feat: enhance authentication auditing and IP handling

tacxou · tacxou · commit d050bb4fd254 · 2026-05-05T15:27:54.000+02:00
- Implemented client IP resolution in the authentication process, allowing for better tracking of user login attempts.
- Added auditing capabilities for authentication events, including success and failure logs with associated IP addresses.
- Updated the authentication service to validate client IP against allowed networks, enhancing security measures.
- Enhanced the audit schema to include IP information, providing more context for audit logs.
- Introduced new unit tests to ensure the reliability of the authentication auditing features and IP validation logic.
diff --git a/apps/api/src/core/audits/audits.controller.ts b/apps/api/src/core/audits/audits.controller.ts
@@ -39,6 +39,7 @@ export class AuditsController extends AbstractController {
     op: 1,
     ip: 1,
     agent: 1,
+    'data.result': 1,
     'changes.path': 1,
     'changes.type': 1,
     metadata: 1,
diff --git a/apps/api/src/core/audits/audits.service.ts b/apps/api/src/core/audits/audits.service.ts
@@ -45,7 +45,7 @@ export class AuditsService extends AbstractServiceSchema<Audits> {
   public async createAuthenticationAudit(params: {
     username: string
     ip: string | null
-    result: 'success' | 'failure'
+    result: 'success' | 'failed'
     reason: string
     agentId?: Types.ObjectId | string
   }): Promise<Audits> {
diff --git a/apps/api/src/core/auth/auth.service.ts b/apps/api/src/core/auth/auth.service.ts
@@ -81,7 +81,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
         await this.auditAuthenticationAttempt({
           username,
           ip,
-          result: 'failure',
+          result: 'failed',
           reason: 'invalid_credentials',
           agentId: user?._id,
         });
@@ -92,7 +92,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
         await this.auditAuthenticationAttempt({
           username,
           ip,
-          result: 'failure',
+          result: 'failed',
           reason: ip ? 'network_not_allowed' : 'ip_unavailable',
           agentId: user?._id,
         });
@@ -113,7 +113,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
       await this.auditAuthenticationAttempt({
         username,
         ip,
-        result: 'failure',
+        result: 'failed',
         reason: 'internal_error',
         agentId: user?._id,
       });
@@ -146,7 +146,7 @@ export class AuthService extends AbstractService implements OnModuleInit {
   protected async auditAuthenticationAttempt(params: {
     username: string;
     ip: string | null;
-    result: 'success' | 'failure';
+    result: 'success' | 'failed';
     reason: string;
     agentId?: Types.ObjectId | string;
   }): Promise<void> {
diff --git a/apps/web/src/composables/useAuditsTable.ts b/apps/web/src/composables/useAuditsTable.ts
@@ -37,7 +37,19 @@ export function createDefaultAuditDiffDialogState() {
   }
 }
 
-export function getAuditOperationLabel(op?: string): string {
+export function resolveAuthenticationResult(result?: string): 'success' | 'failed' | null {
+  if (result === 'success') return 'success'
+  if (result === 'failed' || result === 'failure') return 'failed'
+  return null
+}
+
+export function getAuditOperationLabel(op?: string, authenticationResult?: string): string {
+  if (op === 'authentication') {
+    const resolvedResult = resolveAuthenticationResult(authenticationResult)
+    if (resolvedResult === 'success') return 'Succès'
+    if (resolvedResult === 'failed') return 'Fail'
+  }
+
   switch (op) {
     case 'insert':
       return 'Creation'
@@ -47,14 +59,19 @@ export function getAuditOperationLabel(op?: string): string {
       return 'Suppression'
     case 'replace':
       return 'Remplacement'
-    case 'authentication':
-      return 'Authentification'
     default:
       return op || 'Inconnue'
   }
 }
 
-export function getAuditOperationColor(op?: string): string {
+export function getAuditOperationColor(op?: string, authenticationResult?: string): string {
+  if (op === 'authentication') {
+    const resolvedResult = resolveAuthenticationResult(authenticationResult)
+    if (resolvedResult === 'success') return 'positive'
+    if (resolvedResult === 'failed') return 'negative'
+    return 'grey-6'
+  }
+
   switch (op) {
     case 'insert':
       return 'positive'
@@ -64,8 +81,6 @@ export function getAuditOperationColor(op?: string): string {
       return 'negative'
     case 'replace':
       return 'warning'
-    case 'authentication':
-      return 'deep-orange'
     default:
       return 'grey-7'
   }
diff --git a/apps/web/src/pages/audits/table.vue b/apps/web/src/pages/audits/table.vue
@@ -60,9 +60,9 @@ q-page.container.q-pa-sm
         q-chip(
           dense
           size='sm'
-          :color='getOperationColor(props.row?.op)'
+          :color='getOperationColor(props.row)'
           text-color='white'
-          :label='getOperationLabel(props.row?.op)'
+          :label='getOperationLabel(props.row)'
         )
     template(#body-cell-coll='props')
       q-td(:props='props')
@@ -80,7 +80,7 @@ q-page.container.q-pa-sm
           q-tooltip.text-body2(anchor='top middle' self='bottom middle')
             span Voir la fiche identité
         q-chip.bg-positive.text-white.q-pa-sm(
-          v-else-if='props.row?.coll === "Agents" && props.row?.documentId'
+          v-else-if='["Agents", "auth"].includes(props.row?.coll) && props.row?.documentId'
           icon='mdi-account'
           clickable
           dense
@@ -106,6 +106,14 @@ q-page.container.q-pa-sm
     template(#body-cell-changes='props')
       q-td(:props='props')
         .row.items-center.q-gutter-xs
+          q-chip(
+            v-if='!props.row?.changes?.length'
+            size='sm'
+            dense
+            color='grey-4'
+            text-color='dark'
+            label='N/A'
+          )
           q-chip(
             v-for='(change, idx) in (props.row?.changes || []).slice(0, 4)'
             :key='`${props.row?._id}-${idx}-${change?.path || ""}`'
@@ -358,6 +366,7 @@ export default defineNuxtComponent({
           window.open(`/identities/table/${row.documentId}`, '_blank')
           break
         case 'Agents':
+        case 'auth':
           window.open(`/settings/agents/${row.documentId}`, '_blank')
           break
 
@@ -371,11 +380,11 @@ export default defineNuxtComponent({
           break
       }
     },
-    getOperationLabel(op: string): string {
-      return getAuditOperationLabel(op)
+    getOperationLabel(row: any): string {
+      return getAuditOperationLabel(row?.op, row?.data?.result)
     },
-    getOperationColor(op: string): string {
-      return getAuditOperationColor(op)
+    getOperationColor(row: any): string {
+      return getAuditOperationColor(row?.op, row?.data?.result)
     },
     formatChangeLabel(change: any): string {
       return formatAuditChangeLabel(change)
