Add extra security layer for new user logins #23
Description
Add a model called UserLoginTrait and a migration for the user_login_traits table with the following fields
- id, int, primary key
- user_id, int, foreign key to users
- ip_address, string / ip address, nullable
- os, string, nullable
- browser, string, nullable
- created_at, datetime
- updated_at, datetime
Add a controller called UserLoginTraits and a policy called UserLoginTraitPolicy. Any authenticated user can list and get. Only super admin can create, update and delete. Scope the records to the logged in user, unless it's a super admin user.
Add a listener that subscribes to the user_login event. On each successful login, create or update a row in the table with the details:
ip_addressshould be populated with the user's IP address, if availableosshould be populated with the user's operating system, if availablebrowsershould be populated with a basic name of the browser (Like Firefox, Chrome, etc) that does not include the browser version or operating system- The
updated_atfield should be updated on each successful login
If the record is newly created, direct the user to a captcha page to verify that they are user, and fire an email to the user to notify them of the fact that a login from a new browser / ip / os has been detected. If the user fails the captcha, log him out, and notify the user through email of the login attempt.
If the record already exists, redirect as usual.
The captcha page should be configurable in terms of which captcha service provider is used.
Add views to list, display, create and edit these records.
Add a link from the users/{userId} or user's profile page to view the login traits.