]>
Commit | Line | Data |
---|---|---|
63f9f22f JB |
1 | <?php |
2 | ||
3 | namespace Wallabag\UserBundle\Security; | |
4 | ||
5 | use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler; | |
6 | use Symfony\Component\HttpFoundation\Request; | |
7 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | |
8 | use Symfony\Component\Security\Http\ParameterBagUtils; | |
9 | use Symfony\Component\HttpKernel\HttpKernelInterface; | |
10 | use Symfony\Component\Security\Core\Security; | |
11 | ||
12 | /** | |
13 | * This is a custom authentication failure. | |
14 | * It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much. | |
15 | * | |
16 | * This only changing thing is the logError() addition | |
17 | */ | |
18 | class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler | |
19 | { | |
20 | /** | |
21 | * {@inheritdoc} | |
22 | */ | |
23 | public function onAuthenticationFailure(Request $request, AuthenticationException $exception) | |
24 | { | |
25 | if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) { | |
26 | $this->options['failure_path'] = $failureUrl; | |
27 | } | |
28 | ||
29 | if (null === $this->options['failure_path']) { | |
30 | $this->options['failure_path'] = $this->options['login_path']; | |
31 | } | |
32 | ||
33 | if ($this->options['failure_forward']) { | |
34 | $this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]); | |
35 | ||
36 | $this->logError($request); | |
37 | ||
38 | $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']); | |
39 | $subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception); | |
40 | ||
41 | return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); | |
42 | } | |
43 | ||
44 | $this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]); | |
45 | ||
46 | $this->logError($request); | |
47 | ||
48 | $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); | |
49 | ||
50 | return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']); | |
51 | } | |
52 | ||
53 | /** | |
fa1c9d7c | 54 | * Log error information about fialure. |
63f9f22f | 55 | * |
fa1c9d7c | 56 | * @param Request $request |
63f9f22f JB |
57 | */ |
58 | private function logError(Request $request) | |
59 | { | |
60 | $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".'); | |
61 | } | |
62 | } |