Merge pull request #1601 from ArthurHoaro/feature/psr3

author: ArthurHoaro <arthur@hoa.ro> 2020-10-24 11:37:29 +0200
committer: GitHub <noreply@github.com> 2020-10-24 11:37:29 +0200
commit: 820cae27cfcc94af552818f3f1e5342e00478f6c (patch)
tree: 20eb1cd95987088a7afc3602e8b712448ef05a93 /application
parent: 8f6e3d51ccb2df513aadeabafbc5bfffe38b8608 (diff)
parent: b38a1b0209f546d4824a0db81a34c4e30fcdebaf (diff)
download: Shaarli-820cae27cfcc94af552818f3f1e5342e00478f6c.tar.gz
Shaarli-820cae27cfcc94af552818f3f1e5342e00478f6c.tar.zst
Shaarli-820cae27cfcc94af552818f3f1e5342e00478f6c.zip
7 files changed, 87 insertions, 76 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 37be9a13..bc1c9f5d 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -4,21 +4,23 @@
 */
 /**
- * Logs a message to a text file
+ * Format log using provided data.
 *
- * The log format is compatible with fail2ban.
+ * @param string      $message  the message to log
+ * @param string|null $clientIp the client's remote IPv4/IPv6 address
 *
- * @param string $logFile  where to write the logs
+ * @return string Formatted message to log
- * @param string $clientIp the client's remote IPv4/IPv6 address
- * @param string $message  the message to log
 */
-function logm($logFile, $clientIp, $message)
+function format_log(string $message, string $clientIp = null): string
 {
-    file_put_contents(
+    $out = $message;
-        $logFile,
-        date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL,
+    if (!empty($clientIp)) {
-        FILE_APPEND
+        // Note: we keep the first dash to avoid breaking fail2ban configs
-    );
+        $out = '- ' . $clientIp . ' - ' . $out;
+    }
+    return $out;
 }
 /**
diff --git a/application/container/ContainerBuilder.php b/application/container/ContainerBuilder.php
index fd94a1c3..d84418ad 100644
--- a/application/container/ContainerBuilder.php
+++ b/application/container/ContainerBuilder.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace Shaarli\Container;
 use malkusch\lock\mutex\FlockMutex;
+use Psr\Log\LoggerInterface;
 use Shaarli\Bookmark\BookmarkFileService;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
@@ -49,6 +50,9 @@ class ContainerBuilder
    /** @var LoginManager */
    protected $login;
+    /** @var LoggerInterface */
+    protected $logger;
    /** @var string|null */
    protected $basePath = null;
@@ -56,12 +60,14 @@ class ContainerBuilder
        ConfigManager $conf,
        SessionManager $session,
        CookieManager $cookieManager,
-        LoginManager $login
+        LoginManager $login,
+        LoggerInterface $logger
    ) {
        $this->conf = $conf;
        $this->session = $session;
        $this->login = $login;
        $this->cookieManager = $cookieManager;
+        $this->logger = $logger;
    }
    public function build(): ShaarliContainer
@@ -72,6 +78,7 @@ class ContainerBuilder
        $container['sessionManager'] = $this->session;
        $container['cookieManager'] = $this->cookieManager;
        $container['loginManager'] = $this->login;
+        $container['logger'] = $this->logger;
        $container['basePath'] = $this->basePath;
        $container['plugins'] = function (ShaarliContainer $container): PluginManager {
@@ -99,6 +106,7 @@ class ContainerBuilder
            return new PageBuilder(
                $container->conf,
                $container->sessionManager->getSession(),
+                $container->logger,
                $container->bookmarkService,
                $container->sessionManager->generateToken(),
                $container->loginManager->isLoggedIn()
diff --git a/application/container/ShaarliContainer.php b/application/container/ShaarliContainer.php
index 3a7c238f..3e5bd252 100644
--- a/application/container/ShaarliContainer.php
+++ b/application/container/ShaarliContainer.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 namespace Shaarli\Container;
+use Psr\Log\LoggerInterface;
 use Shaarli\Bookmark\BookmarkServiceInterface;
 use Shaarli\Config\ConfigManager;
 use Shaarli\Feed\FeedBuilder;
@@ -36,6 +37,7 @@ use Slim\Container;
 * @property History                  $history
 * @property HttpAccess               $httpAccess
