forked from baron/baron-sso
headless password login 접속 이력 반영
This commit is contained in:
@@ -2520,6 +2520,8 @@ func (h *AuthHandler) HeadlessPasswordLogin(c *fiber.Ctx) error {
|
||||
c.Locals("user_id", authInfo.Subject)
|
||||
c.Locals("login_id", loginID)
|
||||
setSessionIDLocal(c, authInfo.SessionToken)
|
||||
attachAuditClientDetails(c, loginReq.Client)
|
||||
appendAuditDetail(c, "login_challenge", loginChallenge)
|
||||
|
||||
acceptResp, err := h.Hydra.AcceptLoginRequest(c.Context(), loginChallenge, authInfo.Subject)
|
||||
if err != nil {
|
||||
@@ -2903,6 +2905,19 @@ func attachAuditClientDetails(c *fiber.Ctx, client domain.HydraClient) {
|
||||
})
|
||||
}
|
||||
|
||||
func appendAuditDetail(c *fiber.Ctx, key string, value any) {
|
||||
if c == nil || strings.TrimSpace(key) == "" || value == nil {
|
||||
return
|
||||
}
|
||||
|
||||
extra, _ := c.Locals("audit_details_extra").(map[string]any)
|
||||
if extra == nil {
|
||||
extra = make(map[string]any)
|
||||
}
|
||||
extra[key] = value
|
||||
c.Locals("audit_details_extra", extra)
|
||||
}
|
||||
|
||||
// InitiatePasswordReset - 사용자가 비밀번호 재설정을 시작하면, loginID 유형에 따라 이메일 또는 SMS를 보냅니다.
|
||||
func (h *AuthHandler) InitiatePasswordReset(c *fiber.Ctx) error {
|
||||
startTime := time.Now()
|
||||
@@ -4423,7 +4438,8 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
|
||||
path := strings.ToLower(extractAuditPath(log))
|
||||
|
||||
isOidcAccept := strings.Contains(path, "/api/v1/auth/oidc/login/accept")
|
||||
isPasswordLogin := strings.Contains(path, "/api/v1/auth/password/login")
|
||||
isPasswordLogin := strings.Contains(path, "/api/v1/auth/password/login") ||
|
||||
strings.Contains(path, "/api/v1/auth/headless/password/login")
|
||||
|
||||
// 우선 audit details의 client 정보를 사용
|
||||
if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
|
||||
@@ -5696,7 +5712,8 @@ func deriveAuthMethod(log domain.AuditLog) string {
|
||||
}
|
||||
|
||||
switch {
|
||||
case strings.Contains(path, "/api/v1/auth/password/login"):
|
||||
case strings.Contains(path, "/api/v1/auth/password/login"),
|
||||
strings.Contains(path, "/api/v1/auth/headless/password/login"):
|
||||
if kind == "email" {
|
||||
return "비밀번호(Email)"
|
||||
}
|
||||
@@ -7363,6 +7380,7 @@ func (h *AuthHandler) loadSessionAuditHints(ctx context.Context, userID string)
|
||||
"consent.granted",
|
||||
"POST /api/v1/auth/oidc/login/accept",
|
||||
"POST /api/v1/auth/password/login",
|
||||
"POST /api/v1/auth/headless/password/login",
|
||||
"POST /api/v1/auth/magic-link/verify",
|
||||
"POST /api/v1/auth/login/code/verify",
|
||||
"POST /api/v1/auth/qr/approve",
|
||||
@@ -7476,7 +7494,8 @@ func deriveSessionClientInfo(log domain.AuditLog) (string, string) {
|
||||
appName = "코드 로그인"
|
||||
case strings.Contains(path, "/api/v1/auth/magic-link/verify"):
|
||||
appName = "링크 로그인"
|
||||
case strings.Contains(path, "/api/v1/auth/password/login"):
|
||||
case strings.Contains(path, "/api/v1/auth/password/login"),
|
||||
strings.Contains(path, "/api/v1/auth/headless/password/login"):
|
||||
appName = "비밀번호 로그인"
|
||||
}
|
||||
}
|
||||
@@ -7547,6 +7566,7 @@ func (h *AuthHandler) loadSessionClientBindings(ctx context.Context, userID stri
|
||||
"consent.granted",
|
||||
"POST /api/v1/auth/oidc/login/accept",
|
||||
"POST /api/v1/auth/password/login",
|
||||
"POST /api/v1/auth/headless/password/login",
|
||||
"password_login_success",
|
||||
"login_success",
|
||||
}, 200)
|
||||
|
||||
Reference in New Issue
Block a user