Add logs for common Auth actions

app/Http/Controllers/Auth/LoginController.php

@@ -10,6 +10,7 @@ use Illuminate\Support\Facades\Lang;
 use App\Http\Requests\LoginRequest;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Carbon\Carbon;
+use Illuminate\Support\Facades\Log;
 
 
 class LoginController extends Controller
@@ -38,6 +39,7 @@ class LoginController extends Controller
      */
     public function login(LoginRequest $request)
     {
+        Log::info('User login requested');
 
         // If the class is using the ThrottlesLogins trait, we can automatically throttle
         // the login attempts for this application. We'll key this by the username and
@@ -70,6 +72,7 @@ class LoginController extends Controller
     public function logout(Request $request)
     {
         Auth::logout();
+        Log::info('User logged out');
 
         return response()->json(['message' => 'signed out'], Response::HTTP_OK);
     }
@@ -152,5 +155,7 @@ class LoginController extends Controller
     {
         $user->last_seen_at = Carbon::now()->format('Y-m-d H:i:s');
         $user->save();
+
+        Log::info('User authenticated');
     }
 }

app/Http/Controllers/Auth/PasswordController.php

@@ -6,6 +6,7 @@ use App\Http\Requests\UserPatchPwdRequest;
 use App\Http\Controllers\Controller;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Log;
 
 class PasswordController extends Controller
 {
@@ -20,6 +21,7 @@ class PasswordController extends Controller
         $validated = $request->validated();
 
         if (!Hash::check( $validated['currentPassword'], Auth::user()->password) ) {
+            Log::notice('Password update failed: wrong password provided');
             return response()->json(['message' => __('errors.wrong_current_password')], 400);
         }
 
@@ -27,6 +29,7 @@ class PasswordController extends Controller
             $request->user()->update([
                 'password' => bcrypt($validated['password']),
             ]);
+            Log::info('User password updated');
         }
 
         return response()->json(['message' => __('auth.forms.password_successfully_changed')]);

app/Http/Controllers/Auth/RegisterController.php

@@ -8,6 +8,7 @@ use App\Http\Controllers\Controller;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Foundation\Auth\RegistersUsers;
+use Illuminate\Support\Facades\Log;
 
 class RegisterController extends Controller
 {
@@ -35,6 +36,7 @@ class RegisterController extends Controller
     {
         $validated = $request->validated();
         event(new Registered($user = $this->create($validated)));
+        Log::info('User created');
 
         $this->guard()->login($user);
         // $this->guard()->loginUsingId($user->id);

app/Http/Controllers/Auth/UserController.php

@@ -10,6 +10,7 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Artisan;
+use Illuminate\Support\Facades\Log;
 
 class UserController extends Controller
 {    
@@ -25,6 +26,7 @@ class UserController extends Controller
         $validated = $request->validated();
 
         if (!Hash::check( $request->password, Auth::user()->password) ) {
+            Log::notice('Account update failed: wrong password provided');
             return response()->json(['message' => __('errors.wrong_current_password')], 400);
         }
 
@@ -33,7 +35,8 @@ class UserController extends Controller
                 'name' => $validated['name'],
                 'email' => $validated['email'],
             ]);
-        }        
+        }
+        Log::info('User account updated');
 
         return new UserResource($user);
     }
@@ -47,6 +50,7 @@ class UserController extends Controller
      */
     public function delete(UserDeleteRequest $request)
     {
+        Log::info('User deletion requested');
         $validated = $request->validated();
 
         if (!Hash::check( $validated['password'], Auth::user()->password) ) {
@@ -74,9 +78,11 @@ class UserController extends Controller
         }
         // @codeCoverageIgnoreStart
         catch (\Throwable $e) {
+            Log::error('User deletion failed');
             return response()->json(['message' => __('errors.user_deletion_failed')], 400);
         }
         // @codeCoverageIgnoreEnd
+        Log::info('User deleted');
 
         return response()->json(null, 204);
     }

app/Http/Controllers/Auth/WebAuthnLoginController.php

@@ -7,6 +7,7 @@ use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
 use DarkGhostHunter\Larapass\Http\AuthenticatesWebAuthn;
 use Carbon\Carbon;
+use Illuminate\Support\Facades\Log;
 
 class WebAuthnLoginController extends Controller
 {
@@ -60,6 +61,7 @@ class WebAuthnLoginController extends Controller
      */
     public function login(Request $request)
     {
+        Log::info('User login via webauthn requested');
         $request->validate($this->assertionRules());
 
         if ($request->has('response')) {
@@ -90,5 +92,7 @@ class WebAuthnLoginController extends Controller
     {
         $user->last_seen_at = Carbon::now()->format('Y-m-d H:i:s');
         $user->save();
+
+        Log::info('User authenticated via webauthn');
     }
 }

app/Http/Controllers/Auth/WebAuthnManageController.php

@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 use App\Http\Requests\WebauthnRenameRequest;
 use DarkGhostHunter\Larapass\Eloquent\WebAuthnCredential;
+use Illuminate\Support\Facades\Log;
 
 class WebAuthnManageController extends Controller
 {
@@ -72,6 +73,8 @@ class WebAuthnManageController extends Controller
      */
     public function delete(Request $request, $credential)
     {
+        Log::info('Deletion of security device requested');
+
         $user = $request->user();
         $user->removeCredential($credential);
 
@@ -82,6 +85,8 @@ class WebAuthnManageController extends Controller
             Settings::delete('useWebauthnOnly');
         }
 
+        Log::info('Security device deleted');
+
         return response()->json(null, 204);
     }
 }

app/Http/Middleware/KickOutInactiveUser.php

@@ -42,7 +42,7 @@ class KickOutInactiveUser
             $user->last_seen_at = $now->format('Y-m-d H:i:s');
             $user->save();
             
-            Log::notice('Inactive user detected, authentication rejected');
+            Log::info('Inactive user detected, authentication rejected');
             if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) {
                 Auth::logout();
             }

app/Http/Middleware/RejectIfDemoMode.php

@@ -19,7 +19,7 @@ class RejectIfDemoMode
     {
 
         if( config('2fauth.config.isDemoApp') ) {
-            Log::notice('Cannot request this action in Demo mode');
+            Log::info('Cannot request this action in Demo mode');
 
             return response()->json(['message' => __('auth.forms.disabled_in_demo')], Response::HTTP_UNAUTHORIZED);
         }

app/Http/Middleware/RejectIfReverseProxy.php

@@ -17,7 +17,7 @@ class RejectIfReverseProxy
     public function handle($request, Closure $next)
     {
         if (config('auth.defaults.guard') === 'reverse-proxy-guard') {
-            Log::notice('Cannot request this action in Demo mode');
+            Log::info('Cannot request this action in Demo mode');
 
             return response()->json([
                 'message' => __('errors.unsupported_with_reverseproxy')], 400);