add login logout logs

[dbarzin]

Summary by CodeRabbit

• New Features

  • Authentication events (login and logout) are now automatically audited, capturing user agent, request method and access details for improved security tracking.

• Bug Fixes

  • Logout flow improved to reliably invalidate sessions and regenerate tokens; enhanced error handling ensures logout completes even if auditing fails.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds post-login and logout audit logging to the LoginController: an authenticated(Request $request, User $user) hook records login details; logout(Request $request): RedirectResponse now logs logout events, invalidates the session, regenerates tokens, and handles audit errors gracefully.

Changes

Cohort / File(s)

Summary

Login Audit Logging app/Http/Controllers/Auth/LoginController.php

Added authenticated(Request $request, User $user): void to create a Login audit record (user, user-agent, method, URL, host). Updated logout(Request $request): RedirectResponse to perform logout, invalidate/regenerate session, and create a Logout audit record inside try/catch; added imports for AuditLog and RedirectResponse. Areas to check: audit record fields, exception handling, and return path from logout().

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client
    participant Controller as LoginController
    participant Audit as AuditLog (DB)
    participant Logger as Logger

    Client->>Controller: POST /login (credentials)
    Controller->>Controller: authenticate user
    Controller->>Audit: create Login audit (user, agent, method, url, host)
    Audit-->>Controller: success / throws
    alt audit throws
        Controller->>Logger: warning with error and context
    end
    Controller-->>Client: redirect (authenticated)

    Note over Client,Controller: Later - logout flow
    Client->>Controller: POST /logout
    Controller->>Controller: logout, invalidate session, regenerate token
    Controller->>Audit: create Logout audit (user, agent, method, url, host)
    Audit-->>Controller: success / throws
    alt audit throws
        Controller->>Logger: warning with error and context
    end
    Controller-->>Client: redirect '/'

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped in to note each login and leave,
A nibble of headers, the agent up my sleeve.
I guard every logout, I quietly trace,
A rabbit's small audit, snug in its place. 🥕🔍

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'add login logout logs' directly and clearly describes the main change: adding audit logging for login and logout actions in the authentication controller.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@app/Http/Controllers/Auth/LoginController.php`:
- Around line 174-189: The authenticated(Request $request, User $user) method
currently calls AuditLog::query()->create(...) without error handling, so a
thrown exception can abort a successful login; wrap the AuditLog creation in a
try/catch block (similar to logout()) that catches Throwable/Exception, reports
or logs the exception (e.g., using report($e) or Log::error with context) and
does not rethrow so the login flow continues; keep the same payload structure
and host/user info while ensuring any failure in AuditLog::query()->create(...)
is swallowed after logging.
- Around line 167-173: The docblock above the post-login hook in LoginController
is inaccurate: replace the current text about eager-loading roles/permissions
and storing an enriched user in session with a clear description that this
method only records an authentication audit entry (creates an audit log) after a
successful login; update the comment to reference the specific post-login method
in LoginController (the authenticated/login hook) and state that its sole
responsibility is to create an audit log record for the successful
authentication.