From 9994e6afed911fa6559801057bcc42c0278f44d3 Mon Sep 17 00:00:00 2001
From: bogay <pojay11523@gmail.com>
Date: Tue, 5 Nov 2024 01:52:49 +0800
Subject: [PATCH 1/2] fix(user): record user.id instead of user_id

---
 mongo/user.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/mongo/user.py b/mongo/user.py
index 4d0652d..e6ee5ec 100644
--- a/mongo/user.py
+++ b/mongo/user.py
@@ -129,11 +129,17 @@ def login(cls, username, password, ip_addr):
         user_id = hash_id(user.username, password)
         if (compare_digest(user.user_id, user_id)
                 or compare_digest(user.user_id2, user_id)):
-            engine.LoginRecords(user_id=user_id, ip_addr=ip_addr,
-                                success=True).save(force_insert=True)
+            engine.LoginRecords(
+                user_id=user.id,
+                ip_addr=ip_addr,
+                success=True,
+            ).save(force_insert=True)
             return user
-        engine.LoginRecords(user_id=user_id,
-                            ip_addr=ip_addr).save(force_insert=True)
+        engine.LoginRecords(
+            user_id=user.id,
+            ip_addr=ip_addr,
+            success=False,
+        ).save(force_insert=True)
         raise engine.DoesNotExist
 
     @classmethod

From 5c3fb0271e77889a78ad3c6a9303fc7db0989235 Mon Sep 17 00:00:00 2001
From: bogay <pojay11523@gmail.com>
Date: Tue, 5 Nov 2024 01:53:17 +0800
Subject: [PATCH 2/2] test(auth): add testcases for LoginRecords

---
 tests/test_auth.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/tests/test_auth.py b/tests/test_auth.py
index 20e91f5..a0ef3d1 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -902,3 +902,35 @@ def test_verify_link_with_subdirectory(app):
     expected_url = f'https://{server_name}{subdirectory}/auth/active/{u.cookie}'
     with app.app_context():
         assert expected_url == get_verify_link(u)
+
+
+def test_login_recorded_after_login(client):
+    password = 'pass'
+    u = utils.user.create_user(password=password)
+    resp = client.post(
+        '/auth/session',
+        json={
+            'username': u.username,
+            'password': password,
+        },
+    )
+    assert resp.status_code == 200
+
+    record = engine.LoginRecords.objects(user_id=u.id)
+    assert len(record) == 1
+
+
+def test_login_recorded_after_failed_login(client):
+    u = utils.user.create_user()
+    password = secrets.token_hex()
+    resp = client.post(
+        '/auth/session',
+        json={
+            'username': u.username,
+            'password': password,
+        },
+    )
+    assert resp.status_code == 403
+
+    record = engine.LoginRecords.objects(user_id=u.id, success=False)
+    assert len(record) == 1