From ffd4f6d0ee2a8c6f1d45914c8d1cc60146b71099 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Martin?= <rmartin@3liz.com>
Date: Wed, 27 Aug 2025 11:42:18 +0200
Subject: [PATCH 1/5] feat : module upgrade to add notification_auth_success
 column to profile

---
 .../install/sql/add_notify_auth_success.sql   |  1 +
 modules/account/install/upgrade_041.php       | 19 +++++++++++++++++++
 modules/account/module.xml                    |  2 +-
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 modules/account/install/sql/add_notify_auth_success.sql
 create mode 100644 modules/account/install/upgrade_041.php

diff --git a/modules/account/install/sql/add_notify_auth_success.sql b/modules/account/install/sql/add_notify_auth_success.sql
new file mode 100644
index 0000000..bb83f42
--- /dev/null
+++ b/modules/account/install/sql/add_notify_auth_success.sql
@@ -0,0 +1 @@
+ALTER TABLE accounts ADD COLUMN notify_auth_success integer;
diff --git a/modules/account/install/upgrade_041.php b/modules/account/install/upgrade_041.php
new file mode 100644
index 0000000..fe9bc55
--- /dev/null
+++ b/modules/account/install/upgrade_041.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * @author    Laurent Jouanneau
+ * @copyright 2024 Laurent Jouanneau
+ *
+ * @see       https://jelix.org
+ * @licence   MIT
+ */
+
+class accountModuleUpgrader_041 extends \Jelix\Installer\Module\Installer
+{
+    protected $targetVersions = array('0.4.1');
+    protected $date = '2025-08-22';
+
+    public function install(Jelix\Installer\Module\API\InstallHelpers $helpers)
+    {
+        $helpers->database()->execSQLScript('sql/add_notify_auth_success.sql');
+    }
+}
diff --git a/modules/account/module.xml b/modules/account/module.xml
index b7f70c1..5c89437 100644
--- a/modules/account/module.xml
+++ b/modules/account/module.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module xmlns="http://jelix.org/ns/module/1.0">
     <info id="account@jelix.org" name="account" createdate="2021-01-12">
-        <version date="2025-06-16">0.4.0</version>
+        <version date="2025-08-22">0.4.1</version>
         <label lang="en_US">account</label>
         <description lang="en_US" />
         <license URL="">All rights reserved</license>

From 3b2137b3a209ef2ba128f61746217867d85e5296 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Martin?= <rmartin@3liz.com>
Date: Thu, 28 Aug 2025 14:10:04 +0200
Subject: [PATCH 2/5] feat AuthenticationNotifier class, mail content, add
 notify_auth_succes to account Obj

---
 modules/account/lib/Account.php               |  7 +-
 .../Notification/AuthenticationNotifier.php   | 70 +++++++++++++++++++
 .../locales/en_US/account.UTF-8.properties    |  2 +
 .../locales/fr_FR/account.UTF-8.properties    |  2 +
 .../templates/en_US/mailBodyAuthSuccess.tpl   |  8 +++
 .../templates/fr_FR/mailBodyAuthSuccess.tpl   |  8 +++
 6 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 modules/account/lib/Notification/AuthenticationNotifier.php
 create mode 100644 modules/account/templates/en_US/mailBodyAuthSuccess.tpl
 create mode 100644 modules/account/templates/fr_FR/mailBodyAuthSuccess.tpl

