tcell_agent 0.4.0 → 1.0.0

data/lib/tcell_agent/hooks/login_fraud.rb

@@ -4,29 +4,46 @@ require 'tcell_agent/sensor_events/login_fraud'
 module TCellAgent
   module Hooks
     module LoginFraud
-
-      def self.report_login_event(status, env_or_header_keys, tcell_data, user_id)
-        if (TCellAgent.configuration.enabled && TCellAgent.configuration.should_intercept_requests?)
+      def self.report_login_event(status,
+                                  env_or_header_keys,
+                                  tcell_data,
+                                  user_id,
+                                  password,
+                                  user_valid)
+        if TCellAgent.configuration.enabled &&
+           TCellAgent.configuration.should_intercept_requests?
           login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
 
-          if (login_fraud_policy && login_fraud_policy.enabled)
+          if login_fraud_policy && login_fraud_policy.enabled
             if tcell_data
-              if ![TCellAgent::Hooks::V1::Login::LOGIN_FAILURE, TCellAgent::Hooks::V1::Login::LOGIN_SUCCESS].include?(status)
+              if ![TCellAgent::Hooks::V1::Login::LOGIN_FAILURE,
+                   TCellAgent::Hooks::V1::Login::LOGIN_SUCCESS].include?(status)
                 TCellAgent.logger.error("Unkown login status: #{status}")
-              elsif (status == TCellAgent::Hooks::V1::Login::LOGIN_FAILURE) && login_fraud_policy.login_failed_enabled
+
+              elsif (status == TCellAgent::Hooks::V1::Login::LOGIN_FAILURE) &&
+                    login_fraud_policy.login_failed_enabled
                 TCellAgent.send_event(
-                  TCellAgent::SensorEvents::LoginFailure.new(env_or_header_keys, tcell_data, user_id)
+                  TCellAgent::SensorEvents::LoginFailure.new(env_or_header_keys,
+                                                             tcell_data,
+                                                             user_id,
+                                                             password,
+                                                             user_valid)
                 )
-              elsif (status == TCellAgent::Hooks::V1::Login::LOGIN_SUCCESS) && login_fraud_policy.login_success_enabled
+
+              elsif (status == TCellAgent::Hooks::V1::Login::LOGIN_SUCCESS) &&
+                    login_fraud_policy.login_success_enabled
                 TCellAgent.send_event(
-                  TCellAgent::SensorEvents::LoginSuccess.new(env_or_header_keys, tcell_data, user_id)
+                  TCellAgent::SensorEvents::LoginSuccess.new(env_or_header_keys,
+                                                             tcell_data,
+                                                             user_id,
+                                                             password,
+                                                             user_valid)
                 )
               end
             end
           end
         end
       end
-
     end
   end
 end
@@ -34,15 +51,24 @@ end
 if defined?(TCellAgent::Hooks::V1::Frameworks::Rails::Login)
   TCellAgent::Hooks::V1::Frameworks::Rails::Login.module_eval do
     class << self
-
       alias_method :tcell_register_login_event, :register_login_event
-      def register_login_event(status, rails_request, user_id, user_valid=nil)
-        TCellAgent::Instrumentation.safe_block("Rails Auth Hooks") do
+      def register_login_event(status,
+                               rails_request,
+                               user_id,
+                               user_valid = nil,
+                               password = nil)
+        TCellAgent::Instrumentation.safe_block('Rails Auth Hooks') do
           tcell_data = rails_request.env[TCellAgent::Instrumentation::TCELL_ID]
-          TCellAgent::Hooks::LoginFraud.report_login_event(status, rails_request.env, tcell_data, user_id)
+          TCellAgent::Hooks::LoginFraud.report_login_event(
+            status,
+            rails_request.env,
+            tcell_data,
+            user_id,
+            password,
+            user_valid
+          )
         end
       end
-
     end
   end
 end
@@ -50,19 +76,18 @@ end
 if defined?(TCellAgent::Hooks::V1::Login)
   TCellAgent::Hooks::V1::Login.module_eval do
     class << self
-
       alias_method :tcell_register_login_event, :register_login_event
-      def register_login_event(
-          status,
-          session_id,
-          user_agent,
-          referrer,
-          remote_address,
-          header_keys,
-          user_id,
-          document_uri,
-          user_valid=nil)
-        TCellAgent::Instrumentation.safe_block("Login Auth Hooks") do
+      def register_login_event(status,
+                               session_id,
+                               user_agent,
+                               referrer,
+                               remote_address,
+                               header_keys,
+                               user_id,
+                               document_uri,
+                               user_valid = nil,
+                               password = nil)
+        TCellAgent::Instrumentation.safe_block('Login Auth Hooks') do
           tcell_data = TCellAgent::Instrumentation::TCellData.new
           tcell_data.user_agent = user_agent
           tcell_data.referrer = referrer
@@ -70,10 +95,14 @@ if defined?(TCellAgent::Hooks::V1::Login)
           tcell_data.path = document_uri
           tcell_data.hmac_session_id = TCellAgent::SensorEvents::Util.hmac(session_id)
 
