Connection Report

[MTRichards]

Requirements

We should send some events via mail to the user to give them the fluffy warm feeling of “Your ownCloud is secure and there for you.”

UX Example

Technical implementation

If we want to give a fluffy warm feeling to the user, the easiest way to do this is from my understanding to send them an e-mail if an unknown device has been used to login.

The problem being here that using WebDAV without tokens any heuristic has either to be very dumb or not really reliable. This is something that I’d like to avoid, thus this is kind of coupled to the “Get device specific token” thingy.

We can then send notifications to the user in case of:

1. A new device has been added. Basically is a new token has been generated on some way.
2. A new browser has been used to login. Basically by adding another cookie to the browser that is long-living and correlates within the user-database to which accounts the user has at least logged-in once successfully.

Such a notification should contain:

1. Operating System (can be read from User Agent)
2. Type (Browser / Mobile App / Desktop)
3. Location / IP
   a. A location lookup is not really possible considering the license problematic. We can however implement MaxMind as a fallback and let users configure the path to MaxMind themselves. (http://dev.maxmind.com/geoip/geoip2/geolite2/)
4. A link to a “Security” part of ownCloud. Basically the settings part of ownCloud where Tokens / Password / etc. are managed. As well as some documentation reference for it.

Recommendation

From my Point of View implementing something like this would give the fluffy warm feeling that users may want and should not be too hard if the pre-requisites are done. Basically once we have overhauled the login logic a bit as required for device-based token Auth we can add something like this pretty easy and completely unit-tested.

[jancborchardt]

Btw we already have existing discussion of this in #6120 – it would be awesome if for these cases we can use the existing issue instead of creating new ones, cause the relevant parties are already subscribed to it.

We can always update the top post with the relevant specs and screenshots cc @LukasReschke

[MTRichards]

Weekly or monthly email is an option in the control panel
Snapshots of these metrics are gathered on a weekly basis and storing them
Useful Metrics for Community Admins:

• File count (total files on the system)
• Total storage used, total storage available
• Shares sent and received
• Total number of users
• Total number of users accessing ownCloud
• Last 10 logged in users for ownCloud, with the login time
• Most logged in users for ownCloud with total access
• Most used apps
• Failed login attempts
• Top 10 failed logins by user
• Top 10 users storage usage with quota
• New ownCloud version available
• Distribution of access (desktop, web, mobile)
• Geography by login
• File mimetypes distribution in storage
• File mimetype access distribution
• Newly updated files (in the last week, month, not touched)

[MTRichards]

Should be sent to everyone in the admin group with an email in the database.

[MTRichards]

Need to work through what we are going to report, what is above is a wishlist of what would be good.

Estimation: 1 week

[MTRichards]

@jancborchardt need design help to make the email look nice.

[schiessle]

If I understand it correctly #23458 is a per-requirement for this feature

[LukasReschke]

If I understand it correctly #23458 is a per-requirement for this feature

In a second step: Yes. At least for the authentication stuff. Stuff like "The last 10 logged-in users" we can however already read using the last_login in the appconfig table.

For stuff like: Total storage / update available / amount of shares we also don't need that.

So in a first stuff I'd focus on something like that. I'll redirect you a mail to show you how it looks for example on Google :)

[schiessle]

OK, I think in general this issue is about two more or less different mails.

1. The notification if someone login from a different device. Before we can do this we need to track the devices, something we will basically get from 9.1: Pluggable Auth #23458
2. a weekly summary mail for admins, therefore we don't need 9.1: Pluggable Auth #23458 (at least not for all data)

[PVince81]

Feature didn't make it into 9.1, moving to 9.2 for now to reconsider.

@dragotin @DeepDiver1975

[DeepDiver1975]

Backlog fromy my pov

[dragotin]

Backlog.

[PVince81]

Probably something to be implemented in a separate app.

The app should likely use "User Notifications" which will soon be able to send emails. So the admin can also get those in the web UI / on mobile, etc.

@pmaier1