 * @property LoginManager             $loginManager
+ * @property LoggerInterface          $logger
 * @property MetadataRetriever        $metadataRetriever
 * @property NetscapeBookmarkUtils    $netscapeBookmarkUtils
 * @property callable                 $notFoundHandler       Overrides default Slim exception display
diff --git a/application/front/controller/visitor/LoginController.php b/application/front/controller/visitor/LoginController.php
index 121ba40b..f5038fe3 100644
--- a/application/front/controller/visitor/LoginController.php
+++ b/application/front/controller/visitor/LoginController.php
@@ -65,7 +65,6 @@ class LoginController extends ShaarliVisitorController
        }
        if (!$this->container->loginManager->checkCredentials(
-                $this->container->environment['REMOTE_ADDR'],
                client_ip_id($this->container->environment),
                $request->getParam('login'),
                $request->getParam('password')
diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php
index 2d6d2dbe..512bb79e 100644
--- a/application/render/PageBuilder.php
+++ b/application/render/PageBuilder.php
@@ -3,7 +3,7 @@
 namespace Shaarli\Render;
 use Exception;
-use exceptions\MissingBasePathException;
+use Psr\Log\LoggerInterface;
 use RainTPL;
 use Shaarli\ApplicationUtils;
 use Shaarli\Bookmark\BookmarkServiceInterface;
@@ -35,6 +35,9 @@ class PageBuilder
     */
    protected $session;
+    /** @var LoggerInterface */
+    protected $logger;
    /**
     * @var BookmarkServiceInterface $bookmarkService instance.
     */
@@ -54,17 +57,25 @@ class PageBuilder
     * PageBuilder constructor.
     * $tpl is initialized at false for lazy loading.
     *
-     * @param ConfigManager            $conf    Configuration Manager instance (reference).
+     * @param ConfigManager $conf Configuration Manager instance (reference).
-     * @param array                    $session $_SESSION array
+     * @param array $session $_SESSION array
-     * @param BookmarkServiceInterface $linkDB  instance.
+     * @param LoggerInterface $logger
-     * @param string                   $token   Session token
+     * @param null $linkDB instance.
-     * @param bool                     $isLoggedIn
+     * @param null $token Session token
+     * @param bool $isLoggedIn
     */
-    public function __construct(&$conf, $session, $linkDB = null, $token = null, $isLoggedIn = false)
+    public function __construct(
-    {
+        ConfigManager &$conf,
+        array $session,
+        LoggerInterface $logger,
+        $linkDB = null,
+        $token = null,
+        $isLoggedIn = false
+    ) {
        $this->tpl = false;
        $this->conf = $conf;
        $this->session = $session;
+        $this->logger = $logger;
        $this->bookmarkService = $linkDB;
        $this->token = $token;
        $this->isLoggedIn = $isLoggedIn;
@@ -98,7 +109,7 @@ class PageBuilder
            $this->tpl->assign('newVersion', escape($version));
            $this->tpl->assign('versionError', '');
        } catch (Exception $exc) {
-            logm($this->conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], $exc->getMessage());
+            $this->logger->error(format_log('Error: ' . $exc->getMessage(), client_ip_id($_SERVER)));
            $this->tpl->assign('newVersion', '');
            $this->tpl->assign('versionError', escape($exc->getMessage()));
        }
diff --git a/application/security/BanManager.php b/application/security/BanManager.php
index 68190c54..f72c8b7b 100644
--- a/application/security/BanManager.php
+++ b/application/security/BanManager.php
@@ -3,6 +3,7 @@
 namespace Shaarli\Security;
+use Psr\Log\LoggerInterface;
 use Shaarli\FileUtils;
 /**
@@ -28,8 +29,8 @@ class BanManager
    /** @var string Path to the file containing IP bans and failures */
    protected $banFile;
-    /** @var string Path to the log file, used to log bans */
+    /** @var LoggerInterface Path to the log file, used to log bans */
-    protected $logFile;
+    protected $logger;
    /** @var array List of IP with their associated number of failed attempts */
    protected $failures = [];
@@ -40,18 +41,19 @@ class BanManager
    /**
     * BanManager constructor.