-          TCellAgent::Hooks::LoginFraud.report_login_event(status, header_keys, tcell_data, user_id)
+          TCellAgent::Hooks::LoginFraud.report_login_event(status,
+                                                           header_keys,
+                                                           tcell_data,
+                                                           user_id,
+                                                           password,
+                                                           user_valid)
         end
       end
-
     end
   end
 end

data/lib/tcell_agent/instrumentation.rb

@@ -59,10 +59,11 @@ module TCellAgent
 
 
     class TCellData
-      attr_accessor :transaction_id, :session_id, :hmac_session_id, :user_id, :route_id,
-        :uri, :context_filters_by_term, :database_filters, :ip_address, :user_agent, :request_method,
-        :path_parameters, :ip_blocking_triggered, :grape_mount_endpoint, :referrer, :path,
-        :csrf_exception_name, :sql_exceptions, :database_result_sizes
+      attr_accessor :transaction_id, :session_id, :hmac_session_id, :user_id,
+        :password, :route_id, :path, :uri, :fullpath, :context_filters_by_term,
+        :database_filters, :ip_address, :user_agent, :request_method,
+        :path_parameters, :patches_blocking_triggered, :grape_mount_endpoint,
+        :referrer, :csrf_exception_name, :sql_exceptions, :database_result_sizes
 
       def self.filterx(sanitize_string, event_flag, replace_flag, term)
         send_event = false
@@ -79,13 +80,13 @@ module TCellAgent
         return send_event
       end
       def initialize
-        @ip_blocking_triggered = false
+        @patches_blocking_triggered = false
         @context_filters_by_term = Hash.new{|h,k| h[k] = Set.new}
         @sql_exceptions = []
         @database_result_sizes = []
       end
       def is_valid_term?(term)
-        if term != nil && term != '' and term.to_s.length >= 5
+        if term != nil && term != '' && term.to_s.length >= 5
           return true
         end
         return false
@@ -113,7 +114,7 @@ module TCellAgent
 
       def filter_body!(body)
         dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-        if dlp_policy and self.session_id
+        if dlp_policy && self.session_id
           session_id_actions = dlp_policy.get_actions_for_session_id
           if session_id_actions
             send_flag = TCellData.filterx(body, session_id_actions.body_event, session_id_actions.body_redact, self.session_id)
@@ -160,7 +161,7 @@ module TCellAgent
 
       def filter_log(log_msg)
         dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-        if dlp_policy and self.session_id
+        if dlp_policy && self.session_id
           session_id_actions = dlp_policy.get_actions_for_session_id
           if session_id_actions
             send_flag = TCellData.filterx(log_msg, session_id_actions.log_event, session_id_actions.log_redact, self.session_id)
@@ -224,7 +225,7 @@ module TCellAgent
       begin
         block.call()
 
-      rescue Exception => ex
+      rescue StandardError => ex
         TCellAgent.logger.debug "Exception in safe_block #{message}: #{ex.class} happened, message is #{ex.message}"
         TCellAgent.logger.debug(ex.backtrace)
       end
@@ -233,7 +234,7 @@ module TCellAgent
     def self.safe_block_no_log(message, &block)
       begin
         block.call()
-      rescue Exception => e
+      rescue StandardError
       end
     end
   end

data/lib/tcell_agent/logger.rb

@@ -96,7 +96,7 @@ module TCellAgent
 
     log_device = TCellLogDevice.new(
       TCellAgent.configuration.appfirewall_payloads_log_filename,
-      shift_age: 9, shift_size: 5242880
+      :shift_age => 9, :shift_size => 5242880
     )
     @payloads_logger = Logger.new(log_device)
     @payloads_logger.level = Logger::INFO
@@ -138,7 +138,7 @@ module TCellAgent
       logging_directory = File.dirname(logging_file)
       TCellAgent::Utils::IO.create_directory(logging_directory, TCellAgent.configuration.agent_home_owner.to_s)
 
