CONTENTBOX-1488 #resolve

latest logins should only be displayed if the tracker is enabled

box.json

@@ -53,7 +53,7 @@
         "dbseed:postgres":"task run contentbox/modules/seeders/SeedPostgreSQL.cfc",
         "format":"cfformat run config/**/*.cfc,modules_app/**/*.cfc,modules/contentbox/**/*.cfc,tests/**/*.cfc,Application.cfc --overwrite",
         "format:watch":"cfformat watch config/**/*.cfc,modules_app/**/*.cfc,modules/contentbox/**/*.cfc,tests/**/*.cfc,Application.cfc ./.cfformat.json",
-		"format:watch:core":"cfformat watch config/**/*.cfc,modules/contentbox/models/**/*.cfc,tests/**/*.cfc,Application.cfc ./.cfformat.json",
+		"format:watch:core":"cfformat watch config/**/*.cfc,modules/contentbox/models/**/*.cfc,Application.cfc ./.cfformat.json",
         "format:check":"cfformat check config/**/*.cfc,modules_app/**/*.cfc,modules/contentbox/**/*.cfc,tests/**/*.cfc,Application.cfc",
         "start:lucee":"server start serverConfigFile='[email protected]' --force",
         "start:2018":"server start serverConfigFile='[email protected]' --force",

modules/contentbox/config/Scheduler.cfc

@@ -23,9 +23,19 @@ component {
 		 * that you can use to register your tasks configurations.
 		 */
 
+		// Rotates the login audit logs
+		task( "login-tracker-rotation" )
+			.call( () => {
+				getInstance( "LoginTrackerService@contentbox" ).rotate();
+			} )
+			.everyHour()
+			.delay( 1, "hours" )
+			.onOneServer();
+		;
+
 		// Deletes all moderated comments that have expired in the inbox
 		task( "comment-expirations" )
-			.call( function(){
+			.call( () => {
 				getInstance( "siteService@contentbox" )
 					.getAll()
 					.each( function( thisSite ){
@@ -53,7 +63,6 @@ component {
 					} );
 			} )
 			.everyHour()
-			// Don't start it immediately, wait an hour. Especially so tests can pass if enabled in tests.
 			.delay( 1, "hours" )
 			.onOneServer();
 	}

modules/contentbox/models/comments/CommentService.cfc

@@ -15,7 +15,6 @@ component extends="cborm.models.VirtualEntityService" singleton {
 	property name="CBHelper" inject="id:CBHelper@contentbox";
 	property name="log" inject="logbox:logger:{this}";
 	property name="interceptorService" inject="coldbox:interceptorService";
-	property name="loginTrackerService" inject="loginTrackerService@contentbox";
 
 	/**
 	 * Constructor

modules/contentbox/models/security/LoginTracker.cfc

@@ -22,14 +22,6 @@ component extends="coldbox.system.Interceptor" {
 		return this;
 	}
 
-	/**
-	 * Listen to end of requests to do log rotation for auth logs for login events only.
-	 */
-	function postProcess( event, data ) async="true" eventPattern="security\.doLogin"{
-		// Do log rotation
-		loginTrackerService.rotate();
-	}
-
 	/**
 	 * Before login check if user has been blocked. It will verify login attempts
 	 * by username and IP address and block accordingly.

modules/contentbox/models/security/LoginTrackerService.cfc

@@ -25,8 +25,10 @@ component extends="cborm.models.VirtualEntityService" singleton {
 	 * Verify if an attempt is being blocked or not
 	 *
 	 * @attempt The login attempt object
+	 *
+	 * @return If the attempt was blocked or not
 	 */
-	boolean function isblocked( LoginAttempt attempt ){
+	boolean function isBlocked( LoginAttempt attempt ){
 		var max_attempts  = variables.settingService.getSetting( "cb_security_max_attempts" );
 		var max_blockTime = variables.settingService.getSetting( "cb_security_blocktime" );
 
@@ -80,39 +82,49 @@ component extends="cborm.models.VirtualEntityService" singleton {
 		return this;
 	}
 
-	/*
+	/**
 	 * Rotate auth logs
+	 * Usually called by the {@code LoginTracker} Interceptor asynchronously
 	 */
 	LoginTrackerService function rotate(){
+		// if disabled, we do not track logins
+		if ( !settingService.getSetting( "cb_security_login_blocker" ) ) {
+			log.debug( "Rotation not enabled since the security login blocker is disabled" );
+			return this;
+		}
+
 		var maxLogs   = variables.settingService.getSetting( "cb_security_max_auth_logs" );
-		var maxLogs   = 4;
+		var maxLogs   = 2;
 		var totalLogs = count();
 
 		// only if we have a max logs and we have gone above max logs, let's truncate
-		if ( len( maxLogs ) && totalLogs > maxLogs ) {
-			var c         = newCriteria();
-			// Get IDs to delete
-			var aToDelete = c
+		if ( len( maxLogs ) && isNumeric( maxLogs ) && totalLogs > maxLogs ) {
+			var aToDelete = newCriteria()
 				.withProjections( property = "loginAttemptsID" )
 				.list( max = ( totalLogs - maxLogs ), sortOrder = "createdDate ASC" );
 
 			var hql = "
-			DELETE
-			FROM cbLoginAttempt
-			WHERE loginAttemptsID in (:toDelete)
+			DELETE FROM cbLoginAttempt
+			WHERE id IN :idsToDelete
 			";
-			var params = { "toDelete" : aToDelete };
 
 			// run it
-			var results = executeQuery( query = hql, params = params, asQuery = false );
+			var results = executeQuery(
+				query  : hql,
+				params : { "idsToDelete" : aToDelete },
+				asQuery: false
+			);
+
 			// log it
 			log.info( "Rotated auth logs", results );
+		} else {
+			log.debug( "No auth logs to rotate" );
 		}
 
 		return this;
 	}
 
-	/*
+	/**
 	 * Reset login attempts if the time limit is reached
 	 */
 	LoginTrackerService function reset(){

modules/contentbox/modules/contentbox-admin/views/dashboard/index.cfm

@@ -169,7 +169,10 @@
 		</cfif>
 
 		<!--- Latest Logins --->
-		<cfif prc.oCurrentAuthor.hasPermission( "SYSTEM_AUTH_LOGS" )>
+		<cfif
+			prc.oCurrentAuthor.hasPermission( "SYSTEM_AUTH_LOGS" ) &&
+			prc.cbsettings.cb_security_login_blocker
+		>
 			<div class="panel panel-primary">
 			    <div class="panel-heading">
 					<h3 class="panel-title">

modules/contentbox/modules/contentbox-admin/views/dashboard/indexHelper.cfm

@@ -26,7 +26,7 @@ document.addEventListener( "DOMContentLoaded", () => {
 		$( "##latestSnapshot" ).load( '#event.buildLink( prc.xehLatestSnapshot )#' );
 	</cfif>
 
-	<cfif prc.oCurrentAuthor.hasPermission( "SYSTEM_AUTH_LOGS" )>
+	<cfif prc.oCurrentAuthor.hasPermission( "SYSTEM_AUTH_LOGS" ) && prc.cbsettings.cb_security_login_blocker>
 		// Load latest logsin
 		$( "##latestLogins" ).load( '#event.buildLink( prc.xehLatestLogins )#' );
 	</cfif>