ankane / authtrail Goto Github PK

Please create a new issue to discuss any ideas or share your own.

• Expand to more activities - sign outs, email changes, password changes, password reset requests, locks, unlocks, and confirmations - activity_type branch
• Rename model to AuthTrail::Activity (existing users can have it use login_activities table) - authtrail_activity branch

If you have a model other than "User", for example in crowdAI, we are using a model called "Participant", this gem will still work with a small change ... just refer to the classname.

login_activity.rb

class LoginActivity < ApplicationRecord
  belongs_to :user, polymorphic: true, optional: true, class_name: 'Participant'
end

Awesome gem, @ankane !

Hi, this gem works with mongodb, however it pulls in activerecord as a dependency which isn't ideal in this scenario.
Is there a possibility of making it so that activerecord can be configured by the using app rather than the default?

I have a use case, I'm trying to save info from a non devise model that belongs_to a devise model, EG: User -> LoginDevice -> LoginActivity, and I would like to track when a LoginDevice is unknown, this is checked from a fingerprint field inside of the LoginDevice model, in fact, I have the follow logic inside of de create action in the Devise SessionsController

# user.rb
class User < ActiveRecord::Base
  has_many :login_devices
end

# login_device.rb
class LoginDevice < ActiveRecord::Base
  belongs_to :user
  has_many :login_activities, as: :user
end

# login_activity.rb
class LoginActivity < ActiveRecord::Base
  belongs_to :user, polymorphic: true, class_name: 'LoginDevice'
end

# sessions_controller.rb
def create
  super do
    dev = resource.login_devices.where(fingerprint: params[:user][:fingerprint]).first_or_create do |device|
        # some code here
    end
     # AuthTrail maybe could track from here but still not tracking from the LoginDevice model
  end
end

I know that I can just do something like LoginActivity.create!(data) but I would like to know if there is a way to do automatically in order to preserve the current logic but with a non devise model

Hello,
I have 3 models with Devise authentication.
But I want to just track login activity of particular Model not for all Models.

So can I do this using this Gem?

just seeing if this is possible

All AuthTrail::GeocodeJob now raise NotImplementedError in my Sidekiq log.

Not sure how long they've been happening, I only just found them. But we did recently upgrade to Rails 6.1.3.2.

Even in the Rails console, AuthTrail::GeocodeJob.new.perform raises NotImplementedError.

Initializer just contains:

AuthTrail.geocode = true
AuthTrail.job_queue = :geocode

Authtrail gem is version 0.3.1.

Hey there @ankane! I've been evaluating authtrail for use in an open-source product for schools, https://github.com/studentinsights/studentinsights.

Our app uses a custom Devise strategy we're calling "ldap_authenticatable_tiny" instead of the default "database_authenticatable" strategy.

One issue I noticed while testing out authtrail is that when a user fails a login attempt, that login activity is always stored with a strategy of "database_authenticatable", whether or not that was the actual strategy used. Here's the relevant line of code: https://github.com/ankane/authtrail/blob/master/lib/auth_trail/manager.rb#L32.

I looked through the code and saw that in the Warden::Manager.before_failure callback, Warden doesn't pass in enough information to let us know what strategy is used. That makes me think "database_authenticatable" is being used as a generic default.

Would you be open to a pull request that allows a developer installing authtrail to configure which string they'd like to pass in as a default for the "strategy" column on failed LoginActivity records? In the case of my app, I'd like to pass in "ldap_authenticatable_tiny". That will help keep our LoginActivity table correct and sensible, since it wouldn't make sense to fill the table with failed logins using a strategy we don't support.

If this would be a welcome PR, I'd want to take a pass at it. Thanks!

Deploying on heroku and the error is

Geocode failed: Could not load geoip dependency. To use MaxMind Local lookup you must add the geoip gem to your Gemfile or have it installed in your system.

From the heroku rails console we see that the file is locate there.

irb(main):011:0> `ls /usr/share/GeoIP/GeoIP.dat`
=> "/usr/share/GeoIP/GeoIP.dat\n"

Gemfile is

# Geocoding
# https://github.com/ankane/authtrail#local-geocoding
gem "geocoder"
gem "maxminddb"

config/initializers/geocoder.rb is

# https://github.com/ankane/authtrail#local-geocoding
Geocoder.configure(
  ip_lookup: :maxmind_local,
  maxmind_local: {
    file: "/usr/share/GeoIP/GeoIP.dat",
    package: :country
  }
)

I guess that by following the readme and with this setup it should work, but it does not. Version is

authtrail (0.4.3)
geocoder (1.8.1)
maxminddb (0.1.22)

Logging of successful logins is working as expected, but none of the wrong password attempts are being saved. Running authtrail 0.1.3 with devise 4.5.0 (And devise-two-factor) on 5.2.0.

