rappasoft/laravel-authentication-log
The package automatically detects suspicious authentication patterns and flags them for review.
Suspicious activity is automatically detected during login and failed login events. When detected, the authentication log is marked with is_suspicious = true and includes a reason.
You can enable email, Slack, or SMS notifications when suspicious activity is detected. This feature is disabled by default.
Add the following to your .env file:
SUSPICIOUS_ACTIVITY_NOTIFICATION=true
SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT=3
SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT_DECAY=60
Or configure it directly in config/authentication-log.php:
'notifications' => [
'suspicious-activity' => [
'enabled' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION', false),
'location' => function_exists('geoip'),
'template' => \Rappasoft\LaravelAuthenticationLog\Notifications\SuspiciousActivity::class,
'rate_limit' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT', 3),
'rate_limit_decay' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT_DECAY', 60),
],
],
When enabled, users will receive notifications for all types of suspicious activity:
The notification includes details about the suspicious activity, login time, IP address, browser, and location (if available).
Detects when a user has multiple failed login attempts within a short time period:
'suspicious' => [
'failed_login_threshold' => 5, // 5 failed logins in 1 hour triggers suspicious flag
],
Detects when logins occur from multiple countries within a short time period (e.g., login from US, then UK within an hour).
Detects logins outside of normal business hours (if enabled):
'suspicious' => [
'check_unusual_times' => true,
'usual_hours' => [9, 10, 11, 12, 13, 14, 15, 16, 17], // 9 AM to 5 PM
],
You can manually check for suspicious activity:
$user = User::find(1);
$suspiciousActivities = $user->detectSuspiciousActivity();
// Returns array of suspicious activities:
// [
// [
// 'type' => 'multiple_failed_logins',
// 'count' => 5,
// 'message' => '5 failed login attempts in the last hour'
// ],
// [
// 'type' => 'rapid_location_change',
// 'countries' => ['US', 'UK'],
// 'message' => 'Login from multiple countries within an hour'
// ],
// [
// 'type' => 'unusual_login_time',
// 'hour' => 3,
// 'message' => 'Login at unusual time: 3:00'
// ]
// ]
Manually mark a log as suspicious:
$log = AuthenticationLog::find(1);
$log->markAsSuspicious('Manual review: Unusual pattern detected');
use Rappasoft\LaravelAuthenticationLog\Models\AuthenticationLog;
// Get all suspicious logs
$suspiciousLogs = AuthenticationLog::suspicious()->get();
// Get suspicious logs for a user
$userSuspiciousLogs = AuthenticationLog::forUser($user)->suspicious()->get();
// Get recent suspicious activities
$recentSuspicious = AuthenticationLog::suspicious()->recent(7)->get();
// In your LoginController or similar
public function login(Request $request)
{
// ... authentication logic ...
$user = auth()->user();
$suspicious = $user->detectSuspiciousActivity();
if (!empty($suspicious)) {
// Log suspicious activity
\Log::warning('Suspicious activity detected', [
'user_id' => $user->id,
'activities' => $suspicious,
]);
// Optionally require additional verification
// return redirect()->route('verify-suspicious-login');
}
return redirect()->intended();
}
$user = User::find(1);
$suspiciousCount = $user->getSuspiciousActivitiesCount();
How can I help you explore Laravel packages today?