Laravel Authentication Log is a package Log user authentication details and send new device notifications.

Whenever you refresh/visit a new page, a successful login is logged into the database. This is creating a huge log per user. As the screenshot suggests, over time these logs will grow too much .

After firing the Login Event event(new Login('web', $user, $request->remember_me)); the package produces this error:

"message": "syntax error, unexpected '('",
"exception": "ParseError",
 "file": ". . .\\vendor\\rappasoft\\laravel-authentication-log\\src\\Listeners\\LoginListener.php",
"line": 21,

//...

Any help afforded will be appreciated.

Thank you.

EDIT: The package was installed today (11/28/2021 12:28 GMT) using composer require rappasoft/laravel-authentication-log I am using WAMP64 with PHP 7.4 installed, Laravel V8.73.1

This is an automated pull request from Shift to update your package code and dependencies to be compatible with Laravel 9.x.

Before merging, you need to:

• Checkout the l9-compatibility branch
• Review all comments for additional changes
• Thoroughly test your package

If you do find an issue, please report it by commenting on this PR to help improve future automation.

This should remedy and close the following bug:

#8 - The Logout listener was grabbing the first record instead of the latest, causes records to not be updated on logout

Checked for a successful login only.

When a failed login attempt happens the user can receive a notification stating it failed. However, if that same device then successfully signs in the user is not informed about the successful login. From a security stand point the user doesn't know that the bad actor gained access after a failed attempt.

Hey there,

The migration file here https://github.com/rappasoft/laravel-authentication-log/blob/main/database/migrations/create_authentication_log_table.php.stub is missing a down function to drop the table.

its not a big thing, but nice to have

When logging out, the Logout Listener grabs the first occurrence of the log for that user at that ip, and then updates the logout_at of that one, which was not the latest record.

I wouldn't mind contributing to this project if you don't have time to fix it.

I did not find anything in the documentation of this package regarding caching, so I left my CACHE_DRIVER=file. But by doing so, right after installing the package and logging in, I get This cache store does not support tagging.

vendor/laravel/framework/src/Illuminate/Cache/Repository.php:495

Again, I reported this as a bug, since there is no mention regarding the cache in the docs. Removing the package "solved" the problem.

I used the French language, but the emails are partially translated. In fact there is only one term that is translated.

As seen in this screenshot, only the last one is translated.

I searched but I do not understand where it can come from.

When using:

auth()->user()->previousLoginAt();
// or
auth()->user()->previousLoginIp();

They currently do not skip ALL failed login attempts.

For instance, if there is a failed login attempt prior to the current successful login, it will retrieve and return the failed login details.

With this pull request it will fix that issue and skip the failed login attempts and give the true successful previous login.

Changed

• Added missing hasTranslations() - https://github.com/rappasoft/laravel-authentication-log/pull/30
• Improve translation strings - https://github.com/rappasoft/laravel-authentication-log/pull/31

I have three different models that can login to my application: Users, Applications, Enrolments. They are completely different models as they do completely different things. All start like this:

class User extends Authenticatable implements MustVerifyEmail

class Application extends Authenticatable implements MustVerifyEmail

class Enrolment extends Authenticatable implements MustVerifyEmail

but only User has use AuthenticationLoggable;

When an Application or an Enrolment logs in the Login event is triggered and the rappasoft listener Rappasoft\LaravelAuthenticationLog\Listeners\LoginListener::handle responds to it and fails:

$user = $event->user;
$ip = $this->request->ip();
$userAgent = $this->request->userAgent();
$known = $user->authentications()->whereIpAddress($ip)->whereUserAgent($userAgent)->whereLoginSuccessful(true)->first();
$newUser = Carbon::parse($user->{$user->getCreatedAtColumn()})->diffInMinutes(Carbon::now()) < 1;

i.e. when $known = $user->authentications() is called.

I think the listener should stop responding if the user model doesn't use AuthenticationLoggable

Could be the problem in #33 too?

Currently, when logging out of other devices, the listener updates every record for the given user, on a large dataset this can be hundreds of queries. By limiting the scope of the records to only the ones that are not logged out, the number of queries is reduced to a minimum amount.

Hi,

your package v1.x returns SQL error at logout:

Illuminate\Database\QueryException
SQLSTATE[42000]: [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]A column has been specified more than once in the order by list. Columns in the order by list must be unique. (SQL: select top 1 * from [authentication_log] where [authentication_log].[authenticatable_type] = App\User and [authentication_log].[authenticatable_id] = 3 and [authentication_log].[authenticatable_id] is not null and [ip_address] = ::1 and [user_agent] = Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 order by [login_at] desc, [login_at] desc)

which can be resolved by replacing: $log = $user->authentications()->whereIpAddress($ip)->whereUserAgent($userAgent)->orderByDesc('login_at')->first(); with $log = $user->authentications()->whereIpAddress($ip)->whereUserAgent($userAgent)->first();

This packages works great, just I'm experiencing a few "false" new device notifications.

My question is should a user get a notification if they have updated their browser?

Take these two UserAgent strings:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15

I'd suggest the version should be ignored?

I integrated AuthenticationLoggable to 2 model User and Company. AdminUser is without trait but it throws exception in login

All models have diff guards but it still throws an error

[2022-01-13 16:55:47] staging.ERROR: Call to undefined method App\Models\AdminUser::authentications() {"exception":"[object] (BadMethodCallException(code: 0): Call to undefined method App\\Models\\AdminUser::authentications() at /Users/arturas/code/Artme/wil/vendor/laravel/framework/src/Illuminate/Support/Traits/ForwardsCalls.php:71)
[stacktrace]
#0 /Users/arturas/code/Artme/wil/vendor/laravel/framework/src/Illuminate/Support/Traits/ForwardsCalls.php(36): Illuminate\\Database\\Eloquent\\Model::throwBadMethodCallException('authentications')
#1 /Users/arturas/code/Artme/wil/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(2132): Illuminate\\Database\\Eloquent\\Model->forwardCallTo(Object(Illuminate\\Database\\Eloquent\\Builder), 'authentications', Array)
#2 /Users/arturas/code/Artme/wil/vendor/rappasoft/laravel-authentication-log/src/Listeners/LoginListener.php(30): Illuminate\\Database\\Eloquent\\Model->__call('authentications', Array)