Add a user activity page to highlight suspicious activity

[edmorley]

Currently on PyPI, whilst there is a per-package activity table, there isn't anything that shows user activity.

To make account compromise more obvious, it would be great to have a user activity page on Warehouse, that shows:

• Recent failed login attempts
• Recent successful login attempts
• 2FA enabling/disabling/adding of new devices (once we have Add support for two-factor authentication #996)
• Recent actions performed against packages under the user's control (eg new version uploads, owner/maintainer addition/removal)
• Timestamp, IP addresses and geolocation for all of the above

[dstufft]

I'd like to make something similar to what GitHub has, where they have a "Security" page in the user settings (and in the organization settings, which we should also mimic once we get organizations) that shows all of this information. Example:

Clicking on one of the entries shows information like:

This is almost certainly going to be a post-launch task though.

[demianbrecht]

What would be awesome would be to have some event bus backend (Kafka or similar) that could service dispatched events (perhaps aggregated by statsd). Then, we could have consumers that would be responsible for reading the data and sending it along to various sources, one of which could be a service such as the above. We could then also take a look at feeding that data into Graphite (or some other metrics system) to provide an overall view of system health.

@dstufft: Is there currently architecture for something along those lines, or would that need to be investigated?

[edmorley]

I'd like to make something similar to what GitHub has

Perfect - their security page was exactly what I had in mind when I filed this issue.

This is almost certainly going to be a post-launch task though.

Yeah I imagined this and the other issues I filed would be post-launch - I just wanted to make sure we had something on file to track the future work :-)

[brainwane]

I think this is a great idea but I'm marking it for a future milestone to indicate that we shouldn't block launching the new PyPI on this issue. :)

[brainwane]

I'm pretty sure this depends on, and thus is blocked on, #5863. Heads-up @woodruffw -- once you get to that issue, I'd love you to leave a comment here clarifying what subset of the requests above are supported by the new logging.

[brainwane]

Now unblocked! @edmorley see #6339 for events currently being logged. Is that enough to close this issue? I think it is but I want you to double-check.

[edmorley]

@brainwane Hi! Yeah that list of now-logged events looks great - thank you :-)