# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1701431942 0
# Node ID 238c4ac8b735d3b48ac7cd0dc1bcd149f055a0f0
# Parent  dfbced5e54b9ef14b451640feb58de132f59b6bb
mod_audit_auth: Add audit record when a client connects that has not been seen before

diff -r dfbced5e54b9 -r 238c4ac8b735 mod_audit_auth/README.md
--- a/mod_audit_auth/README.md	Fri Dec 01 11:34:52 2023 +0000
+++ b/mod_audit_auth/README.md	Fri Dec 01 11:59:02 2023 +0000
@@ -7,3 +7,7 @@
 
 This module stores authentication failures and authentication successes in the
 audit log provided by `mod_audit`.
+
+If mod_client_management is loaded, it will also record entries when a new
+client is connected to the user's account for the first time. For non-SASL2
+clients, this may have false positives.
diff -r dfbced5e54b9 -r 238c4ac8b735 mod_audit_auth/mod_audit_auth.lua
--- a/mod_audit_auth/mod_audit_auth.lua	Fri Dec 01 11:34:52 2023 +0000
+++ b/mod_audit_auth/mod_audit_auth.lua	Fri Dec 01 11:59:02 2023 +0000
@@ -1,4 +1,5 @@
 local jid = require"util.jid";
+local st = require "util.stanza";
 
 module:depends("audit");
 -- luacheck: read globals module.audit
@@ -21,3 +22,21 @@
 		session = session,
 	});
 end)
+
+module:hook("client_management/new-client", function (event)
+	local session, client = event.session, event.client;
+
+	local client_info = st.stanza("client", { id = client.id });
+	if client.user_agent then
+		client_info:text_tag("agent", client.user_agent);
+	end
+	if client.legacy then
+		client_info:text_tag("legacy");
+	end
+
+	module:audit(jid.join(session.username, module.host), "new-client", {
+		session = session;
+		custom = {
+		};
+	});
+end);