Merge pull request #290 from Normal-OJ/fix/287-record-ip

fix: record ip
Normal-OJ · Nov 4, 2024 · 3fe4dd7 · 3fe4dd7
2 parents 934d563 + 5c3fb02
commit 3fe4dd7
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 4 deletions.
diff --git a/mongo/user.py b/mongo/user.py
@@ -129,11 +129,17 @@ def login(cls, username, password, ip_addr):
         user_id = hash_id(user.username, password)
         if (compare_digest(user.user_id, user_id)
                 or compare_digest(user.user_id2, user_id)):
-            engine.LoginRecords(user_id=user_id, ip_addr=ip_addr,
-                                success=True).save(force_insert=True)
+            engine.LoginRecords(
+                user_id=user.id,
+                ip_addr=ip_addr,
+                success=True,
+            ).save(force_insert=True)
             return user
-        engine.LoginRecords(user_id=user_id,
-                            ip_addr=ip_addr).save(force_insert=True)
+        engine.LoginRecords(
+            user_id=user.id,
+            ip_addr=ip_addr,
+            success=False,
+        ).save(force_insert=True)
         raise engine.DoesNotExist
 
     @classmethod

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -902,3 +902,35 @@ def test_verify_link_with_subdirectory(app):
     expected_url = f'https://{server_name}{subdirectory}/auth/active/{u.cookie}'
     with app.app_context():
         assert expected_url == get_verify_link(u)
+
+
+def test_login_recorded_after_login(client):
+    password = 'pass'
+    u = utils.user.create_user(password=password)
+    resp = client.post(
+        '/auth/session',
+        json={
+            'username': u.username,
+            'password': password,
+        },
+    )
+    assert resp.status_code == 200
+
+    record = engine.LoginRecords.objects(user_id=u.id)
+    assert len(record) == 1
+
+
+def test_login_recorded_after_failed_login(client):
+    u = utils.user.create_user()
+    password = secrets.token_hex()
+    resp = client.post(
+        '/auth/session',
+        json={
+            'username': u.username,
+            'password': password,
+        },
+    )
+    assert resp.status_code == 403
+
+    record = engine.LoginRecords.objects(user_id=u.id, success=False)
+    assert len(record) == 1