From: Jérémy Benoist <j0k3r@users.noreply.github.com>
Date: Fri, 9 Jun 2017 11:51:26 +0000 (+0200)
Subject: Merge pull request #3192 from wallabag/validate-content-fields
X-Git-Tag: 2.3.0~31^2~62
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=a8993999893fb665b5e96597f9b649a2a8b940a2;hp=1f7018e1fe369b326150c388b56b8b8c26017234;p=github%2Fwallabag%2Fwallabag.git

Merge pull request #3192 from wallabag/validate-content-fields

Validate language & preview picture fields
---

diff --git a/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
new file mode 100644
index 00000000..10f13233
--- /dev/null
+++ b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Wallabag\UserBundle\EventListener;
+
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+
+class AuthenticationFailureListener implements EventSubscriberInterface
+{
+    private $requestStack;
+    private $logger;
+
+    public function __construct(RequestStack $requestStack, LoggerInterface $logger)
+    {
+        $this->requestStack = $requestStack;
+        $this->logger = $logger;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return [
+            AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure',
+        ];
+    }
+
+    /**
+     * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
+     */
+    public function onAuthenticationFailure()
+    {
+        $request = $this->requestStack->getMasterRequest();
+
+        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
+    }
+}
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index 72f6f12c..f2cd6e01 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -35,3 +35,11 @@ services:
             - "%wallabag_core.list_mode%"
         tags:
             - { name: kernel.event_subscriber }
+
+    wallabag_user.listener.authentication_failure_event_listener:
+        class: Wallabag\UserBundle\EventListener\AuthenticationFailureListener
+        arguments:
+            - "@request_stack"
+            - "@logger"
+        tags:
+            - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure }
diff --git a/tests/Wallabag/UserBundle/EventListener/AuthenticationFailureListenerTest.php b/tests/Wallabag/UserBundle/EventListener/AuthenticationFailureListenerTest.php
new file mode 100644
index 00000000..6191ea13
--- /dev/null
+++ b/tests/Wallabag/UserBundle/EventListener/AuthenticationFailureListenerTest.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace Tests\Wallabag\UserBundle\EventListener;
+
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\HttpFoundation\Request;
+use Wallabag\UserBundle\EventListener\AuthenticationFailureListener;
+use Monolog\Logger;
+use Monolog\Handler\TestHandler;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
+
+class AuthenticationFailureListenerTest extends \PHPUnit_Framework_TestCase
+{
+    private $requestStack;
+    private $logHandler;
+    private $listener;
+    private $dispatcher;
+
+    protected function setUp()
+    {
+        $request = Request::create('/');
+        $request->request->set('_username', 'admin');
+
+        $this->requestStack = new RequestStack();
+        $this->requestStack->push($request);
+
+        $this->logHandler = new TestHandler();
+        $logger = new Logger('test', [$this->logHandler]);
+
+        $this->listener = new AuthenticationFailureListener(
+            $this->requestStack,
+            $logger
+        );
+
+        $this->dispatcher = new EventDispatcher();
+        $this->dispatcher->addSubscriber($this->listener);
+    }
+
+    public function testOnAuthenticationFailure()
+    {
+        $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $exception = $this->getMockBuilder('Symfony\Component\Security\Core\Exception\AuthenticationException')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $event = new AuthenticationFailureEvent(
+            $token,
+            $exception
+        );
+
+        $this->dispatcher->dispatch(
+            AuthenticationEvents::AUTHENTICATION_FAILURE,
+            $event
+        );
+
+        $records = $this->logHandler->getRecords();
+
+        $this->assertCount(1, $records);
+        $this->assertSame('Authentication failure for user "admin", from IP "127.0.0.1", with UA: "Symfony/3.X".', $records[0]['message']);
+    }
+}