From 801d6252ee5a0d68b00da600bcb59df98da9f24b Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Tue, 5 Aug 2025 04:39:19 +0000
Subject: [PATCH] feat: add audit logging for successful and failed login
 attempts

---
 owasp-top10-2021-apps/a9/games-irados/app/routes.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/owasp-top10-2021-apps/a9/games-irados/app/routes.py b/owasp-top10-2021-apps/a9/games-irados/app/routes.py
index eddd6a999..fbee6d319 100644
--- a/owasp-top10-2021-apps/a9/games-irados/app/routes.py
+++ b/owasp-top10-2021-apps/a9/games-irados/app/routes.py
@@ -77,8 +77,10 @@ def login():
         psw = Password(request.form.get('password').encode('utf-8'))
         user_password, success = database.get_user_password(username)
         if not success or user_password == None or not psw.validate_password(str(user_password[0])):
+            logging.warning("Failed login attempt for user %s from IP %s", username, request.remote_addr)
             flash("Usuario ou senha incorretos", "danger")
             return render_template('login.html')
+        logging.info("Successful login for user %s from IP %s", username, request.remote_addr)
         session['username'] = username
         return redirect('/home')
     else: