rappasoft/laravel-authentication-log
Notifications may be sent on the mail, vonage (formerly Nexmo), and slack channels but by default notify via email.
You may define a notifyAuthenticationLogVia method on your authenticatable models to determine which channels the notification should be delivered on:
public function notifyAuthenticationLogVia()
{
return ['vonage', 'mail', 'slack'];
}
You must install the Slack and Vonage drivers to use those routes and follow their documentation on setting it up for your specific authenticatable models.
Enabled by default, they use the \Rappasoft\LaravelAuthenticationLog\Notifications\NewDevice class which can be overridden in the config file.
New device notifications are rate-limited by default to prevent spam. You can configure this in the config file:
'new-device' => [
'rate_limit' => 3, // Maximum 3 notifications per time period
'rate_limit_decay' => 60, // Time period in minutes
],
This means a user will receive a maximum of 3 new device notifications per hour. Additional logins from new devices within that time period will not trigger notifications.
Disabled by default, they use the \Rappasoft\LaravelAuthenticationLog\Notifications\FailedLogin class which can be overridden in the config file.
Failed login notifications also support rate limiting:
'failed-login' => [
'rate_limit' => 5, // Maximum 5 notifications per time period
'rate_limit_decay' => 60, // Time period in minutes
],
Disabled by default, suspicious activity notifications use the \Rappasoft\LaravelAuthenticationLog\Notifications\SuspiciousActivity class which can be overridden in the config file.
When enabled, users will receive notifications when suspicious activity is detected, including:
Add to your .env file:
SUSPICIOUS_ACTIVITY_NOTIFICATION=true
Or configure in config/authentication-log.php:
'suspicious-activity' => [
'enabled' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION', false),
'location' => function_exists('geoip'),
'template' => \Rappasoft\LaravelAuthenticationLog\Notifications\SuspiciousActivity::class,
'rate_limit' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT', 3),
'rate_limit_decay' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT_DECAY', 60),
],
Suspicious activity notifications support rate limiting to prevent notification spam:
'suspicious-activity' => [
'rate_limit' => 3, // Maximum 3 notifications per time period
'rate_limit_decay' => 60, // Time period in minutes
],
This means a user will receive a maximum of 3 suspicious activity notifications per hour, even if multiple suspicious activities are detected.
If the torann/geoip package is installed, it will attempt to include location information to the notifications by default.
You can turn this off within the configuration for each template.
Note: By default when working locally, no location will be recorded because it will send back the default address from the geoip config file. You can override this behavior in the email templates.
You can override the notification classes in the config file:
'notifications' => [
'new-device' => [
'template' => \App\Notifications\CustomNewDevice::class,
],
'failed-login' => [
'template' => \App\Notifications\CustomFailedLogin::class,
],
'suspicious-activity' => [
'template' => \App\Notifications\CustomSuspiciousActivity::class,
],
],
Your custom notification classes should extend the base notification classes or implement the same interface.
How can I help you explore Laravel packages today?