Seravo
Hook successful login action in two-factor plugin
What are the main changes in this PR?
It was noticed that when user has enabled two-factor plugin on their site, and provides correct credentials and 2FA/MFA succeeds, the login event didn't end up in our login logs.
This happens because two-factor plugin modifies the login flow and shows additional forms for doing the MFA validation.
Missing such information in logs it's at least a user experience problem, as our customers assume they see all relevant events in the logs. It might also be security issue, if trust model requires such data to be in this log, in addition to other possible audit logs.
Why are we doing this? Any context or related work?
Fixes issues where certain events not logged correctly.
Where should a reviewer start?
Ensure that logging works in all these scenarios:
- two-factor not installed, successful login
- two-factor not installed, failed login
- two-factor installed and activated, not activated for user, successful login
- two-factor installed and activated, not activated for user, failed login
- two-factor installed and activated, activated for user, successful login
-
- two-factor installed and activated, activated for user, failed login
Seems to work okay. Noticed the same as simoke. Succesful login was logged twice on succesful login with two factor installed. Incorrect two factor code doesn't log a failed login, not sure if it should.