     *
-     * @param array  $trustedProxies List of allowed proxies IP
+     * @param array           $trustedProxies List of allowed proxies IP
-     * @param int    $nbAttempts     Number of allowed failed attempt before the ban
+     * @param int             $nbAttempts     Number of allowed failed attempt before the ban
-     * @param int    $banDuration    Ban duration in seconds
+     * @param int             $banDuration    Ban duration in seconds
-     * @param string $banFile        Path to the file containing IP bans and failures
+     * @param string          $banFile        Path to the file containing IP bans and failures
-     * @param string $logFile        Path to the log file, used to log bans
+     * @param LoggerInterface $logger         PSR-3 logger to save login attempts in log directory
     */
-    public function __construct($trustedProxies, $nbAttempts, $banDuration, $banFile, $logFile) {
+    public function __construct($trustedProxies, $nbAttempts, $banDuration, $banFile, LoggerInterface $logger) {
        $this->trustedProxies = $trustedProxies;
        $this->nbAttempts = $nbAttempts;
        $this->banDuration = $banDuration;
        $this->banFile = $banFile;
-        $this->logFile = $logFile;
+        $this->logger = $logger;
        $this->readBanFile();
    }
@@ -78,11 +80,7 @@ class BanManager
        if ($this->failures[$ip] >= $this->nbAttempts) {
            $this->bans[$ip] = time() + $this->banDuration;
-            logm(
+            $this->logger->info(format_log('IP address banned from login: '. $ip, $ip));
-                $this->logFile,
-                $server['REMOTE_ADDR'],
-                'IP address banned from login: '. $ip
-            );
        }
        $this->writeBanFile();
    }
@@ -138,7 +136,7 @@ class BanManager
            unset($this->failures[$ip]);
        }
        unset($this->bans[$ip]);
-        logm($this->logFile, $server['REMOTE_ADDR'], 'Ban lifted for: '. $ip);
+        $this->logger->info(format_log('Ban lifted for: '. $ip, $ip));
        $this->writeBanFile();
        return false;
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 65048f10..426e785e 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -2,6 +2,7 @@
 namespace Shaarli\Security;
 use Exception;
+use Psr\Log\LoggerInterface;
 use Shaarli\Config\ConfigManager;
 /**
@@ -31,26 +32,30 @@ class LoginManager
    protected $staySignedInToken = '';
    /** @var CookieManager */
    protected $cookieManager;
+    /** @var LoggerInterface */
+    protected $logger;
    /**
     * Constructor
     *
-     * @param ConfigManager  $configManager  Configuration Manager instance
+     * @param ConfigManager $configManager Configuration Manager instance
     * @param SessionManager $sessionManager SessionManager instance
-     * @param CookieManager  $cookieManager  CookieManager instance
+     * @param CookieManager $cookieManager CookieManager instance
+     * @param BanManager $banManager
+     * @param LoggerInterface $logger Used to log login attempts
     */
-    public function __construct($configManager, $sessionManager, $cookieManager)
+    public function __construct(
-    {
+        ConfigManager $configManager,
+        SessionManager $sessionManager,
+        CookieManager $cookieManager,
+        BanManager $banManager,
+        LoggerInterface $logger
+    ) {
        $this->configManager = $configManager;
        $this->sessionManager = $sessionManager;
        $this->cookieManager = $cookieManager;
-        $this->banManager = new BanManager(
+        $this->banManager = $banManager;
-            $this->configManager->get('security.trusted_proxies', []),