diff --git a/modules/account/lib/Account.php b/modules/account/lib/Account.php
index f2408c5..58acb58 100644
--- a/modules/account/lib/Account.php
+++ b/modules/account/lib/Account.php
@@ -57,4 +57,9 @@ public function getEmail()
     {
         return $this->data['email'];
     }
-}
\ No newline at end of file
+
+    public function getNotifyAuthSuccess()
+    {
+        return $this->data['notify_auth_success'];
+    }
+}
diff --git a/modules/account/lib/Notification/AuthenticationNotifier.php b/modules/account/lib/Notification/AuthenticationNotifier.php
new file mode 100644
index 0000000..83c9448
--- /dev/null
+++ b/modules/account/lib/Notification/AuthenticationNotifier.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace Jelix\Authentication\Account\Notification;
+
+use DateTimeImmutable;
+use DomainException;
+use Jelix\Authentication\Account\Account;
+use Jelix\Core\Infos\AppInfos;
+
+class AuthenticationNotifier
+{
+    public const NOTIFY_NEVER = 'never';
+    public const NOTIFY_ALWAYS = 'always';
+    public const NOTIFY_ON_USER_CAN_OPT_OUT = 'enabled';
+    public const NOTIFY_OFF_USER_CAN_OPT_IN = 'disabled';
+
+    private $notifyMode;
+    public function __construct()
+    {
+        $config = \jApp::config()->authentication;
+        if (isset($config['notifyAuthMode']) && $config['notifyAuthMode']) {
+            $this->notifyMode = $config['notifyAuthMode'];
+            if(!in_array($this->notifyMode, [self::NOTIFY_ALWAYS, self::NOTIFY_NEVER, self::NOTIFY_OFF_USER_CAN_OPT_IN, self::NOTIFY_ON_USER_CAN_OPT_OUT])) {
+                throw new DomainException('not a valid notifyAuthMode value');
+            }
+        } else {
+            // use never
+            $this->notifyMode = self::NOTIFY_NEVER;
+            trigger_error('no value defined for notifyAuthMode, using "never"', E_USER_NOTICE);
+        }
+    }
+
+    private function isNotificationEnabled(Account $account)
+    {
+        if ($this->notifyMode == self::NOTIFY_ALWAYS || $this->notifyMode == self::NOTIFY_ALWAYS) {
+            return $this->notifyMode == self::NOTIFY_ALWAYS;
+        }
+        // must check Account value
+        $value = $account->getNotifyAuthSuccess();
+        if($this->notifyMode == self::NOTIFY_OFF_USER_CAN_OPT_IN) {
+            return $value == 1 ;
+        }
+        if($this->notifyMode == self::NOTIFY_ON_USER_CAN_OPT_OUT) {
+            return $value != 0 ;
+        }
+    }
+
+    public function successAuth(Account $account)
+    {
+        // notify
+        if($this->isNotificationEnabled($account)) {
+            $appInfos  = AppInfos::load();
+            $appName = $appInfos->getLabel();
+            $email = $account->getEmail();
+            $mailer = new \jMailer();
+            $mailer->addAddress($email);
+            $mailer->Subject = \jLocale::get('account~account.email.auth.success.subject', [$email, $appName]);
+            $tpl = $mailer->Tpl('account~mailBodyAuthSuccess', true);
+            $tpl->assign('email', $email);
+            $tpl->assign('appName', $appName);
+            $tpl->assign('authDateTime', (new DateTimeImmutable())->format('Y-m-d H:i:s'));
+            $mailer->send();
+        }
+    }
+
+    public function canUsersOverwriteNotifConf(): bool
+    {
+        return in_array($this->notifyMode, [self::NOTIFY_OFF_USER_CAN_OPT_IN, self::NOTIFY_ON_USER_CAN_OPT_OUT]);
+    }
+}
diff --git a/modules/account/locales/en_US/account.UTF-8.properties b/modules/account/locales/en_US/account.UTF-8.properties
index d2572f6..44ff944 100644
--- a/modules/account/locales/en_US/account.UTF-8.properties
+++ b/modules/account/locales/en_US/account.UTF-8.properties
@@ -24,3 +24,5 @@ cancel.and.back.to.profile = Cancel and back to your profile
 back.to.profile = Back to your profile
 
 error.no.account=Sorry, there is no account with the login %s into this application.
+
+email.auth.success.subject=New login with e-mail %s on app %s
diff --git a/modules/account/locales/fr_FR/account.UTF-8.properties b/modules/account/locales/fr_FR/account.UTF-8.properties
index 6342917..c956507 100644
--- a/modules/account/locales/fr_FR/account.UTF-8.properties
+++ b/modules/account/locales/fr_FR/account.UTF-8.properties
@@ -24,3 +24,5 @@ cancel.and.back.to.profile = Annuler et retourner à votre profil
 back.to.profile = Retourner à votre profil
 
