satellite/console: add monkit metrics around user registraion/login
github issue: https://github.com/storj/storj/issues/4807 Change-Id: Id56ec73ec91b07b639b8011f0f916b4adbb01be6
This commit is contained in:
parent
c934f45bfc
commit
55821605e8
22
monkit.lock
22
monkit.lock
@ -41,6 +41,28 @@ storj.io/storj/satellite/audit."reverify_total_in_segment" IntVal
|
||||
storj.io/storj/satellite/audit."reverify_unknown" IntVal
|
||||
storj.io/storj/satellite/audit."reverify_unknown_global" Meter
|
||||
storj.io/storj/satellite/audit."verify_shares_downloaded_successfully" IntVal
|
||||
storj.io/storj/satellite/console."create_user_attempt" Counter
|
||||
storj.io/storj/satellite/console."create_user_captcha_error" Counter
|
||||
storj.io/storj/satellite/console."create_user_captcha_unsuccessful" Counter
|
||||
storj.io/storj/satellite/console."create_user_duplicate_unverified" Counter
|
||||
storj.io/storj/satellite/console."create_user_duplicate_verified" Counter
|
||||
storj.io/storj/satellite/console."create_user_success" Counter
|
||||
storj.io/storj/satellite/console."login_attempt" Counter
|
||||
storj.io/storj/satellite/console."login_email_invalid" Counter
|
||||
storj.io/storj/satellite/console."login_email_unverified" Counter
|
||||
storj.io/storj/satellite/console."login_failed" Counter
|
||||
storj.io/storj/satellite/console."login_invalid_password" Counter
|
||||
storj.io/storj/satellite/console."login_locked_out" Counter
|
||||
storj.io/storj/satellite/console."login_lockout_initiated" Counter
|
||||
storj.io/storj/satellite/console."login_lockout_reinitiated" Counter
|
||||
storj.io/storj/satellite/console."login_mfa_conflict" Counter
|
||||
storj.io/storj/satellite/console."login_mfa_missing" Counter
|
||||
storj.io/storj/satellite/console."login_mfa_passcode_failure" Counter
|
||||
storj.io/storj/satellite/console."login_mfa_passcode_success" Counter
|
||||
storj.io/storj/satellite/console."login_mfa_recovery_failure" Counter
|
||||
storj.io/storj/satellite/console."login_mfa_recovery_success" Counter
|
||||
storj.io/storj/satellite/console."login_success" Counter
|
||||
storj.io/storj/satellite/console."login_user_failed_count" IntVal
|
||||
storj.io/storj/satellite/contact."failed_dial" Event
|
||||
storj.io/storj/satellite/contact."failed_ping_node" Event
|
||||
storj.io/storj/satellite/gracefulexit."graceful_exit_fail_max_failures_percentage" Meter
|
||||
|
@ -610,13 +610,17 @@ func (s *Service) checkRegistrationSecret(ctx context.Context, tokenSecret Regis
|
||||
func (s *Service) CreateUser(ctx context.Context, user CreateUser, tokenSecret RegistrationSecret) (u *User, err error) {
|
||||
defer mon.Task()(&ctx)(&err)
|
||||
|
||||
mon.Counter("create_user_attempt").Inc(1) //mon:locked
|
||||
|
||||
if s.config.Recaptcha.Enabled || s.config.Hcaptcha.Enabled {
|
||||
valid, err := s.captchaHandler.Verify(ctx, user.CaptchaResponse, user.IP)
|
||||
if err != nil {
|
||||
mon.Counter("create_user_captcha_error").Inc(1) //mon:locked
|
||||
s.log.Error("captcha authorization failed", zap.Error(err))
|
||||
return nil, ErrCaptcha.Wrap(err)
|
||||
}
|
||||
if !valid {
|
||||
mon.Counter("create_user_captcha_unsuccessful").Inc(1) //mon:locked
|
||||
return nil, ErrCaptcha.New("captcha validation unsuccessful")
|
||||
}
|
||||
}
|
||||
@ -635,7 +639,11 @@ func (s *Service) CreateUser(ctx context.Context, user CreateUser, tokenSecret R
|
||||
if err != nil {
|
||||
return nil, Error.Wrap(err)
|
||||
}
|
||||
if verified != nil || len(unverified) != 0 {
|
||||
if verified != nil {
|
||||
mon.Counter("create_user_duplicate_verified").Inc(1) //mon:locked
|
||||
return nil, ErrEmailUsed.New(emailUsedErrMsg)
|
||||
} else if len(unverified) != 0 {
|
||||
mon.Counter("create_user_duplicate_unverified").Inc(1) //mon:locked
|
||||
return nil, ErrEmailUsed.New(emailUsedErrMsg)
|
||||
}
|
||||
|
||||
