From 333dd60b32096ccda0c1b845b7949629f9006a8c Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Wed, 9 Dec 2020 20:38:36 +0000
Subject: [PATCH] Add logging of log ins

---
 app/blueprints/admin/admin.py       |  6 +++---
 app/blueprints/github/__init__.py   | 12 +++++++----
 app/blueprints/users/account.py     |  4 +++-
 app/blueprints/users/claim.py       |  6 +++---
 app/templates/admin/audit.html      |  2 +-
 app/templates/macros/audit_log.html |  4 ++--
 app/templates/users/account.html    |  2 +-
 app/utils.py                        | 33 -----------------------------
 8 files changed, 21 insertions(+), 48 deletions(-)

diff --git a/app/blueprints/admin/admin.py b/app/blueprints/admin/admin.py
index 91a9f494..302559b9 100644
--- a/app/blueprints/admin/admin.py
+++ b/app/blueprints/admin/admin.py
@@ -19,7 +19,7 @@ import os
 
 from celery import group
 from flask import *
-from flask_login import current_user
+from flask_login import current_user, login_user
 from flask_wtf import FlaskForm
 from wtforms import *
 from wtforms.validators import InputRequired, Length
@@ -27,7 +27,7 @@ from wtforms.validators import InputRequired, Length
 from app.models import *
 from app.tasks.forumtasks import importTopicList, checkAllForumAccounts
 from app.tasks.importtasks import importRepoScreenshot, checkZipRelease, updateMetaFromRelease, importForeignDownloads
-from app.utils import loginUser, rank_required, addAuditLog, addNotification
+from app.utils import rank_required, addAuditLog, addNotification
 from . import bp
 
 
@@ -182,7 +182,7 @@ def switch_user():
 		user = User.query.filter_by(username=form["username"].data).first()
 		if user is None:
 			flash("Unable to find user", "danger")
-		elif loginUser(user):
+		elif login_user(user):
 			return redirect(url_for("users.profile", username=current_user.username))
 		else:
 			flash("Unable to login as user", "danger")
diff --git a/app/blueprints/github/__init__.py b/app/blueprints/github/__init__.py
index 376fb211..4558de5d 100644
--- a/app/blueprints/github/__init__.py
+++ b/app/blueprints/github/__init__.py
@@ -19,11 +19,11 @@ from flask import Blueprint
 bp = Blueprint("github", __name__)
 
 from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
-from flask_login import current_user, login_required
+from flask_login import current_user, login_required, login_user
 from sqlalchemy import func, or_, and_
 from app import github, csrf
-from app.models import db, User, APIToken, Package, Permission
-from app.utils import loginUser, randomString, abs_url_for
+from app.models import db, User, APIToken, Package, Permission, AuditSeverity
+from app.utils import randomString, abs_url_for, addAuditLog
 from app.blueprints.api.support import error, handleCreateRelease
 import hmac, requests, json
 
@@ -72,7 +72,11 @@ def callback(oauth_token):
 		if userByGithub is None:
 			flash("Unable to find an account for that Github user", "danger")
 			return redirect(url_for("users.claim"))
-		elif loginUser(userByGithub):
+		elif login_user(userByGithub, remember=True):
+			addAuditLog(AuditSeverity.USER, userByGithub, "Logged in using GitHub OAuth",
+					url_for("users.profile", username=userByGithub.username))
+			db.session.commit()
+
 			if not current_user.password:
 				return redirect(next_url or url_for("users.set_password", optional=True))
 			else:
diff --git a/app/blueprints/users/account.py b/app/blueprints/users/account.py
index f4a1f7d6..4d0ac0aa 100644
--- a/app/blueprints/users/account.py
+++ b/app/blueprints/users/account.py
@@ -57,6 +57,9 @@ def handle_login(form):
 		flash("You need to confirm the registration email", "danger")
 		return
 
+	addAuditLog(AuditSeverity.USER, user, "Logged in using password",
+			url_for("users.profile", username=user.username))
+	db.session.commit()
 
 	login_user(user)
 	flash("Logged in successfully.", "success")
@@ -140,7 +143,6 @@ def register():
 		if ret:
 			return ret
 
