feat(06.2): log attempted email on failed login and surface it in audit log

- auth.py: store attempted_email in metadata_ and link user_id when the account exists (wrong password case); previously logged no PII at all - AuditLogTab: Email column falls back to metadata_.attempted_email in amber with "(attempted)" label when no confirmed user_email is available Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-01 21:02:37 +02:00
parent 7027347597
commit 2686fde2d7
2 changed files with 8 additions and 5 deletions
@@ -109,7 +109,11 @@
          >
            <td class="px-4 py-3 font-mono text-xs text-gray-500">{{ formatTimestamp(entry.created_at) }}</td>
            <td class="px-4 py-3 text-sm text-gray-700">{{ entry.user_handle || entry.user_id || '—' }}</td>
-            <td class="px-4 py-3 text-sm text-gray-500">{{ entry.user_email || '—' }}</td>
+            <td class="px-4 py-3 text-sm text-gray-500">
+              <span v-if="entry.user_email">{{ entry.user_email }}</span>
+              <span v-else-if="entry.metadata_?.attempted_email" class="text-amber-600">{{ entry.metadata_.attempted_email }} <span class="text-xs">(attempted)</span></span>
+              <span v-else>—</span>
+            </td>
            <td class="px-4 py-3">
              <span
                class="text-xs px-2 py-1 rounded-full font-medium"