Am I missing something? Only thing I've changed from the default config is disabling geocoding.

great gem! it would be cool if it also had a built-in mechanism for purging old records:

i.e. a global setting that either keeps:

• N most recent logins per user/identity, or
• N days worth of login history

I have this error while running the install command rails generate authtrail:install. Is there anything I'm missing out(such as autoloading)? This project is using Ruby 2.4.2, Rails 5.0.2.

/Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/authtrail-0.1.0/app/jobs/auth_trail/geocode_job.rb:2:in `<module:AuthTrail>': uninitialized constant AuthTrail::ApplicationJob (NameError)
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/authtrail-0.1.0/app/jobs/auth_trail/geocode_job.rb:1:in `<top (required)>'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/activesupport-5.0.2/lib/active_support/dependencies/interlock.rb:12:in `block in loading'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/activesupport-5.0.2/lib/active_support/concurrency/share_lock.rb:150:in `exclusive'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/activesupport-5.0.2/lib/active_support/dependencies/interlock.rb:11:in `loading'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/engine.rb:476:in `block (2 levels) in eager_load!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/engine.rb:475:in `each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/engine.rb:475:in `block in eager_load!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/engine.rb:473:in `each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/engine.rb:473:in `eager_load!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/engine.rb:354:in `eager_load!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/application/finisher.rb:59:in `each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/application/finisher.rb:59:in `block in <module:Finisher>'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/initializable.rb:30:in `instance_exec'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/initializable.rb:30:in `run'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/initializable.rb:55:in `block in run_initializers'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:228:in `block in tsort_each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:431:in `each_strongly_connected_component_from'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:349:in `block in each_strongly_connected_component'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:347:in `each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:347:in `call'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:347:in `each_strongly_connected_component'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:226:in `tsort_each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/2.4.0/tsort.rb:205:in `tsort_each'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/initializable.rb:54:in `run_initializers'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/application.rb:352:in `initialize!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/railtie.rb:193:in `public_send'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/railtie.rb:193:in `method_missing'
	from /Users/waiyanyoon/Documents/workspace/project/config/environment.rb:5:in `<top (required)>'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/application.rb:328:in `require_environment!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/commands/commands_tasks.rb:157:in `require_application_and_environment!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/commands/commands_tasks.rb:143:in `generate_or_destroy'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/commands/commands_tasks.rb:60:in `generate'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/commands/commands_tasks.rb:49:in `run_command!'
	from /Users/waiyanyoon/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/railties-5.0.2/lib/rails/commands.rb:18:in `<top (required)>'
	from bin/rails:4:in `require'
	from bin/rails:4:in `<main>'

Hi! I am using Cloudflare and the IP address logged is one of Cloudflare's IPs. Is it possible to log the actual IP of the client? In the rest of the app I get it from the CF-Connecting-IP header that Cloudflare sets. Thanks!

Hi there! First, thanks for your awesome work!

I'm using AuthTrail for a while now. To fit my use case, I'm looking for a workaround to:

1. Delete fields I don't use: city region latitude longitude
   I got this error when delete those fields, obviously:

Error performing AuthTrail::GeocodeJob (Job ID: d7bef36a-5fe6-468f-a70b-79353f11bff9) from Async(default) in 2.55ms: ActiveRecord::StatementInvalid (Mysql2::Error: Unknown column 'city' in 'field list': UPDATE login_activities SET city = NULL, region = NULL, country = 'United States', latitude = 0.0, longitude = 0.0 WHERE login_activities.id = 1):

2. Add extra custom field(s) to LoginActivity. Other than fields from Devise, we want to save some extra field(s).

What do you think about this? Thanks a lot!

I just got this setup in our environment and it's solving our needs perfectly!

I wanted to share a bit of setup that might be useful to others, but didn't want to open a PR until chatting about where it should go.

The situation: when running apps on Google Cloud, their load balancers/ingresses will provide client geocode information to your application so you don't have to do it yourself.

config/initializers/authtrail.rb

AuthTrail.geocode = false

AuthTrail.transform_method = lambda do |data, request|
  data[:country] = request.headers['HTTP_X_CLIENT_REGION']
  data[:region] = request.headers['HTTP_X_CLIENT_REGION_SUBDIVISION']
  data[:city] = request.headers['HTTP_X_CLIENT_CITY']

  if (value = request.headers['HTTP_X_CLIENT_CITY_LATLONG'])
    lat, long = value.split(',').map(&:to_f)
    data[:latitude] = lat
    data[:longitude] = long
  end
end

When using Kubernetes, you get these headers by creating a BackendConfig and wiring it up to your Service

---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: myapp-backend-beconf
  labels:
    app: myapp
    tier: backend
spec:
  customRequestHeaders:
    headers:
      - "X-Client-Region:{client_region}"
      - "X-Client-Region-Subdivision:{client_region_subdivision}"
      - "X-Client-City:{client_city}"
      - "X-Client-City-LatLong:{client_city_lat_long}"

---
apiVersion: v1
kind: Service
metadata:
  name: myapp-backend
  labels:
    app: myapp
    tier: backend
  annotations:
    cloud.google.com/backend-config: '{"default": "myapp-backend-beconf"}'

See https://cloud.google.com/load-balancing/docs/custom-headers#variables

Google puts the country code in the 'region' field, probably because of Hong Kong, Macau, Taiwan, Kosovo, etc...

Getting the following error

undefined method transform_method=' for AuthTrail:Module (NoMethodError)`

when defining AuthTrail.transform_method = lambda do |data, request| in the authtrail.rb file in the initializer

I have the gem installed successfully and other methods seem to work but the transform_method just fails

gem version authtrail (0.1.3)

the private method is used for detecting auth strategies

  def detect_strategy(auth)
    strategy = auth.env["omniauth.auth"]["provider"] if auth.env["omniauth.auth"]
    strategy ||= auth.winning_strategy.class.name.split("::").last.underscore if auth.winning_strategy
    strategy ||= "database_authenticatable"
    strategy
  end

The problem appears with the device-jwt gem due to incorrect parsing.
For example, Warden::JWTAuth::Strategy transforms into strategy.

Expected result:
Warden::JWTAuth::Strategy => jwtauth_strategy
or
Warden::JWTAuth::Strategy => jwtauth

Can some custom strategy parser be added, for example, by initializer config?

At the moment, the test suite for gem is not really careful written. All I see is only test test_that_it_has_a_version_number.

https://github.com/ankane/authtrail/blob/master/test/authtrail_test.rb

I know it's bored and nothing interesting but I'm really interested on how we could write test. Because our gem depend on call warden callback Warden::Manager.after_set_user and Warden::Manager.before_failure. How we can trigger those on test mode 🤔

Hello @ankane !

I'm trying to use the "account_activity" branch to get the signout log but after add: "devise :trailable" the server doesn't work, instead shows the following error: `const_get': uninitialized constant Devise::Models::Trailable (NameError).

Any ideas?

Regards!

A. This is a really awesome concept we are looking to bring to our applications. Account Takeovers (ATO) instrumentation is a great offering to many web apps.
B. This issue is not a problem with the project as is, but us trying to engage with you to see if you are amenable to the extensions we're interested in building.

My wish list, which we would happily do the work on, is to expand the scope of tracking from LoginActivity to what I will call UserAccountActivity.

In particular we want to record a variety of events, initial list includes

1. log-in - when a User successfully logs in
2. log-in-denied - when someone fails to log in
3. log-out - when the User logs out
4. password-reset-request - someone asked to reset a User password
5. password-reset-request-denied - someone asked to reset their password with invalid details
6. password-reset - when a User reset their password
7. email-update - when a User email is changed
8. page-view - when a page is viewed (probably only for sensitive pages)

Would you accept PRs down this path? Do you have any concerns about backwards compatibility on schema changes? Obviously forking is an option for us but we'd prefer to contribute here.

I have this error while running the install command rails generate authtrail:install. Just tried today and have this problem.
This project is using Rails 5.2.3, Ruby 2.6.2.

