mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-23 01:21:03 +00:00
Log an error level message when user auth fail
When a user login using the form we know log an error level information with information about the user: - username used - IP - User agent For example: > Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36". It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.
This commit is contained in:
parent
3f474025d8
commit
63f9f22fa3
3 changed files with 71 additions and 0 deletions
|
@ -41,6 +41,7 @@ security:
|
|||
form_login:
|
||||
provider: fos_userbundle
|
||||
csrf_token_generator: security.csrf.token_manager
|
||||
failure_handler: wallabag_user.security.custom_auth_failure_handler
|
||||
|
||||
anonymous: true
|
||||
remember_me:
|
||||
|
|
|
@ -35,3 +35,11 @@ services:
|
|||
- "%wallabag_core.list_mode%"
|
||||
tags:
|
||||
- { name: kernel.event_subscriber }
|
||||
|
||||
wallabag_user.security.custom_auth_failure_handler:
|
||||
class: Wallabag\UserBundle\Security\CustomAuthenticationFailureHandler
|
||||
arguments:
|
||||
- "@http_kernel"
|
||||
- "@security.http_utils"
|
||||
- { }
|
||||
- "@logger"
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
<?php
|
||||
|
||||
namespace Wallabag\UserBundle\Security;
|
||||
|
||||
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Http\ParameterBagUtils;
|
||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
|
||||
/**
|
||||
* This is a custom authentication failure.
|
||||
* It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
|
||||
*
|
||||
* This only changing thing is the logError() addition
|
||||
*/
|
||||
class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
|
||||
{
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
||||
{
|
||||
if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) {
|
||||
$this->options['failure_path'] = $failureUrl;
|
||||
}
|
||||
|
||||
if (null === $this->options['failure_path']) {
|
||||
$this->options['failure_path'] = $this->options['login_path'];
|
||||
}
|
||||
|
||||
if ($this->options['failure_forward']) {
|
||||
$this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]);
|
||||
|
||||
$this->logError($request);
|
||||
|
||||
$subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
|
||||
$subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception);
|
||||
|
||||
return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
|
||||
}
|
||||
|
||||
$this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]);
|
||||
|
||||
$this->logError($request);
|
||||
|
||||
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
|
||||
|
||||
return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log error information about fialure
|
||||
*
|
||||
* @param Request $request
|
||||
*/
|
||||
private function logError(Request $request)
|
||||
{
|
||||
$this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue