Closes #21: Save IP and UA on login

This commit is contained in:
jendib 2015-05-15 17:30:21 +02:00
parent 0228d43442
commit b2a38cea62
8 changed files with 70 additions and 4 deletions

View File

@ -29,6 +29,18 @@ public class AuthenticationToken {
@Column(name = "AUT_IDUSER_C", nullable = false, length = 36) @Column(name = "AUT_IDUSER_C", nullable = false, length = 36)
private String userId; private String userId;
/**
* Login IP.
*/
@Column(name = "AUT_IP_C", nullable = true, length = 45)
private String ip;
/**
* Login user agent.
*/
@Column(name = "AUT_UA_C", nullable = true, length = 1000)
private String userAgent;
/** /**
* Remember the user next time (long lasted session). * Remember the user next time (long lasted session).
*/ */
@ -100,6 +112,38 @@ public class AuthenticationToken {
public void setLongLasted(boolean longLasted) { public void setLongLasted(boolean longLasted) {
this.longLasted = longLasted; this.longLasted = longLasted;
} }
/**
* Getter of ip.
* @return ip
*/
public String getIp() {
return ip;
}
/**
* Setter of ip.
* @param ip ip
*/
public void setIp(String ip) {
this.ip = ip;
}
/**
* Getter of userAgent.
* @return userAgent
*/
public String getUserAgent() {
return userAgent;
}
/**
* Setter of userAgent.
* @param userAgent userAgent
*/
public void setUserAgent(String userAgent) {
this.userAgent = userAgent;
}
/** /**
* Getter of creationDate. * Getter of creationDate.
@ -142,6 +186,8 @@ public class AuthenticationToken {
return Objects.toStringHelper(this) return Objects.toStringHelper(this)
.add("id", "**hidden**") .add("id", "**hidden**")
.add("userId", userId) .add("userId", userId)
.add("ip", ip)
.add("userAgent", userAgent)
.add("longLasted", longLasted) .add("longLasted", longLasted)
.toString(); .toString();
} }

View File

@ -1 +1 @@
db.version=9 db.version=10

View File

@ -0,0 +1,4 @@
alter table T_FILE alter column FIL_IDUSER_C set not null;
alter table T_AUTHENTICATION_TOKEN add column AUT_IP_C varchar(45);
alter table T_AUTHENTICATION_TOKEN add column AUT_UA_C varchar(1000);
update T_CONFIG set CFG_VALUE_C='10' where CFG_ID_C='DB_VERSION';

View File

@ -1,3 +1,3 @@
api.current_version=${project.version} api.current_version=${project.version}
api.min_version=1.0 api.min_version=1.0
db.version=9 db.version=10

View File

@ -1,5 +1,6 @@
package com.sismics.docs.rest.resource; package com.sismics.docs.rest.resource;
import com.google.common.base.Strings;
import com.sismics.docs.core.constant.Constants; import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao; import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao; import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
@ -288,12 +289,20 @@ public class UserResource extends BaseResource {
if (userId == null) { if (userId == null) {
throw new ForbiddenClientException(); throw new ForbiddenClientException();
} }
// Get the remote IP
String ip = request.getHeader("x-forwarded-for");
if (Strings.isNullOrEmpty(ip)) {
ip = request.getRemoteAddr();
}
// Create a new session token // Create a new session token
AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao(); AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
AuthenticationToken authenticationToken = new AuthenticationToken(); AuthenticationToken authenticationToken = new AuthenticationToken();
authenticationToken.setUserId(userId); authenticationToken.setUserId(userId);
authenticationToken.setLongLasted(longLasted); authenticationToken.setLongLasted(longLasted);
authenticationToken.setIp(ip);
authenticationToken.setUserAgent(StringUtils.abbreviate(request.getHeader("user-agent"), 1000));
String token = authenticationTokenDao.create(authenticationToken); String token = authenticationTokenDao.create(authenticationToken);
// Cleanup old session tokens // Cleanup old session tokens
@ -566,6 +575,8 @@ public class UserResource extends BaseResource {
for (AuthenticationToken authenticationToken : authenticationTokenDao.getByUserId(principal.getId())) { for (AuthenticationToken authenticationToken : authenticationTokenDao.getByUserId(principal.getId())) {
JSONObject session = new JSONObject(); JSONObject session = new JSONObject();
session.put("create_date", authenticationToken.getCreationDate().getTime()); session.put("create_date", authenticationToken.getCreationDate().getTime());
session.put("ip", authenticationToken.getIp());
session.put("user_agent", authenticationToken.getUserAgent());
if (authenticationToken.getLastConnectionDate() != null) { if (authenticationToken.getLastConnectionDate() != null) {
session.put("last_connection_date", authenticationToken.getLastConnectionDate().getTime()); session.put("last_connection_date", authenticationToken.getLastConnectionDate().getTime());
} }

View File

@ -4,6 +4,7 @@
<tr> <tr>
<th>Created date</th> <th>Created date</th>
<th>Last connection date</th> <th>Last connection date</th>
<th>From</th>
<th>Current</th> <th>Current</th>
</tr> </tr>
</thead> </thead>
@ -11,6 +12,7 @@
<tr ng-repeat="session in sessions | orderBy: '-current'" ng-class="{ 'info': session.current, 'warning': !session.current }"> <tr ng-repeat="session in sessions | orderBy: '-current'" ng-class="{ 'info': session.current, 'warning': !session.current }">
<td>{{ session.create_date | date: 'yyyy-MM-dd HH:mm' }}</td> <td>{{ session.create_date | date: 'yyyy-MM-dd HH:mm' }}</td>
<td>{{ session.last_connection_date | date: 'yyyy-MM-dd HH:mm' }}</td> <td>{{ session.last_connection_date | date: 'yyyy-MM-dd HH:mm' }}</td>
<td title="{{ session.user_agent }}">{{ session.ip }}</td>
<td><span ng-show="session.current" class="glyphicon glyphicon-ok"></span></td> <td><span ng-show="session.current" class="glyphicon glyphicon-ok"></span></td>
</tr> </tr>
</tbody> </tbody>

View File

@ -1,3 +1,3 @@
api.current_version=${project.version} api.current_version=${project.version}
api.min_version=1.0 api.min_version=1.0
db.version=9 db.version=10

View File

@ -144,6 +144,9 @@ public class TestUserResource extends BaseJerseyTest {
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus())); Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
json = response.getEntity(JSONObject.class); json = response.getEntity(JSONObject.class);
Assert.assertTrue(json.getJSONArray("sessions").length() > 0); Assert.assertTrue(json.getJSONArray("sessions").length() > 0);
JSONObject session = json.getJSONArray("sessions").getJSONObject(0);
Assert.assertEquals("127.0.0.1", session.getString("ip"));
Assert.assertTrue(session.getString("user_agent").startsWith("Java"));
// Delete all sessions // Delete all sessions
userResource = resource().path("/user/session"); userResource = resource().path("/user/session");