Warning if logged in from new device/location (like Google Devices & Activity section)


#1

Is there any package that sends a user an email if he (or a hacker) logs on from a different device or location?

For example like:


If there is no package for this

Accounts.validateLoginAttempt (function(attempt) {
	console.log(attempt);
}

would print out:

connection:  clientAddress: 127.0.0.1
		     user-agent: Macintosh; Intel Mac …  Chrome…
		     accept-language: de-DE, en-US, …

If you save that to a collection or to the profile you could be able to that with meteor. A’m I right?


#2

You can probably just push that to an “approved devices” field with some kind of sendApprovalEmail extension on accounts.

Accounts.validateLoginAttempt(function (attempt) {
  if (attempt.user.locked) {
    attempt.allowed = false;
  }
  if (!_.contains(attempt.user.approvedDevices, attempt.connection)) {
    Accounts.sendApprovalEmail(attempt.user._id);
    attempt.allowed = false;
  }
  return attempt;
});

Accounts.sendApprovalEmail = function (userId) {
  const token = Random.secret();
  Meteor.users.update(userId, {
    $set: {
      locked: true,
      'services.password.approve': {
        token: token,
        when: new Date()
      }
    }
  });
  const user = Meteor.users.findOne(userId);
  Email.send(user.emails[0], {
    from: 'Accounts security',
    text: `Please visit this link to verify your account ${Meteor.absoluteUrl('verify_account/' + token)}`
  })
}

#3

Thanks! I will try that out.