Create an audit record for logins and registrations

hpinsley · hpinsley · commit d4a36a01bcdf · 2016-03-04T00:21:03.000-05:00
diff --git a/common/interfaces/SecurityInterfaces.ts b/common/interfaces/SecurityInterfaces.ts
@@ -11,3 +11,21 @@ export interface IUser {
 	lastName:string;
     roles: string[];
 }
+
+export interface ILoginAudit {
+    ip: string;
+}
+
+export interface IRegistrationAudit {
+    firstName: string;
+    lastName: string;
+}
+
+export type AuditDetails = ILoginAudit | IRegistrationAudit;
+
+export interface IAuditRecord {
+    username: string;
+    time: Date;
+    recType: string;
+    details: AuditDetails;
+}
diff --git a/server/routing/ApiRouting.ts b/server/routing/ApiRouting.ts
@@ -128,7 +128,7 @@ export class ApiRouting {
 	// Login a user
 	login(req, res, next) {
 		var loginRequest:ILoginRequest = req.body;
-		this.securityService.login(loginRequest.username, loginRequest.password)
+		this.securityService.login(loginRequest.username, loginRequest.password, req)
 			.then(resp => res.send(resp))
 			.catch(err => next(err));
 	}
diff --git a/server/services/SecurityService.ts b/server/services/SecurityService.ts
@@ -3,7 +3,7 @@ import bcrypt = require('bcrypt');
 
 var mongoskin = require('mongoskin');
 import {IRegistration, IRegistrationResponse, IRegisteredUser, ILoginResult} from '../../common/interfaces/RegistrationInterfaces';
-import {IRole, IUser} from '../../common/interfaces/SecurityInterfaces';
+import {IRole, IUser, IAuditRecord, AuditDetails} from '../../common/interfaces/SecurityInterfaces';
 
 var config = {
 	mongo_url: process.env.SECURITYDATA_URL || 'mongodb://@localhost:27017/security'
@@ -16,11 +16,13 @@ export class SecurityService {
 	db: any;
 	usersCollection: any;
     rolesCollection: any;
+    auditCollection: any;
 
 	constructor() {
 		this.db = mongoskin.db(config.mongo_url, { safe: true });
 		this.usersCollection = this.db.collection('users');
 		this.rolesCollection = this.db.collection('roles');
+        this.auditCollection = this.db.collection('audit');
 	}
 
 	public getUsers(): Q.Promise<IUser[]> {
@@ -113,7 +115,7 @@ export class SecurityService {
         return defer.promise;
 	}
 
-	public login(username:string, password:string) : Q.Promise<ILoginResult> {
+	public login(username:string, password:string, req:any) : Q.Promise<ILoginResult> {
 
 		var defer = Q.defer<ILoginResult>();
 
@@ -124,7 +126,10 @@ export class SecurityService {
                 if (!registeredUser) {
                     defer.resolve({succeeded: false});
                 } else if (bcrypt.compareSync(password, registeredUser.hashedPassword)) {
-					defer.resolve({succeeded: true, userInfo: this.mapUser(registeredUser)});
+                    this.saveAuditRecord(username, 'login', { ip: req.ip})
+                        .then(auditRec => {
+        					defer.resolve({succeeded: true, userInfo: this.mapUser(registeredUser)});
+                         });
 				} else {
 					defer.resolve({succeeded: false});
 				}
@@ -161,7 +166,7 @@ export class SecurityService {
 					defer.resolve({ succeeded: false, failureReason: 'Username is not available.' });
 				} else {
 					var coll = this.usersCollection;
-					coll.find({}, { _id: 0, userId: 1 }).sort({ userId: -1 }).toArray(function(e, users: any[]) {
+					coll.find({}, { _id: 0, userId: 1 }).sort({ userId: -1 }).toArray((e, users: any[]) => {
 						if (e) {
 							defer.reject(e);
 						} else {
@@ -177,15 +182,19 @@ export class SecurityService {
 								hashedPassword: bcrypt.hashSync(registration.password, 10)
 							};
 
-							coll.insert(newUser, {}, function(e, results) {
+							coll.insert(newUser, {}, (e, results) => {
 								if (e) {
 									defer.reject(e);
 								} else {
 									newUser.hashedPassword = null;
-									defer.resolve({
-										succeeded: true,
-										failureReason: ''
-									});
+                                    this.saveAuditRecord(newUser.username, 'register', newUser)
+                                        .then(auditRec => {
+                                            defer.resolve({
+                                                succeeded: true,
+                                                failureReason: ''
+                                            });
+                                        });
+
 								}
 							});
 						}
@@ -210,6 +219,26 @@ export class SecurityService {
         };
     }
 
+    private saveAuditRecord(username:string, recType:string, details:AuditDetails) : Q.Promise<IAuditRecord> {
+		let defer = Q.defer<IAuditRecord>();
+        let auditRecord:IAuditRecord = {
+            username: username,
+            recType: recType,
+            time: new Date(),
+            details: details
+        };
+
+        this.auditCollection.insert(auditRecord, {}, function (e, inserted:IAuditRecord[]) {
+            if (e) {
+                defer.reject(e);
+            } else {
+                defer.resolve(inserted[0]);
+            }
+        });
+
+        return defer.promise;
+    }
+
 	private getUserByUsernameInternal(username: string): Q.Promise<IRegisteredUser> {
 		let defer = Q.defer<IRegisteredUser>();
 		var coll = this.usersCollection;

Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ export class ApiRouting {`
`128`	`128`	`// Login a user`
`129`	`129`	`login(req, res, next) {`
`130`	`130`	`var loginRequest:ILoginRequest = req.body;`
`131`		`- this.securityService.login(loginRequest.username, loginRequest.password)`
	`131`	`+ this.securityService.login(loginRequest.username, loginRequest.password, req)`
`132`	`132`	`.then(resp => res.send(resp))`
`133`	`133`	`.catch(err => next(err));`
`134`	`134`	`}`