 error.no.account=Désolé, il n'y a pas de compte avec l'identifiant %s dans cette application.
+
+email.auth.success.subject=Nouvelle connexion du compte %s sur l'application %s
diff --git a/modules/account/templates/en_US/mailBodyAuthSuccess.tpl b/modules/account/templates/en_US/mailBodyAuthSuccess.tpl
new file mode 100644
index 0000000..9bcfcdc
--- /dev/null
+++ b/modules/account/templates/en_US/mailBodyAuthSuccess.tpl
@@ -0,0 +1,8 @@
+<p>Hello</p>
+<p>
+A new login has just been made on the {$appName} application with your email address {$email}
+</p><p>
+Date and time: {$authDateTime}
+</p><p>
+If this login corresponds to your activity, you can ignore this message.
+</p>
diff --git a/modules/account/templates/fr_FR/mailBodyAuthSuccess.tpl b/modules/account/templates/fr_FR/mailBodyAuthSuccess.tpl
new file mode 100644
index 0000000..ae6da56
--- /dev/null
+++ b/modules/account/templates/fr_FR/mailBodyAuthSuccess.tpl
@@ -0,0 +1,8 @@
+<p>Bonjour</p>
+<p>
+Une nouvelle connexion vient d'être réalisée sur l'application {$appName} avec votre adresse e-mail {$email}
+</p><p>
+Date et heure : {$authDateTime}
+</p><p>
+Si cette connexion correspond à votre activité, vous pouvez ignorer ce message.
+</p>

From eaa00208c76361768414efff4683c375efbe22e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Martin?= <rmartin@3liz.com>
Date: Thu, 28 Aug 2025 14:13:13 +0200
Subject: [PATCH 3/5] feat : profile ctler can now update notification on auth
 value

---
 modules/account/controllers/profile.classic.php       | 11 +++++++++++
 modules/account/daos/accounts.dao.xml                 |  1 +
 modules/account/forms/profile_modify.form.xml         |  7 ++++++-
 .../account/locales/en_US/account.UTF-8.properties    |  3 +++
 .../account/locales/fr_FR/account.UTF-8.properties    |  3 +++
 5 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/modules/account/controllers/profile.classic.php b/modules/account/controllers/profile.classic.php
index 98ca337..18c8d50 100644
--- a/modules/account/controllers/profile.classic.php
+++ b/modules/account/controllers/profile.classic.php
@@ -6,6 +6,7 @@
 
 use Jelix\Authentication\Account\Manager;
 use Jelix\Authentication\Account\Account;
+use Jelix\Authentication\Account\Notification\AuthenticationNotifier;
 
 class profileCtrl extends jController {
 
@@ -27,6 +28,7 @@ function index() {
         }
 
         $form->initFromDao('account~accounts', $formId);
+        $this->disableNotificationCtrlIfDenied($form);
 
         $tpl = new \jTpl();
         $tpl->assign('form', $form);
@@ -54,6 +56,7 @@ public function modify()
         }
 
         $form->initFromDao('account~accounts', $formId);
+        $this->disableNotificationCtrlIfDenied($form);
 
         $tpl = new jTpl();
         $tpl->assign('form', $form);
@@ -107,5 +110,13 @@ public function save()
 
         return $rep;
     }
+
+    protected function disableNotificationCtrlIfDenied(jFormsBase $form) {
+        $notifier = new AuthenticationNotifier();
+
+        if (!$notifier->canUsersOverwriteNotifConf()) {
+            $form->getControl('notify_auth_success')->deactivate();
+        }
+    }
 }
 
diff --git a/modules/account/daos/accounts.dao.xml b/modules/account/daos/accounts.dao.xml
index 180c170..2bc40e1 100644
--- a/modules/account/daos/accounts.dao.xml
+++ b/modules/account/daos/accounts.dao.xml
@@ -25,6 +25,7 @@
            0 new account, invalid account
            1 valid account
            -->
+      <property name="notify_auth_success" fieldname="notify_auth_success" datatype="integer" />
       <property name="create_date" fieldname="create_date" datatype="datetime"
                 insertpattern="now()" updatepattern=""/>
 
diff --git a/modules/account/forms/profile_modify.form.xml b/modules/account/forms/profile_modify.form.xml
index 4a68f57..ece46bc 100644
--- a/modules/account/forms/profile_modify.form.xml
+++ b/modules/account/forms/profile_modify.form.xml
@@ -16,6 +16,11 @@
     <input type="email" ref="email">
         <label locale="account~account.profile.th.email"/>
     </input>
+    <radiobuttons ref="notify_auth_success" required='true'>
+        <label locale="account~account.profile.th.notify_auth_success"/>
+        <item value="1" locale='account~account.profile.notify_auth_success.text.on' />
+        <item value="0" locale='account~account.profile.notify_auth_success.text.off' />
+    </radiobuttons >
 
 <output ref="create_date">
     <label locale="account~account.profile.th.createdate"/>
@@ -25,4 +30,4 @@
     <label locale="jelix~ui.buttons.save"/>
 </submit>
 
