Added existing account check to logs

.env.example

@@ -21,9 +21,6 @@ RECAPTCHA_PRIVATE_KEY=
 RECAPTCHA_VERIFY_URL="https://www.google.com/recaptcha/api/siteverify"
 # WARNING: Your contact form will be useless if you change this value. Only change this URL if Google updates it.
 
-IPGEO_API_KEY=""
-IPGEO_API_URL=""
-
 MOJANG_STATUS_URL="https://status.mojang.com/check"
 MOJANG_API_URL="https://api.mojang.com"
 
@@ -32,7 +29,7 @@ IPGEO_API_URL="https://api.ipgeolocation.io/ipgeo"
 
 ARCANEDEV_LOGVIEWER_MIDDLEWARE=web,auth,can:admin.maintenance.logs.view
 
-RELEASE=staffmanagement@0.2.0
+RELEASE=staffmanagement@0.6.1
 
 SLACK_INTEGRATION_WEBHOOK=
 

app/Ban.php

@@ -17,6 +17,10 @@ class Ban extends Model
 
     ];
 
+    public $dates = [
+        'bannedUntil'
+    ];
+
     public function user()
     {
         return $this->belongsTo('App\User', 'userID', 'id');

app/Console/Commands/Install.php

@@ -99,12 +99,16 @@ class Install extends Command
                $settings['MAIL_PASSWORD'] = $this->secret('SMTP Password (Input won\'t be seen)');
                $settings['MAIL_PORT'] = $this->ask('SMTP Server Port');
                $settings['MAIL_HOST'] = $this->ask('SMTP Server Hostname');
+               $settings['MAIL_FROM'] = $this->ask('E-mail address to send from: ');
 
                $this->info('== Notification Settings (5/6) (Slack) ==');
                $settings['SLACK_INTEGRATION_WEBHOOK'] = $this->ask('Integration webhook URL');
 
                $this->info('== Web Settings (6/6) ==');
-               $settings['APP_URL'] = $this->ask('Application\'s URL');
+               $settings['APP_URL'] = $this->ask('Application\'s URL (ex. https://where.you.installed.theapp.com): ');
+               $settings['APP_LOGO'] = $this->ask('App logo (Link to an image): ');
+               $settings['APP_SITEHOMEPAGE'] = $this->ask('Site homepage (appears in the main header): ');
+
 
            } while(!$this->confirm('Are you sure you want to save these settings? You can always go back and try again.'));
 

app/Http/Controllers/BanController.php

@@ -15,7 +15,7 @@ class BanController extends Controller
     public function insert(BanUserRequest $request, User $user)
     {
 
-        $this->authorize('create', Ban::class);
+        $this->authorize('create', [Ban::class, $user]);
 
         if (is_null($user->bans))
         {
@@ -50,13 +50,13 @@ class BanController extends Controller
             else
             {
                 // Essentially permanent
-                $expiryDate->addYears(100);
+                $expiryDate->addYears(5);
             }
 
             $ban = Ban::create([
                 'userID' => $user->id,
                 'reason' => $reason,
-                'bannedUntil' => $expiryDate->toDateTimeString() ?? null,
+                'bannedUntil' => $expiryDate->format('Y-m-d H:i:s'),
                 'userAgent' => "Unknown",
                 'authorUserID' => Auth::user()->id
             ]);

app/Http/Requests/BanUserRequest.php

@@ -27,7 +27,7 @@ class BanUserRequest extends FormRequest
     {
         return [
             'reason' => 'required|string',
-            'durationOperand' => 'nullable|integer',
+            'durationOperand' => 'nullable|string',
             'durationOperator' => 'nullable|string'
         ];
     }

app/Listeners/LogAuthenticationFailure.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Listeners;
+
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Support\Facades\Log;
+
+class LogAuthenticationFailure
+{
+    /**
+     * Create the event listener.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Handle the event.
+     *
+     * @param  object  $event
+     * @return void
+     */
+    public function handle($event)
+    {
+        $targetAccountID = 0;
+        $originalIP = "0.0.0.0";
+
+        if (isset($event->user->id))
+        {
+            $targetAccountID = $event->user->id;
+        }
+
+        Log::alert('SECURITY (login): Detected failed authentication attempt!', [
+            'targetAccountID' => $targetAccountID,
+            'existingAccount' => ($targetAccountID == 0) ? false : true,
+            'sourceIP' => request()->ip(),
+            'matchesAccountLastIP' => request()->ip() == $originalIP,
+            'sourceUserAgent' => request()->userAgent(),
+        ]);
+    }
+}

app/Listeners/LogAuthenticationSuccess.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Listeners;
+
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Support\Facades\Log;
+
+class LogAuthenticationSuccess
+{
+    /**
+     * Create the event listener.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Handle the event.
+     *
+     * @param  object  $event
+     * @return void
+     */
+    public function handle($event)
+    {
+        Log::info('SECURITY (postauth-pre2fa): Detected successful login attempt', [
+            'accountID' => $event->user->id,
+            'sourceIP' => request()->ip(),
+            'matchesAccountLastIP' => request()->ip() == $event->user->originalIP,
+            'sourceUserAgent' => request()->userAgent(),
+        ]);
+    }
+}

app/Policies/BanPolicy.php

@@ -38,18 +38,19 @@ class BanPolicy
     /**
      * Determine whether the user can create models.
      *
-     * @param  \App\User  $user
+     * @param \App\User $user
+     * @param User $targetUser
      * @return mixed
      */
-    public function create(User $user)
+    public function create(User $user, User $targetUser)
     {
         Log::debug("Authorization check started", [
             'requiredRoles' => 'admin',
-            'currentRoles' => $user->roles(),
             'hasRequiredRole' => $user->hasRole('admin'),
+            'targetUser' => $targetUser->username,
             'isCurrentUser' => Auth::user()->is($user)
         ]);
-        return $user->hasRole('admin') && Auth::user()->isNot($user);
+        return $user->hasRole('admin') && $user->isNot($targetUser);
     }
 
     /**

app/Providers/EventServiceProvider.php

@@ -2,7 +2,11 @@
 
 namespace App\Providers;
 
+use App\Listeners\LogAuthenticationFailure;
+use App\Listeners\LogAuthenticationSuccess;
 use App\Listeners\OnUserRegistration;
+use Illuminate\Auth\Events\Failed;
+use Illuminate\Auth\Events\Login;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
@@ -20,6 +24,12 @@ class EventServiceProvider extends ServiceProvider
             SendEmailVerificationNotification::class,
             OnUserRegistration::class
         ],
+        Failed::class => [
+            LogAuthenticationFailure::class
+        ],
+        Login::class => [
+            LogAuthenticationSuccess::class
+        ],
         'App\Events\ApplicationApprovedEvent' => [
             'App\Listeners\PromoteUser'
         ],