Traceback (most recent call last):
        20: from bin/rails:6:in `<main>'
        19: from bin/rails:6:in `require'
        18: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/commands.rb:18:in `<top (required)>'
        17: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/command.rb:46:in `invoke'
        16: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/command/base.rb:65:in `perform'
        15: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
        14: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
        13: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
        12: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/commands/generate/generate_command.rb:21:in `perform'
        11: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/command/actions.rb:14:in `require_application_and_environment!'
        10: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/command/actions.rb:22:in `require_application!'
         9: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/command/actions.rb:22:in `require'
         7: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler.rb:114:in `require'
         6: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler/runtime.rb:65:in `require'
         5: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler/runtime.rb:65:in `each'
         4: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler/runtime.rb:76:in `block in require'
         3: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler/runtime.rb:76:in `each'
         2: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler/runtime.rb:81:in `block (2 levels) in require'
         1: from ~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/bundler-2.0.2/lib/bundler/runtime.rb:81:in `require'
~/.rbenv/versions/2.6.2/lib/ruby/gems/2.6.0/gems/authtrail-0.2.0/lib/authtrail.rb:65:in `<top (required)>': uninitialized constant Warden (NameError)

HI, I am seeing this message with Rails 6. Any idea of how to fix? Thanks!

https://github.com/ankane/authtrail/blob/master/lib/auth_trail/manager.rb#L20-L33

before_fail doesn't track which user, so an alternative has_many is:

has_many :login_activities, class_name: "LoginActivity", primary_key: 'email', foreign_key: "identity"

the docs should mention this, I think it's a reasonable addition

Hi - I'm seeing an issue where the IP geocoding job isn't storing the lat/lng for my AuthTrail records, but it is storing the city/state/country. I've added a latitude/longitude field to my login_activities table, and verified that the Geocoder I'm using responds to the necessary methods:

[4] pry(main)> r = Geocoder.search("4.4.4.4").first
=> #<Geocoder::Result::IpinfoIo:0x00007ffeac90e748
 @cache_hit=true,
 @data=
  {"ip"=>"4.4.4.4",
   "city"=>"Broomfield",
   "region"=>"Colorado",
   "country"=>"US",
   "loc"=>"39.8854,-105.1139",
   "postal"=>"80021",
   "timezone"=>"America/Denver"}>
[5] pry(main)> r.try(:latitude)
=> 39.8854

[11] pry(main)> LoginActivity.new
=> #<LoginActivity:0x00007ffeb03058c0
 id: nil,
 scope: nil,
 strategy: nil,
 identity: nil,
 success: nil,
 failure_reason: nil,
 user_id: nil,
 user_type: nil,
 context: nil,
 ip: nil,
 user_agent: nil,
 referrer: nil,
 city: nil,
 region: nil,
 country: nil,
 created_at: nil,
 latitude: nil,
 longitude: nil>

That seems to be all the geocoding job would need in order to store the lat/lng, but I'm only seeing city, etc. I can poke around further, but any thoughts as to what I'm missing here?

Here's an example with real data:

irb(main):009:0> ap LoginActivity.last
#<LoginActivity:0x00007f402cd62b80> {
                :id => 4356,
             :scope => "user",
          :strategy => "rememberable",
          :identity => "[email protected]",
           :success => true,
    :failure_reason => nil,
           :user_id => 7346438,
         :user_type => "User",
           :context => "foo#home",
                :ip => "75.67.123.138",
        :user_agent => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36",
          :referrer => nil,
              :city => "Plymouth",
            :region => "Massachusetts",
           :country => "US",
        :created_at => Wed, 22 Apr 2020 23:22:19 UTC +00:00,
          :latitude => nil,
         :longitude => nil
}
=> nil

irb(main):014:0> ap Geocoder.search("75.67.123.138").first.data
{
          "ip" => "75.67.123.138",
        "city" => "Plymouth",
      "region" => "Massachusetts",
     "country" => "US",
         "loc" => "41.9584,-70.6673",
      "postal" => "02362",
    "timezone" => "America/New_York"
}
=> nil
irb(main):016:0> Geocoder.search("75.67.123.138").first.latitude
=> 41.9584

0.5

• Remove activerecord from gemspec - #46

1.0

• Expand to more activities - sign outs, email changes, password changes, password reset requests, locks, unlocks, and confirmations - activity_type branch
• Rename model to AuthTrail::Activity (existing users can have it use login_activities table) - authtrail_activity branch

Hi, i have 3 different login models, and i want to set different authtrail tables for each one... The readme says to use bellow code for that, where should I put that? How do I make for use different authtrail tables for different models?

