cms.c2sgmbh

mporwoll/cms.c2sgmbh

Fork 0

mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 18:34:13 +00:00

Commit graph

Author	SHA1	Message	Date
Martin Porwoll	dfb35566b7	fix: correct auth audit logging - use args.req.payload and override native login - Fix afterForgotPassword hook to read payload from args.req.payload instead of context - Create /api/users/login route to override native Payload login endpoint - Add IP/User-Agent context to failed login audit entries - Update /api/auth/login with consistent client info logging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-07 22:00:36 +00:00
Martin Porwoll	7b8efcff38	fix: complete auth event audit logging Addresses remaining gaps from the audit review: 1. Register afterForgotPassword hook in Users collection - Password reset requests are now properly logged - Fixed hook signature (uses context instead of req) 2. Create custom /api/auth/login endpoint - Wraps native Payload login - Logs failed login attempts via auditLoginFailed - Returns proper error responses without exposing details 3. Export auditLoginFailed helper function - Can be used by other custom auth handlers - Calls logLoginFailed from audit-service Now all critical auth events are tracked: - Successful logins (afterLogin hook) - Failed logins (custom /api/auth/login endpoint) - Logouts (afterLogout hook) - Password reset requests (afterForgotPassword hook) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-07 21:31:11 +00:00

Author

SHA1

Message

Date

Martin Porwoll

dfb35566b7

fix: correct auth audit logging - use args.req.payload and override native login

- Fix afterForgotPassword hook to read payload from args.req.payload instead of context
- Create /api/users/login route to override native Payload login endpoint
- Add IP/User-Agent context to failed login audit entries
- Update /api/auth/login with consistent client info logging

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-07 22:00:36 +00:00

Martin Porwoll

7b8efcff38

fix: complete auth event audit logging

Addresses remaining gaps from the audit review:

1. Register afterForgotPassword hook in Users collection
   - Password reset requests are now properly logged
   - Fixed hook signature (uses context instead of req)

2. Create custom /api/auth/login endpoint
   - Wraps native Payload login
   - Logs failed login attempts via auditLoginFailed
   - Returns proper error responses without exposing details

3. Export auditLoginFailed helper function
   - Can be used by other custom auth handlers
   - Calls logLoginFailed from audit-service

Now all critical auth events are tracked:
- Successful logins (afterLogin hook)
- Failed logins (custom /api/auth/login endpoint)
- Logouts (afterLogout hook)
- Password reset requests (afterForgotPassword hook)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-07 21:31:11 +00:00

2 commits