+        $this->logger = $logger;
-            $this->configManager->get('security.ban_after'),
-            $this->configManager->get('security.ban_duration'),
-            $this->configManager->get('resource.ban_file', 'data/ipbans.php'),
-            $this->configManager->get('resource.log')
-        );
        if ($this->configManager->get('security.open_shaarli') === true) {
            $this->openShaarli = true;
@@ -129,48 +134,34 @@ class LoginManager
    /**
     * Check user credentials are valid
     *
-     * @param string $remoteIp   Remote client IP address
     * @param string $clientIpId Client IP address identifier
     * @param string $login      Username
     * @param string $password   Password
     *
     * @return bool true if the provided credentials are valid, false otherwise
     */
-    public function checkCredentials($remoteIp, $clientIpId, $login, $password)
+    public function checkCredentials($clientIpId, $login, $password)
    {
-        // Check login matches config
-        if ($login !== $this->configManager->get('credentials.login')) {
-            return false;
-        }
        // Check credentials
        try {
            $useLdapLogin = !empty($this->configManager->get('ldap.host'));
-            if ((false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))
+            if ($login === $this->configManager->get('credentials.login')
-                || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))
+                && (
+                    (false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))
+                    || (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))
+                )
            ) {
-                    $this->sessionManager->storeLoginInfo($clientIpId);
+                $this->sessionManager->storeLoginInfo($clientIpId);
-                    logm(
+                $this->logger->info(format_log('Login successful', $clientIpId));
-                        $this->configManager->get('resource.log'),
-                        $remoteIp,
+                return true;
-                        'Login successful'
-                    );
-                    return true;
            }
-        }
+        } catch(Exception $exception) {
-        catch(Exception $exception) {
+            $this->logger->info(format_log('Exception while checking credentials: ' . $exception, $clientIpId));
-            logm(
-                $this->configManager->get('resource.log'),
-                $remoteIp,
-                'Exception while checking credentials: ' . $exception
-            );
        }
-        logm(
+        $this->logger->info(format_log('Login failed for user ' . $login, $clientIpId));
-            $this->configManager->get('resource.log'),
-            $remoteIp,
-            'Login failed for user ' . $login
-        );
        return false;
    }
author	ArthurHoaro <arthur@hoa.ro>	2020-10-24 11:37:29 +0200
committer	GitHub <noreply@github.com>	2020-10-24 11:37:29 +0200
commit	820cae27cfcc94af552818f3f1e5342e00478f6c (patch)
tree	20eb1cd95987088a7afc3602e8b712448ef05a93 /application
parent	8f6e3d51ccb2df513aadeabafbc5bfffe38b8608 (diff)
parent	b38a1b0209f546d4824a0db81a34c4e30fcdebaf (diff)
download	Shaarli-820cae27cfcc94af552818f3f1e5342e00478f6c.tar.gz Shaarli-820cae27cfcc94af552818f3f1e5342e00478f6c.tar.zst Shaarli-820cae27cfcc94af552818f3f1e5342e00478f6c.zip

diff --git a/application/Utils.php b/application/Utils.php index 37be9a13..bc1c9f5d 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -4,21 +4,23 @@
4	*/	4	*/
5		5
6	/**	6	/**
7	* Logs a message to a text file	7	* Format log using provided data.