-      log_device = TCellLogDevice.new(logging_file, shift_age: 9, shift_size: 5242880)
+      log_device = TCellLogDevice.new(logging_file, :shift_age => 9, :shift_size => 5242880)
 
       level = loggingLevelFromString(logging_options[:level] || logging_options["level"])
       # limit the total log file to about 9 * 5 = 45 mb

data/lib/tcell_agent/patches/meta_data.rb

@@ -9,21 +9,20 @@ module TCellAgent
   module Patches
 
     class MetaData < TCellAgent::AppSensor::MetaData
-
       class << self
         def build(request)
           tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
           meta_event = MetaData.new(
-            request.request_method,
-            TCellAgent::Utils::Rails.better_ip(request),
+            tcell_context.request_method,
+            tcell_context.ip_address,
             tcell_context.route_id,
             tcell_context.hmac_session_id,
             tcell_context.user_id,
-            tcell_context.transaction_id
+            tcell_context.transaction_id,
+            tcell_context.uri
           )
 
-          meta_event.path = request.path
-          meta_event.user_agent = request.env['HTTP_USER_AGENT']
+          meta_event.path = tcell_context.path
 
           meta_event.get_dict = request.GET
           meta_event.cookie_dict = request.cookies
@@ -31,9 +30,6 @@ module TCellAgent
 
           meta_event.post_dict = request.POST
 
-          meta_event.path_parameters = request.env[TCellAgent::Instrumentation::TCELL_ID].path_parameters
-
-
           # Positions strio to the beginning of input, resetting lineno to zero.
           # rails 4.1 seems to read the stringIO directly and so body.gets is empty
           # this is called
@@ -50,14 +46,14 @@ module TCellAgent
         end
       end
 
-      attr_accessor :path, :request_content_bytes_len, :user_agent
+      attr_accessor :path, :request_content_bytes_len
 
-      def initialize(method, remote_address, route_id, session_id, user_id, transaction_id)
-        super(method, remote_address, route_id, session_id, user_id, transaction_id)
+      def initialize(method, remote_address, route_id, session_id, user_id, transaction_id, location)
+        super(method, remote_address, route_id, session_id, user_id, transaction_id, location)
 
         @request_content_bytes_len = 0
-        @user_agent = nil
       end
     end
+
   end
 end

data/lib/tcell_agent/patches.rb

@@ -3,22 +3,19 @@ module TCellAgent
 
     module Patches
       def self.block?(request)
-        TCellAgent::Instrumentation.safe_block("Checking for block rules") do
-          patches_policy = TCellAgent.policy(TCellAgent::PolicyTypes::Patches)
+        TCellAgent::Instrumentation.safe_block("Checking patches blocking") do
+          rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
 
-          if patches_policy && patches_policy.enabled
+          if rust_policies && rust_policies.patches_enabled
             meta_data = TCellAgent::Patches::MetaData.build(request)
-            resp = patches_policy.apply(meta_data)
+            block_request = rust_policies.block_request?(meta_data)
+            request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered = block_request
 
-            if resp
-              request.env[TCellAgent::Instrumentation::TCELL_ID].ip_blocking_triggered = true
-
-              return resp
-            end
+            return block_request
           end
         end
 
