aaemnnosttv
commented
7 years ago I agree this would be a useful feature, however as something that most users might not use I'm hesitant to jump straight to implementing a log file for this. A log file also has the potential to reduce the current level of security provided by the command, if not properly secured itself.
I think the best way forward here is to emit an action when the server handles a request which passes all the relevant data along with it. You could then easily implement a simple plugin to hook on this action and write to a log file however you wish.
Would be very useful for administrators being able to review the requests that were handled by the plugin class, i.e. in order to being able to setup rules for user-agents (like I've suggested to ignoring user-agents like Slack/Telegram/Whatsapp/etc.), check IPs, users that used their links, etc.
If the login is dumped to a file, recording the status of the request (authorized/already used/expired), would allow to check with tools like fail2ban, if an IP is trying to abuse the link/login mechanism, thus blocking it.