🎉 Enjoying this package? Consider sponsoring me on GitHub or buying me a beer.
Notifications
Notifications may be sent on the mail, vonage (formerly Nexmo), and slack channels but by default notify via email.
You may define a notifyAuthenticationLogVia method on your authenticatable models to determine which channels the notification should be delivered on:
1public function notifyAuthenticationLogVia()2{3 return ['vonage', 'mail', 'slack'];4}You must install the Slack and Vonage drivers to use those routes and follow their documentation on setting it up for your specific authenticatable models.
New Device Notifications
Enabled by default, they use the \Rappasoft\LaravelAuthenticationLog\Notifications\NewDevice class which can be overridden in the config file.
Rate Limiting
New device notifications are rate-limited by default to prevent spam. You can configure this in the config file:
1'new-device' => [2 'rate_limit' => 3, // Maximum 3 notifications per time period3 'rate_limit_decay' => 60, // Time period in minutes4],This means a user will receive a maximum of 3 new device notifications per hour. Additional logins from new devices within that time period will not trigger notifications.
Failed Login Notifications
Disabled by default, they use the \Rappasoft\LaravelAuthenticationLog\Notifications\FailedLogin class which can be overridden in the config file.
Rate Limiting
Failed login notifications also support rate limiting:
1'failed-login' => [2 'rate_limit' => 5, // Maximum 5 notifications per time period3 'rate_limit_decay' => 60, // Time period in minutes4],Suspicious Activity Notifications
Disabled by default, suspicious activity notifications use the \Rappasoft\LaravelAuthenticationLog\Notifications\SuspiciousActivity class which can be overridden in the config file.
When enabled, users will receive notifications when suspicious activity is detected, including:
- Multiple failed login attempts
- Rapid location changes
- Unusual login times (if enabled)
Enabling Suspicious Activity Notifications
Add to your .env file:
1SUSPICIOUS_ACTIVITY_NOTIFICATION=trueOr configure in config/authentication-log.php:
1'suspicious-activity' => [2 'enabled' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION', false),3 'location' => function_exists('geoip'),4 'template' => \Rappasoft\LaravelAuthenticationLog\Notifications\SuspiciousActivity::class,5 'rate_limit' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT', 3),6 'rate_limit_decay' => env('SUSPICIOUS_ACTIVITY_NOTIFICATION_RATE_LIMIT_DECAY', 60),7],Rate Limiting
Suspicious activity notifications support rate limiting to prevent notification spam:
1'suspicious-activity' => [2 'rate_limit' => 3, // Maximum 3 notifications per time period3 'rate_limit_decay' => 60, // Time period in minutes4],This means a user will receive a maximum of 3 suspicious activity notifications per hour, even if multiple suspicious activities are detected.
Location
If the torann/geoip package is installed, it will attempt to include location information to the notifications by default.
You can turn this off within the configuration for each template.
Note: By default when working locally, no location will be recorded because it will send back the default address from the geoip config file. You can override this behavior in the email templates.
Custom Notification Templates
You can override the notification classes in the config file:
1'notifications' => [ 2 'new-device' => [ 3 'template' => \App\Notifications\CustomNewDevice::class, 4 ], 5 'failed-login' => [ 6 'template' => \App\Notifications\CustomFailedLogin::class, 7 ], 8 'suspicious-activity' => [ 9 'template' => \App\Notifications\CustomSuspiciousActivity::class,10 ],11],Your custom notification classes should extend the base notification classes or implement the same interface.