AuthTrail.track_method = proc do |info|
  # code
end

Hello,

I'm trying use the gem using Elastic Beanstalk for the app. EB don't support application job, I tried disable using AuthTrail.geocode = false @ application.rb but still break the app because try run ApplicationJob

There's another way?

Thank you!

Thanks again for the insane number of quality gems you have released!

I was just looking at getting more audit log history tracking and thought about authtrail.

In my perfect world, this would be having a method like "record_action" that takes:

• the devise user
• a string capturing the action (maybe enforce a slight convention there like path-style /-delimitation to do begin-with matching)
• an object it was performed on (because there usually is such an object) as a string. Then one could use a GlobalID or a path_for.
• a polymorphic association of an 'audit_scope' that is something like an Account or Tenant for multi-tenant SaaS products where there are many users in an account, and many accounts in the system.

That would cover virtually everything that was needed.

The bonus points here is that one could probably then make an around_action in the ApplicationController that called that method on any POST or PATCH and feed most of the data needed on it based off of the standard stuff in Current and in the request.

This has flavors of what the AuditLog gem does, but AuthTrail is an interesting place for it because you were wise to hook in closer to the user auth events which are so critical and you can't get without a ton of manual work with something like AuditLog.

Hello. So I have Mysql on board and I am using mysql2 gem,

ruby "2.3.4"
gem 'rails', '~> 5.1.5'
gem 'mysql2'
gem 'devise'
gem 'omniauth'
gem 'omniauth-twitter'
gem 'omniauth-facebook'
gem 'omniauth-vkontakte'
gem 'omniauth-google-oauth2'
gem 'omniauth-odnoklassniki'
gem "omniauth-yandex"
gem 'authtrail'

When trying to install this gem automatic migration is created and it throws

StandardError: An error has occurred, all later migrations canceled:
Mysql2::Error: BLOB/TEXT column 'identity' used in key specification without a key length: CREATE  INDEX `index_login_activities_on_identity`  ON `login_activities` (`identity`) 

and thus I am left with a pending migration.

Hello guys,

i have this when i enable geocode after signin
Failed enqueuing AuthTrail::GeocodeJob to GoodJob(low_priority): ActiveModel::MissingAttributeError (can't write unknown attribute active_job_id)

rails-7.1.3.2
ruby 3.2.2
authtrail-0.5.0

Hey!
I've found that migration is having the following issue with a rubocop - Rails/ThreeStateBooleanColumn in this line

      t.boolean :success

I've fixed it with following

      t.boolean :success, null: false, default: true

But it looks like there are possible false negative cases, what do you think?

When using this gem with Devise.paranoid = true we are seeing an issue.

• When you get a password wrong, devise returns a 200 and the form again.

• When you get a username wrong (doesn't exist) in paranoid mode it also returns a 200 and the form. The user cannot enumerate known/unknown username lists.

• With authtrail 0.2.2 this worked fine.

• With authtrail 0.3.0 and higher, it will "Raise an exception instead of logging when auditing fails". This bubbles up to the front end and thus Devise now reveals the non-existence of a user.

Can we make come config to disable that change? Or, is there guidance on how to handle the exception and stay "paranoid"? Thanks!

Hi there

I have an issue where my Geocoding jobs arent being completed by Sidekiq and are returning a deserialization error as follows. Is there any way to hint to the authtrail geocoder 'service' to make those actions only after the create commit action, or to indicate they should wait for a while before occuring?

just now | default | AuthTrail::GeocodeJob | {"_aj_globalid"=>"gid://app/LoginActivity/619929"} | ActiveJob::DeserializationError: Error while trying to deserialize arguments: Couldn't find LoginActivity with 'id'=619929
ActiveJob::DeserializationError: Error while trying to deserialize arguments: Couldn't find LoginActivity with 'id'=619929

Thanks
David

Hello,

I think it would be great, if we save to Login Activity table an email from login attempt, or username, it depends on devise login settings.

Best regards,

I have a question about this LOD:

def detect_strategy(auth)
  strategy = auth.env["omniauth.auth"]["provider"] if auth.env["omniauth.auth"]
  strategy ||= auth.winning_strategy.class.name.split("::").last.underscore if auth.winning_strategy
  strategy ||= "database_authenticatable"
  strategy
end

What and when auth.winning_strategy will be nil? 🤔