Use a listener to catch auth failure

[github/wallabag/wallabag.git] / src / Wallabag / UserBundle / EventListener / AuthenticationFailureListener.php

diff --git a/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
new file mode 100644 (file)
index 0000000..10f1323
--- /dev/null
+++ b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Wallabag\UserBundle\EventListener;
+
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+
+class AuthenticationFailureListener implements EventSubscriberInterface
+{
+    private $requestStack;
+    private $logger;
+
+    public function __construct(RequestStack $requestStack, LoggerInterface $logger)
+    {
+        $this->requestStack = $requestStack;
+        $this->logger = $logger;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return [
+            AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure',
+        ];
+    }
+
+    /**
+     * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
+     */
+    public function onAuthenticationFailure()
+    {
+        $request = $this->requestStack->getMasterRequest();
+
+        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
+    }
+}