUSER_C", nullable = false, length = 36)
private String userId;
/**
* Login IP.
*/
@Column(name = "AUT_IP_C", nullable = true, length = 45)
private String ip;
/**
* Login user agent.
*/
@Column(name = "AUT_UA_C", nullable = true, length = 1000)
private String userAgent;
/**
* Remember the user next time (long lasted session).
*/
@ -100,6 +112,38 @@ public class AuthenticationToken {
public void setLongLasted(boolean longLasted) {
this.longLasted = longLasted;
}
/**
* Getter of ip.
* @return ip
*/
public String getIp() {
return ip;
}
/**
* Setter of ip.
* @param ip ip
*/
public void setIp(String ip) {
this.ip = ip;
}
/**
* Getter of userAgent.
* @return userAgent
*/
public String getUserAgent() {
return userAgent;
}
/**
* Setter of userAgent.
* @param userAgent userAgent
*/
public void setUserAgent(String userAgent) {
this.userAgent = userAgent;
}
/**
* Getter of creationDate.
@ -142,6 +186,8 @@ public class AuthenticationToken {
return Objects.toStringHelper(this)
.add("id", "**hidden**")
.add("userId", userId)
.add("ip", ip)
.add("userAgent", userAgent)
.add("longLasted", longLasted)
.toString();
}

View File

@ -1 +1 @@
db.version=9
db.version=10

View File

@ -0,0 +1,4 @@
alter table T_FILE alter column FIL_IDUSER_C set not null;
alter table T_AUTHENTICATION_TOKEN add column AUT_IP_C varchar(45);
alter table T_AUTHENTICATION_TOKEN add column AUT_UA_C varchar(1000);
update T_CONFIG set CFG_VALUE_C='10' where CFG_ID_C='DB_VERSION';

View File

@ -1,3 +1,3 @@
api.current_version=${project.version}
api.min_version=1.0
db.version=9
db.version=10

View File

@ -1,5 +1,6 @@
package com.sismics.docs.rest.resource;
import com.google.common.base.Strings;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
@ -288,12 +289,20 @@ public class UserResource extends BaseResource {
if (userId == null) {
throw new ForbiddenClientException();
}
// Get the remote IP
String ip = request.getHeader("x-forwarded-for");
if (Strings.isNullOrEmpty(ip)) {
ip = request.getRemoteAddr();
}
// Create a new session token
AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
AuthenticationToken authenticationToken = new AuthenticationToken();
authenticationToken.setUserId(userId);
authenticationToken.setLongLasted(longLasted);
authenticationToken.setIp(ip);
authenticationToken.setUserAgent(StringUtils.abbreviate(request.getHeader("user-agent"), 1000));
String token = authenticationTokenDao.create(authenticationToken);
// Cleanup old session tokens
@ -566,6 +575,8 @@ public class UserResource extends BaseResource {
for (AuthenticationToken authenticationToken : authenticationTokenDao.getByUserId(principal.getId())) {
JSONObject session = new JSONObject();
session.put("create_date", authenticationToken.getCreationDate().getTime());
session.put("ip", authenticationToken.getIp());
session.put("user_agent", authenticationToken.getUserAgent());
if (authenticationToken.getLastConnectionDate() != null) {
session.put("last_connection_date", authenticationToken.getLastConnectionDate().getTime());
}

View File

@ -4,6 +4,7 @@
<tr>
<th>Created date</th>
<th>Last connection date</th>
<th>From</th>
<th>Current</th>
</tr>
</thead>
@ -11,6 +12,7 @@
<tr ng-repeat="session in sessions | orderBy: '-current'" ng-class="{ 'info': session.current, 'warning': !session.current }">
<td>{{ session.create_date | date: 'yyyy-MM-dd HH:mm' }}</td>
<td>{{ session.last_connection_date | date: 'yyyy-MM-dd HH:mm' }}</td>
<td title="{{ session.user_agent }}">{{ session.ip }}</td>
<td><span ng-show="session.current" class="glyphicon glyphicon-ok"></span></td>
</tr>
</tbody>

View File

@ -1,3 +1,3 @@
api.current_version=${project.version}
api.min_version=1.0
db.version=9
db.version=10

View File

@ -144,6 +144,9 @@ public class TestUserResource extends BaseJerseyTest {
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
json = response.getEntity(JSONObject.class);
Assert.assertTrue(json.getJSONArray("sessions").length() > 0);
JSONObject session = json.getJSONArray("sessions").getJSONObject(0);
Assert.assertEquals("127.0.0.1", session.getString("ip"));
Assert.assertTrue(session.getString("user_agent").startsWith("Java"));
// Delete all sessions
userResource = resource().path("/user/session");