-
 	return render_template("users/register.html", form=form, suggested_password=genphrase(entropy=52, wordset="bip39"))
 
 
diff --git a/app/blueprints/users/claim.py b/app/blueprints/users/claim.py
index 1a70ee24..3552510b 100644
--- a/app/blueprints/users/claim.py
+++ b/app/blueprints/users/claim.py
@@ -14,11 +14,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-
+from flask_login import login_user
 from . import bp
 from flask import redirect, render_template, session, request, flash, url_for
 from app.models import db, User, UserRank
-from app.utils import randomString, loginUser
+from app.utils import randomString
 from app.tasks.forumtasks import checkForumAccount
 from app.tasks.phpbbparser import getProfile
 import re
@@ -102,7 +102,7 @@ def claim():
 					db.session.add(user)
 					db.session.commit()
 
-				if loginUser(user):
+				if login_user(user, remember=True):
 					return redirect(url_for("users.set_password"))
 				else:
 					flash("Unable to login as user", "danger")
diff --git a/app/templates/admin/audit.html b/app/templates/admin/audit.html
index d80065ec..823c6290 100644
--- a/app/templates/admin/audit.html
+++ b/app/templates/admin/audit.html
@@ -11,6 +11,6 @@ Audit Log
 	{% from "macros/audit_log.html" import render_audit_log %}
 
 	{{ render_pagination(pagination, url_set_query) }}
-	{{ render_audit_log(log, show_view=True) }}
+	{{ render_audit_log(log) }}
 	{{ render_pagination(pagination, url_set_query) }}
 {% endblock %}
diff --git a/app/templates/macros/audit_log.html b/app/templates/macros/audit_log.html
index a08e45e9..5ef8e276 100644
--- a/app/templates/macros/audit_log.html
+++ b/app/templates/macros/audit_log.html
@@ -1,8 +1,8 @@
-{% macro render_audit_log(log, show_view=False) -%}
+{% macro render_audit_log(log) -%}
 	<div class="list-group mt-3">
 		{% for entry in log %}
 			<a class="list-group-item list-group-item-action"
-				{% if entry.description and show_view %}
+				{% if entry.description %}
 					href="{{ url_for('admin.audit_view', id=entry.id) }}">
 				{% else %}
 					href="{{ entry.url }}">
diff --git a/app/templates/users/account.html b/app/templates/users/account.html
index ddd9320b..0ba136b6 100644
--- a/app/templates/users/account.html
+++ b/app/templates/users/account.html
@@ -66,7 +66,7 @@
 <h3>{{ _("Recent Account Actions") }}</h3>
 
 {% from "macros/audit_log.html" import render_audit_log %}
-{{ render_audit_log(user.audit_log_entries.limit(10).all(), show_view=True) }}
+{{ render_audit_log(user.audit_log_entries.limit(10).all()) }}
 
 <h3>{{ _("Account Deletion and Deactivation") }}</h3>
 
diff --git a/app/utils.py b/app/utils.py
index 3a0a2924..3a882e32 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -149,39 +149,6 @@ def make_flask_login_password(plaintext):
 	return bcrypt.hash(plaintext.encode("UTF-8"))
 
 
-def loginUser(user):
-	def _call_or_get(v):
-		if callable(v):
-			return v()
-		else:
-			return v
-
-	# User must have been authenticated
-	if not user:
-		return False
-
-	if user.rank == UserRank.BANNED:
-		flash("You have been banned.", "danger")
-		return False
-
-	user.is_active = True
-	if not user.rank.atLeast(UserRank.NEW_MEMBER):
-		user.rank = UserRank.MEMBER
-
-	db.session.commit()
-
-	# Check if user account has been disabled
-	if not _call_or_get(user.is_active):
-		flash("Your account has not been enabled.", "danger")
-		return False
-
-	login_user(user, remember=True)
-
-	flash("You have signed in successfully.", "success")
-
-	return True
-
-
 def rank_required(rank):
 	def decorator(f):
 		@wraps(f)