src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php

   1 <?php
   2
   3 namespace Wallabag\UserBundle\EventListener;
   4
   5 use Psr\Log\LoggerInterface;
   6 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
   7 use Symfony\Component\HttpFoundation\RequestStack;
   8 use Symfony\Component\Security\Core\AuthenticationEvents;
   9
  10 class AuthenticationFailureListener implements EventSubscriberInterface
  11 {
  12     private $requestStack;
  13     private $logger;
  14
  15     public function __construct(RequestStack $requestStack, LoggerInterface $logger)
  16     {
  17         $this->requestStack = $requestStack;
  18         $this->logger = $logger;
  19     }
  20
  21     /**
  22      * {@inheritdoc}
  23      */
  24     public static function getSubscribedEvents()
  25     {
  26         return [
  27             AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure',
  28         ];
  29     }
  30
  31     /**
  32      * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
  33      */
  34     public function onAuthenticationFailure()
  35     {
  36         $request = $this->requestStack->getMasterRequest();
  37
  38         $this->logger->error('Authentication failure for user "' . $request->request->get('_username') . '", from IP "' . $request->getClientIp() . '", with UA: "' . $request->server->get('HTTP_USER_AGENT') . '".');
  39     }
  40 }