8	*	8	*
9	* The log format is compatible with fail2ban.	9	* @param string $message the message to log
		10	* @param string\|null $clientIp the client's remote IPv4/IPv6 address
10	*	11	*
11	* @param string $logFile where to write the logs	12	* @return string Formatted message to log
12	* @param string $clientIp the client's remote IPv4/IPv6 address
13	* @param string $message the message to log
14	*/	13	*/
15	function logm($logFile, $clientIp, $message)	14	function format_log(string $message, string $clientIp = null): string
16	{	15	{
17	file_put_contents(	16	$out = $message;
18	$logFile,	17
19	date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL,	18	if (!empty($clientIp)) {
20	FILE_APPEND	19	// Note: we keep the first dash to avoid breaking fail2ban configs
21	);	20	$out = '- ' . $clientIp . ' - ' . $out;
		21	}
		22
		23	return $out;
22	}	24	}
23		25
24	/**	26	/**


diff --git a/application/container/ContainerBuilder.php b/application/container/ContainerBuilder.php index fd94a1c3..d84418ad 100644 --- a/application/container/ContainerBuilder.php +++ b/application/container/ContainerBuilder.php
@@ -5,6 +5,7 @@ declare(strict_types=1);
5	namespace Shaarli\Container;	5	namespace Shaarli\Container;
6		6
7	use malkusch\lock\mutex\FlockMutex;	7	use malkusch\lock\mutex\FlockMutex;
		8	use Psr\Log\LoggerInterface;
8	use Shaarli\Bookmark\BookmarkFileService;	9	use Shaarli\Bookmark\BookmarkFileService;
9	use Shaarli\Bookmark\BookmarkServiceInterface;	10	use Shaarli\Bookmark\BookmarkServiceInterface;
10	use Shaarli\Config\ConfigManager;	11	use Shaarli\Config\ConfigManager;
@@ -49,6 +50,9 @@ class ContainerBuilder
49	/** @var LoginManager */	50	/** @var LoginManager */
50	protected $login;	51	protected $login;
51		52
		53	/** @var LoggerInterface */
		54	protected $logger;
		55
52	/** @var string\|null */	56	/** @var string\|null */
53	protected $basePath = null;	57	protected $basePath = null;
54		58
@@ -56,12 +60,14 @@ class ContainerBuilder
56	ConfigManager $conf,	60	ConfigManager $conf,
57	SessionManager $session,	61	SessionManager $session,
58	CookieManager $cookieManager,	62	CookieManager $cookieManager,
59	LoginManager $login	63	LoginManager $login,
		64	LoggerInterface $logger
60	) {	65	) {
61	$this->conf = $conf;	66	$this->conf = $conf;
62	$this->session = $session;	67	$this->session = $session;
63	$this->login = $login;	68	$this->login = $login;
64	$this->cookieManager = $cookieManager;	69	$this->cookieManager = $cookieManager;
		70	$this->logger = $logger;
65	}	71	}
66		72
67	public function build(): ShaarliContainer	73	public function build(): ShaarliContainer
@@ -72,6 +78,7 @@ class ContainerBuilder
72	$container['sessionManager'] = $this->session;	78	$container['sessionManager'] = $this->session;
73	$container['cookieManager'] = $this->cookieManager;	79	$container['cookieManager'] = $this->cookieManager;
74	$container['loginManager'] = $this->login;	80	$container['loginManager'] = $this->login;
		81	$container['logger'] = $this->logger;
75	$container['basePath'] = $this->basePath;	82	$container['basePath'] = $this->basePath;
76		83
77	$container['plugins'] = function (ShaarliContainer $container): PluginManager {	84	$container['plugins'] = function (ShaarliContainer $container): PluginManager {
@@ -99,6 +106,7 @@ class ContainerBuilder
99	return new PageBuilder(	106	return new PageBuilder(
100	$container->conf,	107	$container->conf,
101	$container->sessionManager->getSession(),	108	$container->sessionManager->getSession(),
		109	$container->logger,
102	$container->bookmarkService,	110	$container->bookmarkService,
103	$container->sessionManager->generateToken(),	111	$container->sessionManager->generateToken(),
104	$container->loginManager->isLoggedIn()	112	$container->loginManager->isLoggedIn()


