Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account activity record-keeping #289

Open
5 tasks
s0ph0s-dog opened this issue Feb 16, 2025 · 1 comment
Open
5 tasks

Account activity record-keeping #289

s0ph0s-dog opened this issue Feb 16, 2025 · 1 comment

Comments

@s0ph0s-dog
Copy link
Contributor

This is (kind of) part of a series of issues tracking chatmail support in Mox.

In order to enable automatic account deletion for chatmail accounts, Mox needs to track when a user last logged in. In addition, it would be beneficial to regular email users to see the last few recent log-ins. This would make it easier to see if an unauthorized device or actor is accessing someone's account.

However, these two levels of information should be stored differently, and the extra data collection should have an off switch—chatmail servers should store as little information as possible, and tracking all of that extra data runs counter to that principle.

  • Add column to user database which stores last login timestamp (integer) divided by 86,400 (number of seconds in a day), which is the smallest amount of data which is able to be used for implementing automatic account deletion.
  • Modify the log-in code to update the last login timestamp whenever someone logs in via SMTP, IMAP, or the web interface
  • Add another table to the database which stores recent log in attempts. This should include information such as:
    • User-agent (from browser, IMAP ID command)
    • Success / failure of the attempt
    • Authentication mechanism (plain, encrypted, oauth?)
    • Protocol (IMAP, SMTP, web)
    • IP address
    • Timestamp
    • User ID
  • Enhance the log-in code to add a record to this table whenever a log-in attempt is made.
  • Do something to clean up old log-in attempts?
@mjl-
Copy link
Owner

mjl- commented Feb 17, 2025

FYI, I implemented storing login attempts a few weeks ago, see 1277d78.

For chatmail-mode, I think we would have to hook in at store/loginattempt.go somewhere around LoginAttemptAdd(), to not log/store all the details, but only change the lastlogin timestamp (and only on successful authentication).

I think it makes sense to store the lastlogin timestamp in a separate type, not mixing it in type LoginAttempt in store/loginattempt.go.

I suppose we should start with a "Chatmail" config option so the code can check for that? My idea was gathering all chatmail changes in https://github.com/s0ph0s-dog/mox until we have a working whole, then merge it when chatmail functionality is usable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mjl- @s0ph0s-dog