Keep a reference to the user that authenticated.

Keeping the user allows us to distinguish unique logins on a stateless firewall by grouping per ip, hour and user id

Entity/AuthenticationEntry.php

@@ -20,6 +20,7 @@
  */
 namespace vierbergenlars\AuthserverStatsBundle\Entity;
 
+use App\Entity\User;
 use Doctrine\ORM\Mapping as ORM;
 
 /**
@@ -52,6 +53,14 @@ class AuthenticationEntry
      */
     private $timeStamp;
 
+    /**
+     * @ORM\ManyToOne(targetEntity="App\Entity\User", fetch="EAGER")
+     * @ORM\JoinColumn(nullable=true)
+     *
+     * @var User|null
+     */
+    private $user;
+
     /**
      * @ORM\Column(name="success", type="boolean")
      *
@@ -59,10 +68,11 @@ class AuthenticationEntry
      */
     private $success;
 
-    public function __construct($ip, $success)
+    public function __construct($ip, $success, User $user = null)
     {
         $this->ip = $ip;
         $this->success = $success;
+        $this->user = $user;
         $this->timeStamp = new \DateTime();
     }
 
@@ -93,6 +103,15 @@ class AuthenticationEntry
         return $this->timeStamp;
     }
 
+    /**
+     *
+     * @return \App\Entity\User|null
+     */
+    public function getUser()
+    {
+        return $this->user;
+    }
+
     /**
      *
      * @return boolean

EventListener/AuthenticationStatsListener.php

@@ -19,6 +19,7 @@
  */
 namespace vierbergenlars\AuthserverStatsBundle\EventListener;
 
+use App\Entity\User;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use vierbergenlars\AuthserverStatsBundle\Event\StatsEvent;
 use Symfony\Bridge\Doctrine\RegistryInterface;
@@ -79,17 +80,23 @@ class AuthenticationStatsListener implements EventSubscriberInterface
         $this->firewallMap = $firewallMap;
     }
 
-    public function onInteractiveLogin(InteractiveLoginEvent $event)
+    private function insertAuthSuccess(User $user)
     {
-        if ($this->isStatelessFirewall())
-            return;
         $request = $this->requestStack->getMasterRequest();
-        $authSuccess = new AuthenticationEntry($request->getClientIp(), true);
+        $authSuccess = new AuthenticationEntry($request->getClientIp(), true, $user);
         $em = $this->registry->getManagerForClass(AuthenticationEntry::class);
         $em->persist($authSuccess);
         $em->flush($authSuccess);
     }
 
+    public function onInteractiveLogin(InteractiveLoginEvent $event)
+    {
+        if ($this->isStatelessFirewall())
+            return;
+        $this->insertAuthSuccess($event->getAuthenticationToken()
+            ->getUser());
+    }
+
     private function isStatelessFirewall()
     {
         $request = $this->requestStack->getMasterRequest();
@@ -111,11 +118,8 @@ class AuthenticationStatsListener implements EventSubscriberInterface
             return;
         if (!$this->isStatelessFirewall())
             return;
-        $request = $this->requestStack->getMasterRequest();
-        $authSuccess = new AuthenticationEntry($request->getClientIp(), true);
-        $em = $this->registry->getManagerForClass(AuthenticationEntry::class);
-        $em->persist($authSuccess);
-        $em->flush($authSuccess);
+        $this->insertAuthSuccess($event->getAuthenticationToken()
+            ->getUser());
     }
 
     public function onAuthFailure(AuthenticationFailureEvent $event)

Resources/migrations/VersionAuthserverStats20171107073421.php

@@ -0,0 +1,48 @@
+<?php
+/**
+ * Authserver, an OAuth2-based single-signon authentication provider written in PHP.
+ *
+ * Copyright (C) $today.date  Lars Vierbergen
+ *
+ * his program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+class VersionAuthserverStats20171107073421 extends AbstractMigration
+{
+
+    public function up(Schema $schema)
+    {
+        $authEntry = $schema->getTable('vierbergenlars_stats_auth');
+        $authEntry->addColumn('user_id', 'integer')->setNotnull(false);
+
+        $authEntry->addForeignKeyConstraint('auth_users', [
+            'user_id'
+        ], [
+            'id'
+        ], [
+            'onDelete' => 'SET NULL'
+        ], 'vl_stats_auth_user');
+    }
+
+    public function down(Schema $schema)
+    {
+        $authEntry = $schema->getTable('vierbergenlars_stats_auth');
+        $authEntry->dropColumn('user_id');
+    }
+}
+