Skip to content

LG-9136: Add sign in attempt count to analytics #8036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jc-gsa merged 2 commits into from
Mar 28, 2023
Merged

LG-9136: Add sign in attempt count to analytics #8036

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ffda26a
Add bad_password_count to analytics event email_and_password_auth
jc-gsa Mar 17, 2023
d63bceb
Change call to track_authentication_attempt
jc-gsa Mar 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/controllers/users/sessions_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ def new
end

def create
track_authentication_attempt(auth_params[:email])

return process_locked_out_session if session_bad_password_count_max_exceeded?
return process_locked_out_user if current_user && user_locked_out?(current_user)

Expand All @@ -40,6 +38,7 @@ def create
handle_valid_authentication
ensure
increment_session_bad_password_count if throttle_password_failure && !current_user
track_authentication_attempt(auth_params[:email])
end

def destroy
Expand Down Expand Up @@ -175,6 +174,7 @@ def track_authentication_attempt(email)
success: success,
user_id: user.uuid,
user_locked_out: user_locked_out?(user),
bad_password_count: session[:bad_password_count].to_i,
stored_location: session['user_return_to'],
sp_request_url_present: sp_session[:request_url].present?,
remember_device: remember_device_cookie.present?,
Expand Down
3 changes: 3 additions & 0 deletions app/services/analytics_events.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,7 @@ def doc_auth_warning(message: nil, **extra)
# @param [Boolean] success
# @param [String] user_id
# @param [Boolean] user_locked_out if the user is currently locked out of their second factor
# @param [String] bad_password_count represents number of prior login failures
# @param [String] stored_location the URL to return to after signing in
# @param [Boolean] sp_request_url_present if was an SP request URL in the session
# @param [Boolean] remember_device if the remember device cookie was present
Expand All @@ -248,6 +249,7 @@ def email_and_password_auth(
success:,
user_id:,
user_locked_out:,
bad_password_count:,
stored_location:,
sp_request_url_present:,
remember_device:,
Expand All @@ -258,6 +260,7 @@ def email_and_password_auth(
success: success,
user_id: user_id,
user_locked_out: user_locked_out,
bad_password_count: bad_password_count,
stored_location: stored_location,
sp_request_url_present: sp_request_url_present,
remember_device: remember_device,
Expand Down
33 changes: 33 additions & 0 deletions spec/controllers/users/sessions_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@

describe 'POST /' do
include AccountResetHelper

it 'tracks the successful authentication for existing user' do
user = create(:user, :signed_up)
subject.session['user_return_to'] = mock_valid_site
Expand All @@ -209,6 +210,7 @@
success: true,
user_id: user.uuid,
user_locked_out: false,
bad_password_count: 0,
stored_location: mock_valid_site,
sp_request_url_present: false,
remember_device: false,
Expand All @@ -231,6 +233,7 @@
success: false,
user_id: user.uuid,
user_locked_out: false,
bad_password_count: 1,
stored_location: nil,
sp_request_url_present: false,
remember_device: false,
Expand All @@ -249,6 +252,7 @@
success: false,
user_id: 'anonymous-uuid',
user_locked_out: false,
bad_password_count: 1,
stored_location: nil,
sp_request_url_present: false,
remember_device: false,
Expand Down Expand Up @@ -287,6 +291,7 @@
success: false,
user_id: user.uuid,
user_locked_out: true,
bad_password_count: 0,
stored_location: nil,
sp_request_url_present: false,
remember_device: false,
Expand All @@ -298,13 +303,38 @@
post :create, params: { user: { email: user.email.upcase, password: user.password } }
end

it 'tracks count of multiple unsuccessful authentication attempts' do
user = create(
:user,
:signed_up,
)

stub_analytics

analytics_hash = {
success: false,
user_id: user.uuid,
user_locked_out: false,
bad_password_count: 2,
stored_location: nil,
sp_request_url_present: false,
remember_device: false,
}

post :create, params: { user: { email: user.email.upcase, password: 'invalid' } }
expect(@analytics).to receive(:track_event).
with('Email and Password Authentication', analytics_hash)
post :create, params: { user: { email: user.email.upcase, password: 'invalid' } }
end

it 'tracks the presence of SP request_url in session' do
subject.session[:sp] = { request_url: mock_valid_site }
stub_analytics
analytics_hash = {
success: false,
user_id: 'anonymous-uuid',
user_locked_out: false,
bad_password_count: 1,
stored_location: nil,
sp_request_url_present: true,
remember_device: false,
Expand Down Expand Up @@ -374,6 +404,7 @@
success: true,
user_id: user.uuid,
user_locked_out: false,
bad_password_count: 0,
stored_location: nil,
sp_request_url_present: false,
remember_device: false,
Expand Down Expand Up @@ -446,6 +477,7 @@
success: true,
user_id: user.uuid,
user_locked_out: false,
bad_password_count: 0,
stored_location: nil,
sp_request_url_present: false,
remember_device: true,
Expand All @@ -471,6 +503,7 @@
success: true,
user_id: user.uuid,
user_locked_out: false,
bad_password_count: 0,
stored_location: nil,
sp_request_url_present: false,
remember_device: true,
Expand Down