[#77] Log user access

Netdisco/lib/App/Netdisco/Web.pm

@@ -94,6 +94,57 @@ get qr{^/(?:login(?:/denied)?)?} => sub {
     template 'index';
 };
 
+# Override default login_handler so that we can log access in the
+# database
+post '/login' => sub {
+    my ($success, $realm) = authenticate_user(
+        params->{username}, params->{password}
+    );
+    if ($success) {
+        session logged_in_user => params->{username};
+        session logged_in_user_realm => $realm;
+
+        schema('netdisco')->resultset('UserLog')->create({
+          username => session('logged_in_user'),
+          userip => request->remote_address,
+          event => "Login",
+          details => params->{return_url},
+        });
+
+        redirect params->{return_url} || uri_for('/');
+    } else {
+
+        schema('netdisco')->resultset('UserLog')->create({
+          username => params->{username},
+          userip => request->remote_address,
+          event => "Login Failure",
+          details => params->{return_url},
+        });
+
+        vars->{login_failed}++;
+        forward uri_for('/login'), { login_failed => 1 }, { method => 'GET' };
+    }
+};
+
+# Since we override the default login_handler, logout has to be handled as
+# well
+any ['get','post'] => '/logout' => sub {
+
+    schema('netdisco')->resultset('UserLog')->create({
+      username => session('logged_in_user'),
+      userip => request->remote_address,
+      event => "Logout",
+      details => '',
+    });
+
+    session->destroy;
+    if (params->{return_url}) {
+        redirect params->{return_url};
+    } else {
+        return "OK, logged out successfully.";
+    }
+};
+
 any qr{.*} => sub {
     var('notfound' => true);
     status 'not_found';