3 namespace Wallabag\UserBundle\Security
;
5 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler
;
6 use Symfony\Component\HttpFoundation\Request
;
7 use Symfony\Component\Security\Core\Exception\AuthenticationException
;
8 use Symfony\Component\Security\Http\ParameterBagUtils
;
9 use Symfony\Component\HttpKernel\HttpKernelInterface
;
10 use Symfony\Component\Security\Core\Security
;
13 * This is a custom authentication failure.
14 * It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
16 * This only changing thing is the logError() addition
18 class CustomAuthenticationFailureHandler
extends DefaultAuthenticationFailureHandler
23 public function onAuthenticationFailure(Request
$request, AuthenticationException
$exception)
25 if ($failureUrl = ParameterBagUtils
::getRequestParameterValue($request, $this->options
['failure_path_parameter'])) {
26 $this->options
['failure_path'] = $failureUrl;
29 if (null === $this->options
['failure_path']) {
30 $this->options
['failure_path'] = $this->options
['login_path'];
33 if ($this->options
['failure_forward']) {
34 $this->logger
->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options
['failure_path']]);
36 $this->logError($request);
38 $subRequest = $this->httpUtils
->createRequest($request, $this->options
['failure_path']);
39 $subRequest->attributes
->set(Security
::AUTHENTICATION_ERROR
, $exception);
41 return $this->httpKernel
->handle($subRequest, HttpKernelInterface
::SUB_REQUEST
);
44 $this->logger
->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options
['failure_path']]);
46 $this->logError($request);
48 $request->getSession()->set(Security
::AUTHENTICATION_ERROR
, $exception);
50 return $this->httpUtils
->createRedirectResponse($request, $this->options
['failure_path']);
54 * Log error information about fialure.
56 * @param Request $request
58 private function logError(Request
$request)
60 $this->logger
->error('Authentication failure for user "'.$request->request
->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server
->get('HTTP_USER_AGENT').'".');