-        nil
+        false
       end
     end
 

data/lib/tcell_agent/policies/clickjacking_policy.rb

@@ -18,10 +18,10 @@ module TCellAgent
                     if !(type && value)
                         raise "Type and value were not set"
                     end
-                    if type.downcase == "content-security-policy"
+                    if type.casecmp("content-security-policy") == 0
                         type = "csp"
                     end
-                    if not @@approved_headers.include?(type.downcase)
+                    if !@@approved_headers.include?(type.downcase)
                         raise "Type was not included in approved_headers"
                     end
                     if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
@@ -52,7 +52,7 @@ module TCellAgent
                         end
                         report_uri = uri.to_s
                         return "#{self.raw_value}; report-uri #{report_uri}"
-                    rescue Exception=>e
+                    rescue StandardError => e
                         return self.raw_value
                     end
                 end
@@ -91,8 +91,7 @@ module TCellAgent
                             begin
                                 csp_header = ContentSecurityPolicyHeader.new(header["name"], header["value"], header["report-uri"])
                                 csp_headers.push(csp_header)
-                            rescue Exception => secure_header_exception
-                                #pass
+                            rescue StandardError
                             end
                         end
                     end

data/lib/tcell_agent/policies/content_security_policy.rb

@@ -23,12 +23,12 @@ module TCellAgent
           if !(type && value)
             raise "Type and value were not set"
           end
-          if type.downcase == "content-security-policy"
+          if type.casecmp("content-security-policy") == 0
             type = "csp"
-          elsif type.downcase == "content-security-policy-report-only"
+          elsif type.casecmp("content-security-policy-report-only") == 0
             type = "csp-report"
           end
-          if not @@approved_headers.include?(type.downcase)
+          if !@@approved_headers.include?(type.downcase)
             raise "Type was not included in approved_headers"
           end
           if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
@@ -51,7 +51,7 @@ module TCellAgent
             if transaction_id
               new_query_ar << ["tid", transaction_id]
             end
-            if session_id and session_id.length > 0
+            if session_id && session_id.length > 0
               new_query_ar << ["sid", session_id]
             end
             if route_id
@@ -71,7 +71,7 @@ module TCellAgent
               report_uri = report_uri + "c=" + checksum.to_s
             end
             return "#{self.raw_value}; report-uri #{report_uri}"
-          rescue Exception
+          rescue StandardError
             return self.raw_value
           end
         end
@@ -122,8 +122,6 @@ module TCellAgent
         end
 
         if policy_json.has_key?("headers")
-          TCellAgent.configuration.js_agent_url = TCellAgent.configuration.startup_js_agent_url
-
           headers = policy_json["headers"]
           csp_headers = []
 
@@ -131,13 +129,9 @@ module TCellAgent
           headers.each do |header|
             if header.has_key?("name") && header.has_key?("value")
               begin
-                if TCellAgent.configuration.startup_js_agent_url == "https://api.tcell.io/tcellagent.min.js" && header["value"] =~ /https:\/\/jsagent.tcell.io/
-                  TCellAgent.configuration.js_agent_url = "https://jsagent.tcell.io/tcellagent.min.js"
-                end
-
                 csp_header = ContentSecurityPolicyHeader.new(header["name"], header["value"], header["report-uri"], csp.policy_id)
                 csp_headers.push(csp_header)
-              rescue
+              rescue StandardError
               end
             end
           end

data/lib/tcell_agent/policies/dataloss_policy.rb

@@ -88,7 +88,7 @@ module TCellAgent
                 get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id)
             end
             def get_actions_for_request(context, variable, route_id=nil)
-                if (context == nil or variable == nil)
+                if (context == nil || variable == nil)
                     return nil
                 end
                 if (route_id == nil)
@@ -262,7 +262,7 @@ module TCellAgent
                                 actions = protection_json.fetch("actions",{})
                                 filter_actions = DataLossPolicy.actions_from_json(actions)
                                 _route_ids = ["*"]
-                                if (scope != nil and scope != "global")
+                                if scope != nil && scope != "global"
                                     if scope=="route"
                                         _route_ids = protection_json.fetch("route_ids",[])
                                     end

data/lib/tcell_agent/policies/http_redirect_policy.rb

@@ -64,7 +64,7 @@ module TCellAgent
             nil)
 
           TCellAgent.send_event(event)
-        rescue Exception => ie
+        rescue StandardError => ie
           TCellAgent.logger.error("uncaught exception while creating redirect event: #{ie.message}")
         end
 
@@ -91,7 +91,7 @@ module TCellAgent
           policy_data_json = policy_json["data"]
           http_redirect_policy.enabled = policy_data_json.fetch("enabled", false)
           http_redirect_policy.block = policy_data_json.fetch("block", false)
-          http_redirect_policy.data_scheme_allowed = policy_data_json.fetch("dataSchemeAllowed", false)
+          http_redirect_policy.data_scheme_allowed = policy_data_json.fetch("data_scheme_allowed", false)
 
           http_redirect_policy.whitelist = []
           policy_data_json.fetch("whitelist", []).each do |regex_pattern|

data/lib/tcell_agent/policies/policy.rb

@@ -2,8 +2,6 @@ module TCellAgent
   module Policies
 
     class Policy
-      def free_native_memory
-      end
     end
 
   end

data/lib/tcell_agent/policies/rust_policies.rb

@@ -0,0 +1,90 @@
+require 'tcell_agent/appsensor/injections_reporter'
+require 'tcell_agent/instrumentation'
+require 'tcell_agent/policies/policy'
+require 'tcell_agent/rust/models'
+require 'tcell_agent/rust/whisperer'
+require 'tcell_agent/sensor_events/command_injection'
+require 'tcell_agent/sensor_events/patches'
+
+
+module TCellAgent
+  module Policies
+
+    class RustPolicies < Policy
+
+      attr_reader :appfirewall_enabled, :patches_enabled, :cmdi_enabled
+
+      def initialize()
+        @appfirewall_enabled = false
+        @patches_enabled = false
+        @cmdi_enabled = false
+        @agent_ptr = nil
+
+        whisper = TCellAgent::Rust::Whisperer.create_agent()
+        if whisper["error"]
+          TCellAgent.logger.error("Error initializing policies: #{whisper["error"]}")
+        else
+          @agent_ptr = whisper["agent_ptr"]
+        end
+      end
+
+      def update_policies(policies_json)
+        return unless @agent_ptr && policies_json
+
+        whisper = TCellAgent::Rust::Whisperer.update_policies(@agent_ptr, {"result" => policies_json})
+        if whisper["errors"]
+          whisper["errors"].each do |error|
+            TCellAgent.logger.error("Error updating policies: #{error}")
+          end
+        else
+          enablements = whisper["enablements"]
+          @appfirewall_enabled = enablements["appfirewall"]
+          @patches_enabled = enablements["patches"]
+          @cmdi_enabled = enablements["cmdi"]
+        end
+      end
+
+      def block_request?(appsensor_meta)
+        return false unless @agent_ptr && @patches_enabled
+
+        whisper = TCellAgent::Rust::Whisperer.apply_patches(@agent_ptr, appsensor_meta)
+        if whisper["error"]
+          TCellAgent.logger.error("Error processing patches: #{whisper["error"]}")
+        else
+          response = whisper["apply_response"]
+          if response && response["status"] == "Blocked"
+            patches_event = TCellAgent::SensorEvents::PatchesEvent.new(response, appsensor_meta)
+            TCellAgent.send_event(patches_event)
+            return true
+          end
+        end
+
+        false
+      end
+
+      def check_appfirewall_injections(appsensor_meta)
+        return unless @agent_ptr && @appfirewall_enabled
+
+        TCellAgent::Instrumentation.safe_block("AppSensor inspection") do
+          whisper = TCellAgent::Rust::Whisperer.apply_appfirewall(@agent_ptr, appsensor_meta)
+          TCellAgent::AppSensor::InjectionsReporter.report_and_log(whisper["apply_response"])
+        end
+      end
+
+      def block_command?(command, tcell_context)
+        return false unless @agent_ptr && @cmdi_enabled && TCellAgent.is_it_safe_to_send_cmdi_events?
+
+        whisper = TCellAgent::Rust::Whisperer.apply_cmdi(@agent_ptr, command)
+        apply_response = whisper.fetch("apply_response", {})
+        cmdi_event =
+          TCellAgent::SensorEvents::CommandInjectionEvent.build_from_native_lib_response_and_tcell_context(apply_response,
+                                                                                                           tcell_context)
+        if cmdi_event
+          TCellAgent.send_event(cmdi_event)
+        end
+
+        apply_response.fetch("blocked", false)
+      end
+    end
+  end
+end