-</form>
\ No newline at end of file
+</form>
diff --git a/modules/account/locales/en_US/account.UTF-8.properties b/modules/account/locales/en_US/account.UTF-8.properties
index 44ff944..ab0f7b8 100644
--- a/modules/account/locales/en_US/account.UTF-8.properties
+++ b/modules/account/locales/en_US/account.UTF-8.properties
@@ -9,6 +9,9 @@ profile.th.email = Email
 profile.th.status = Status
 profile.th.createdate = Account's creation date
 profile.th.provider = Authentication provider
+profile.th.notify_auth_success = Receive an email notification each time you log in
+profile.notify_auth_success.text.on= On
+profile.notify_auth_success.text.off= Off
 
 profile.button.modify = Modify
 
diff --git a/modules/account/locales/fr_FR/account.UTF-8.properties b/modules/account/locales/fr_FR/account.UTF-8.properties
index c956507..ef23848 100644
--- a/modules/account/locales/fr_FR/account.UTF-8.properties
+++ b/modules/account/locales/fr_FR/account.UTF-8.properties
@@ -9,6 +9,9 @@ profile.th.email = Email
 profile.th.status = Statut
 profile.th.createdate = Date de création du compte
 profile.th.provider = Service d'authentification
+profile.th.notify_auth_success = Recevoir une notification e-mail à chaque connexion
+profile.notify_auth_success.text.on= Actif
+profile.notify_auth_success.text.off= Inactif
 
 profile.button.modify = Modifier
 

From cbda80d6f5ea466dba6a8ea30dc3178027f49f76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Martin?= <rmartin@3liz.com>
Date: Thu, 28 Aug 2025 14:17:02 +0200
Subject: [PATCH 4/5] feat : auth event now trigger notification method

---
 modules/account/classes/authAccount.listener.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/account/classes/authAccount.listener.php b/modules/account/classes/authAccount.listener.php
index 98ae8f9..c5b7d71 100644
--- a/modules/account/classes/authAccount.listener.php
+++ b/modules/account/classes/authAccount.listener.php
@@ -1,6 +1,7 @@
 <?php
 
 use Jelix\Authentication\Account;
+use Jelix\Authentication\Account\Notification\AuthenticationNotifier;
 use Jelix\Authentication\Core\Workflow\Event\GetAccountEvent;
 use Jelix\Authentication\Core\Workflow\Step\StepException;
 use Jelix\Authentication\LoginPass\AuthLPCanResetPasswordEvent;
@@ -27,6 +28,8 @@ function onAuthWorkflowStep($event)
         $account = Account\Manager::searchAccountByIdp($idpId, $user->getUserId(), true);
         if ($account) {
             $event->setAccount($account);
+            $notifier = new AuthenticationNotifier();
+            $notifier->successAuth($account);
         }
         else {
             $isAccountCreationAllowed = false;

From 05484e0d8218a9005219e2d3445d84b86c60f357 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Martin?= <rmartin@3liz.com>
Date: Thu, 28 Aug 2025 14:49:19 +0200
Subject: [PATCH 5/5] doc: describe notifyAuthMode config value

---
 docs/en/authcore.md                        | 2 ++
 test/testapp/app/system/mainconfig.ini.php | 1 +
 2 files changed, 3 insertions(+)

diff --git a/docs/en/authcore.md b/docs/en/authcore.md
index 7e941cb..fbe4407 100644
--- a/docs/en/authcore.md
+++ b/docs/en/authcore.md
@@ -26,6 +26,8 @@ signOutAction="authcore~sign:out"
 ; action to redirect to when displaying the login page whereas the user is
 ; already authenticated. Typical action: the action of the home page
 signInAlreadyAuthAction=
+; always/never/enabled/disabled (enabled/disabled : user can override value)
+notifyAuthMode=
 
 [sessionauth]
 ; action to redirect to when authentication is needed and the user is not authenticated
diff --git a/test/testapp/app/system/mainconfig.ini.php b/test/testapp/app/system/mainconfig.ini.php
index 3565965..24ef93a 100644
--- a/test/testapp/app/system/mainconfig.ini.php
+++ b/test/testapp/app/system/mainconfig.ini.php
@@ -197,6 +197,7 @@
 sessionHandler=php
 
 signInAlreadyAuthAction="adminui~default:index"
+notifyAuthMode=enabled
 
 [sessionauth]
 authRequired=off