@ -703,6 +711,7 @@ func (s *Service) CreateUser(ctx context.Context, user CreateUser, tokenSecret R
|
||||
}
|
||||
|
||||
s.auditLog(ctx, "create user", nil, user.Email)
|
||||
mon.Counter("create_user_success").Inc(1) //mon:locked
|
||||
|
||||
return u, nil
|
||||
}
|
||||
@ -882,14 +891,22 @@ func (s *Service) RevokeResetPasswordToken(ctx context.Context, resetPasswordTok
|
||||
func (s *Service) Token(ctx context.Context, request AuthUser) (token string, err error) {
|
||||
defer mon.Task()(&ctx)(&err)
|
||||
|
||||
user, _, err := s.store.Users().GetByEmailWithUnverified(ctx, request.Email)
|
||||
mon.Counter("login_attempt").Inc(1) //mon:locked
|
||||
|
||||
user, unverified, err := s.store.Users().GetByEmailWithUnverified(ctx, request.Email)
|
||||
if user == nil {
|
||||
if len(unverified) > 0 {
|
||||
mon.Counter("login_email_unverified").Inc(1) //mon:locked
|
||||
} else {
|
||||
mon.Counter("login_email_invalid").Inc(1) //mon:locked
|
||||
}
|
||||
return "", ErrLoginCredentials.New(credentialsErrMsg)
|
||||
}
|
||||
|
||||
now := time.Now()
|
||||
|
||||
if user.LoginLockoutExpiration.After(now) {
|
||||
mon.Counter("login_locked_out").Inc(1) //mon:locked
|
||||
return "", ErrLockedAccount.New(lockedAccountErrMsg)
|
||||
}
|
||||
|
||||
@ -900,11 +917,16 @@ func (s *Service) Token(ctx context.Context, request AuthUser) (token string, er
|
||||
return err
|
||||
}
|
||||
|
||||
mon.Counter("login_failed").Inc(1) //mon:locked
|
||||
mon.IntVal("login_user_failed_count").Observe(int64(user.FailedLoginCount)) //mon:locked
|
||||
|
||||
if user.FailedLoginCount == s.config.LoginAttemptsWithoutPenalty {
|
||||
mon.Counter("login_lockout_initiated").Inc(1) //mon:locked
|
||||
return ErrLockedAccount.New(lockedAccountErrMsg)
|
||||
}
|
||||
|
||||
if user.FailedLoginCount > s.config.LoginAttemptsWithoutPenalty {
|
||||
mon.Counter("login_lockout_reinitiated").Inc(1) //mon:locked
|
||||
return ErrLockedAccount.New(lockedAccountWithResultErrMsg)
|
||||
}
|
||||
|
||||
@ -917,12 +939,13 @@ func (s *Service) Token(ctx context.Context, request AuthUser) (token string, er
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
mon.Counter("login_invalid_password").Inc(1) //mon:locked
|
||||
return "", ErrLoginPassword.New(credentialsErrMsg)
|
||||
}
|
||||
|
||||
if user.MFAEnabled {
|
||||
if request.MFARecoveryCode != "" && request.MFAPasscode != "" {
|
||||
mon.Counter("login_mfa_conflict").Inc(1) //mon:locked
|
||||
return "", ErrMFAConflict.New(mfaConflictErrMsg)
|
||||
}
|
||||
|
||||
@ -941,10 +964,12 @@ func (s *Service) Token(ctx context.Context, request AuthUser) (token string, er
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
mon.Counter("login_mfa_recovery_failure").Inc(1) //mon:locked
|
||||
return "", ErrMFARecoveryCode.New(mfaRecoveryInvalidErrMsg)
|
||||
}
|
||||
|
||||
mon.Counter("login_mfa_recovery_success").Inc(1) //mon:locked
|
||||
|
||||
user.MFARecoveryCodes = append(user.MFARecoveryCodes[:codeIndex], user.MFARecoveryCodes[codeIndex+1:]...)
|
||||
|
||||
err = s.store.Users().Update(ctx, user)
|
||||
@ -966,10 +991,12 @@ func (s *Service) Token(ctx context.Context, request AuthUser) (token string, er
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
mon.Counter("login_mfa_passcode_failure").Inc(1) //mon:locked
|
||||
return "", ErrMFAPasscode.New(mfaPasscodeInvalidErrMsg)
|
||||
}
|
||||
mon.Counter("login_mfa_passcode_success").Inc(1) //mon:locked
|
||||
} else {
|
||||
mon.Counter("login_mfa_missing").Inc(1) //mon:locked
|
||||
return "", ErrMFAMissing.New(mfaRequiredErrMsg)
|
||||
}
|
||||
}
|
||||
@ -991,6 +1018,8 @@ func (s *Service) Token(ctx context.Context, request AuthUser) (token string, er
|
||||
|
||||
s.analytics.TrackSignedIn(user.ID, user.Email)
|
||||
|
||||
mon.Counter("login_success").Inc(1) //mon:locked
|
||||
|
||||
return token, nil
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user