data/lib/tcell_agent/policies/secure_headers_policy.rb

@@ -21,7 +21,7 @@ module TCellAgent
                     if !(name && value)
                         raise "Name and value were not set"
                     end
-                    if not @@approved_headers.include?(name.downcase)
+                    if !@@approved_headers.include?(name.downcase)
                         raise "Name was not included in approved_headers"
                     end
                     if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
@@ -53,7 +53,7 @@ module TCellAgent
                             begin
                                 security_header = SecurityHeader.new(header["name"], header["value"])
                                 security_headers.push(security_header)
-                            rescue Exception => secure_header_exception
+                            rescue StandardError => secure_header_exception
                                 TCellAgent.logger.debug("Could not load secure header:" + secure_header_exception.message)
                             end
                         end

data/lib/tcell_agent/rails/auth/authlogic.rb

@@ -1,5 +1,3 @@
-# See the file "LICENSE" for the full license governing this code.
-
 if TCellAgent.configuration.should_instrument_authlogic?
 
   require 'tcell_agent/logger'
@@ -8,56 +6,76 @@ if TCellAgent.configuration.should_instrument_authlogic?
 
   module TCellAgent
     if defined?(Authlogic)
-      TCellAgent.logger.debug("Instrumenting Authlogic")
+
+      TCellAgent.logger.debug('Instrumenting Authlogic')
+
       require 'tcell_agent/agent'
       require 'tcell_agent/sensor_events/login_fraud'
+
       Authlogic::Session::Base.class_eval do
-        alias_method :original_save, :save
+        alias_method :tcell_save, :save
         def save(&block)
-          if (TCellAgent.configuration.enabled && TCellAgent.configuration.should_intercept_requests?)
-            user_logged_in_before = (user != nil)
-            success = original_save
-            user_logged_in_after = (user != nil)
-            TCellAgent::Instrumentation.safe_block("Authlogic login info") {
+          if TCellAgent.configuration.enabled &&
+             TCellAgent.configuration.should_intercept_requests?
+
+            user_logged_in_before = !user.nil?
+            success = tcell_save(&block)
+            user_logged_in_after = !user.nil?
 
+            TCellAgent::Instrumentation.safe_block('Authlogic login info') do
               login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
-              if (login_fraud_policy && login_fraud_policy.enabled)
+              if login_fraud_policy && login_fraud_policy.enabled
                 user_id = nil
-                TCellAgent::Instrumentation.safe_block("getting userid for login form") {
+                TCellAgent::Instrumentation.safe_block('getting userid for login form') do
                   user_id = self.send(self.class.login_field.to_sym)
-                }
-                if (user_logged_in_before && user_logged_in_after)
-                  #password changed or logged in as another user
-                elsif (!user_logged_in_before && !user_logged_in_after)
-                  if (login_fraud_policy.login_failed_enabled)
+                end
+
+                password = nil
+
+                if user_logged_in_before && user_logged_in_after
+                  # password changed or logged in as another user
+
+                elsif !user_logged_in_before && !user_logged_in_after
+                  if login_fraud_policy.login_failed_enabled
                     request = Authlogic::Session::Base.controller.request
                     tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
                     if tcell_data
-                      event = TCellAgent::SensorEvents::LoginFailure.new(request.env, tcell_data, user_id)
+                      event = TCellAgent::SensorEvents::LoginFailure.new(
+                        request.env,
+                        tcell_data,
+                        user_id,
+                        password
+                      )
                       TCellAgent.send_event(event)
                     end
                   end
-                elsif (!user_logged_in_before && user_logged_in_after)
-                  if (login_fraud_policy.login_success_enabled)
+
+                elsif !user_logged_in_before && user_logged_in_after
+                  if login_fraud_policy.login_success_enabled
                     request = Authlogic::Session::Base.controller.request
                     tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
                     if tcell_data
-                      event = TCellAgent::SensorEvents::LoginSuccess.new(request.env, tcell_data, user_id)
+                      event = TCellAgent::SensorEvents::LoginSuccess.new(
+                        request.env,
+                        tcell_data,
+                        user_id,
+                        password
+                      )
                       TCellAgent.send_event(event)
                     end
                   end
                 end
               end
-            }
+            end
 
             success
 
           else
-            original_save
-          end # if instrument
+            tcell_save(&block)
+          end
         end
       end
-    end # if Authlogic
+    end
   end
 
 end