Include full user object on login audit events

2025-03-01 10:36:34 +00:00 · 2021-11-22 19:58:48 +00:00
parent 3e0f080ea7
commit 96840ede56
2 changed files with 2 additions and 2 deletions
--- a/packages/node_modules/@node-red/editor-api/lib/auth/index.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/index.js
@@ -141,7 +141,7 @@ function completeVerify(profile,done) {
    Users.authenticate(profile).then(function(user) {
        if (user) {
            Tokens.create(user.username,"node-red-editor",user.permissions).then(function(tokens) {
-                log.audit({event: "auth.login",username:user.username,scope:user.permissions});
+                log.audit({event: "auth.login",user,username:user.username,scope:user.permissions});
                user.tokens = tokens;
                done(null,user);
            });
--- a/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
@@ -93,7 +93,7 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
                    return logEntry.user !== username;
                });
                Tokens.create(username,client.id,scope).then(function(tokens) {
-                    log.audit({event: "auth.login",username:username,client:client.id,scope:scope});
+                    log.audit({event: "auth.login",user,username:username,client:client.id,scope:scope});
                    done(null,tokens.accessToken,null,{expires_in:tokens.expires_in});
                });
            } else {