feat: log emergency access to Joomla action logs

Emergency access events now write to #__action_logs in addition to the mokowaas log file. Visible in System > Action Logs with username and IP address. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 13:54:28 -05:00
parent cdd13cb352
commit b7f336f50d
3 changed files with 45 additions and 1 deletions
@@ -207,11 +207,51 @@ class MokoWaaS extends CMSPlugin
 		$response->error_message = '';
 		$response->type          = 'MokoWaaS';

+		$clientIp = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
+
+		// Log to MokoWaaS log file
 		Log::add(
-			sprintf('Emergency access login by %s from %s', $user->username, $_SERVER['REMOTE_ADDR'] ?? 'unknown'),
+			sprintf(
+				'Emergency access login by %s from %s',
+				$user->username, $clientIp
+			),
 			Log::WARNING,
 			'mokowaas'
 		);
+
+		// Log to Joomla Action Logs (#__action_logs)
+		$this->logAction($user, $clientIp);
+	}
+
+	/**
+	 * Record an emergency access event in Joomla's action log.
+	 *
+	 * @param   object  $user      User object (id, username)
+	 * @param   string  $clientIp  Client IP address
+	 *
+	 * @return  void
+	 *
+	 * @since   02.00.00
+	 */
+	protected function logAction($user, $clientIp)
+	{
+		$db  = Factory::getDbo();
+		$now = Factory::getDate()->toSql();
+
+		$logEntry = (object) [
+			'message_language_key' => 'PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_LOGIN',
+			'message'              => json_encode([
+				'username' => $user->username,
+				'ip'       => $clientIp,
+			]),
+			'log_date'             => $now,
+			'extension'            => 'plg_system_mokowaas',
+			'user_id'              => (int) $user->id,
+			'ip_address'           => $clientIp,
+			'item_id'              => 0,
+		];
+
+		$db->insertObject('#__action_logs', $logEntry);
 	}

 	/**
@@ -42,6 +42,8 @@ PLG_SYSTEM_MOKOWAAS_MASTER_EMAIL_DESC="Email address for the master super admin

 PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_LABEL="Emergency Access"
 PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_DESC="Allow login using database credentials as a two-factor emergency access method. Requires server file access to confirm."
+PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_LOGIN="Emergency access login by {username} from {ip}"
+
 PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_LABEL="IP Whitelist"
 PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_DESC="Emergency access requires an IP whitelist. Set <code>public $mokowaas_allowed_ips = '1.2.3.4,5.6.7.8';</code> in configuration.php. Emergency access is BLOCKED if no IPs are configured."

@@ -42,6 +42,8 @@ PLG_SYSTEM_MOKOWAAS_MASTER_EMAIL_DESC="Email address for the master super admin

 PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_LABEL="Emergency Access"
 PLG_SYSTEM_MOKOWAAS_EMERGENCY_ACCESS_DESC="Allow login using database credentials as a two-factor emergency access method. Requires server file access to confirm."
+PLG_SYSTEM_MOKOWAAS_ACTION_EMERGENCY_LOGIN="Emergency access login by {username} from {ip}"
+
 PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_LABEL="IP Whitelist"
 PLG_SYSTEM_MOKOWAAS_ALLOWED_IPS_NOTE_DESC="Emergency access requires an IP whitelist. Set <code>public $mokowaas_allowed_ips = '1.2.3.4,5.6.7.8';</code> in configuration.php. Emergency access is BLOCKED if no IPs are configured."