Send notifications about login with new client or country (#4032)

* Send notifications about login with new client or country * Rebase migration * Remove immediately * Fix isort * Text update
2024-04-03 11:19:20 +02:00
parent 48493c517b
commit a3139944f6
9 changed files with 205 additions and 1 deletions
--- a/src/pretix/control/logdisplay.py
+++ b/src/pretix/control/logdisplay.py
@@ -455,6 +455,8 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
        'pretix.event.export.schedule.executed': _('A scheduled export has been executed.'),
        'pretix.event.export.schedule.failed': _('A scheduled export has failed: {reason}.'),
        'pretix.control.auth.user.created': _('The user has been created.'),
+        'pretix.control.auth.user.new_source': _('A first login using {agent_type} on {os_type} from {country} has '
+                                                 'been detected.'),
        'pretix.user.settings.2fa.enabled': _('Two-factor authentication has been enabled.'),
        'pretix.user.settings.2fa.disabled': _('Two-factor authentication has been disabled.'),
        'pretix.user.settings.2fa.regenemergency': _('Your two-factor emergency codes have been regenerated.'),
--- a/src/pretix/control/templates/pretixcontrol/email/login_notice.txt
+++ b/src/pretix/control/templates/pretixcontrol/email/login_notice.txt
@@ -0,0 +1,13 @@
+{% load i18n %}{% blocktrans with url=url|safe os=source.os_type agent=source.agent_type %}Hello,
+
+a login to your {{ instance }} account from an unusual or new location was detected. The login was performed using {{ agent }} on {{ os }} from {{ country }}.
+
+If this was you, you can safely ignore this email.
+
+If this was not you, we recommend that you change your password in your account settings:
+
+{{ url }}
+
+Best regards,  
+Your {{ instance }} team
+{% endblocktrans %}
--- a/src/pretix/control/views/auth.py
+++ b/src/pretix/control/views/auth.py
@@ -67,6 +67,7 @@ from pretix.base.metrics import pretix_failed_logins, pretix_successful_logins
 from pretix.base.models import TeamInvite, U2FDevice, User, WebAuthnDevice
 from pretix.base.services.mail import SendMailException
 from pretix.helpers.http import get_client_ip, redirect_to_url
+from pretix.helpers.security import handle_login_source

 logger = logging.getLogger(__name__)

@@ -91,6 +92,7 @@ def process_login(request, user, keep_logged_in):
    else:
        logger.info(f"Backend login successful for user {user.pk}.")
        pretix_successful_logins.inc(1)
+        handle_login_source(user, request)
        auth_login(request, user)
        request.session['pretix_auth_login_time'] = int(time.time())
        if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
@@ -532,9 +534,10 @@ class Login2FAView(TemplateView):
            valid = match_token(self.user, token)

        if valid:
-            auth_login(request, self.user)
            logger.info(f"Backend login successful for user {self.user.pk} with 2FA.")
            pretix_successful_logins.inc(1)
+            handle_login_source(self.user, request)
+            auth_login(request, self.user)
            request.session['pretix_auth_login_time'] = int(time.time())
            del request.session['pretix_auth_2fa_user']
            del request.session['pretix_auth_2fa_time']