diff --git a/application/container/ShaarliContainer.php b/application/container/ShaarliContainer.php index 3a7c238f..3e5bd252 100644 --- a/application/container/ShaarliContainer.php +++ b/application/container/ShaarliContainer.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
4		4
5	namespace Shaarli\Container;	5	namespace Shaarli\Container;
6		6
		7	use Psr\Log\LoggerInterface;
7	use Shaarli\Bookmark\BookmarkServiceInterface;	8	use Shaarli\Bookmark\BookmarkServiceInterface;
8	use Shaarli\Config\ConfigManager;	9	use Shaarli\Config\ConfigManager;
9	use Shaarli\Feed\FeedBuilder;	10	use Shaarli\Feed\FeedBuilder;
@@ -36,6 +37,7 @@ use Slim\Container;
36	* @property History $history	37	* @property History $history
37	* @property HttpAccess $httpAccess	38	* @property HttpAccess $httpAccess
38	* @property LoginManager $loginManager	39	* @property LoginManager $loginManager
		40	* @property LoggerInterface $logger
39	* @property MetadataRetriever $metadataRetriever	41	* @property MetadataRetriever $metadataRetriever
40	* @property NetscapeBookmarkUtils $netscapeBookmarkUtils	42	* @property NetscapeBookmarkUtils $netscapeBookmarkUtils
41	* @property callable $notFoundHandler Overrides default Slim exception display	43	* @property callable $notFoundHandler Overrides default Slim exception display


diff --git a/application/front/controller/visitor/LoginController.php b/application/front/controller/visitor/LoginController.php index 121ba40b..f5038fe3 100644 --- a/application/front/controller/visitor/LoginController.php +++ b/application/front/controller/visitor/LoginController.php
@@ -65,7 +65,6 @@ class LoginController extends ShaarliVisitorController
65	}	65	}
66		66
67	if (!$this->container->loginManager->checkCredentials(	67	if (!$this->container->loginManager->checkCredentials(
68	$this->container->environment['REMOTE_ADDR'],
69	client_ip_id($this->container->environment),	68	client_ip_id($this->container->environment),
70	$request->getParam('login'),	69	$request->getParam('login'),
71	$request->getParam('password')	70	$request->getParam('password')


diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 2d6d2dbe..512bb79e 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php
@@ -3,7 +3,7 @@
3	namespace Shaarli\Render;	3	namespace Shaarli\Render;
4		4
5	use Exception;	5	use Exception;
6	use exceptions\MissingBasePathException;	6	use Psr\Log\LoggerInterface;
7	use RainTPL;	7	use RainTPL;
8	use Shaarli\ApplicationUtils;	8	use Shaarli\ApplicationUtils;
9	use Shaarli\Bookmark\BookmarkServiceInterface;	9	use Shaarli\Bookmark\BookmarkServiceInterface;
@@ -35,6 +35,9 @@ class PageBuilder
35	*/	35	*/
36	protected $session;	36	protected $session;
37		37
		38	/** @var LoggerInterface */
		39	protected $logger;
		40
38	/**	41	/**
39	* @var BookmarkServiceInterface $bookmarkService instance.	42	* @var BookmarkServiceInterface $bookmarkService instance.
40	*/	43	*/
@@ -54,17 +57,25 @@ class PageBuilder
54	* PageBuilder constructor.	57	* PageBuilder constructor.
55	* $tpl is initialized at false for lazy loading.	58	* $tpl is initialized at false for lazy loading.
56	*	59	*
57	* @param ConfigManager $conf Configuration Manager instance (reference).	60	* @param ConfigManager $conf Configuration Manager instance (reference).
58	* @param array $session $_SESSION array	61	* @param array $session $_SESSION array
59	* @param BookmarkServiceInterface $linkDB instance.	62	* @param LoggerInterface $logger
60	* @param string $token Session token	63	* @param null $linkDB instance.
61	* @param bool $isLoggedIn	64	* @param null $token Session token
		65	* @param bool $isLoggedIn
62	*/	66	*/
63	public function __construct(&$conf, $session, $linkDB = null, $token = null, $isLoggedIn = false)	67	public function __construct(
64	{	68	ConfigManager &$conf,
		69	array $session,
		70	LoggerInterface $logger,
		71	$linkDB = null,
		72	$token = null,
		73	$isLoggedIn = false
		74	) {
65	$this->tpl = false;	75	$this->tpl = false;
66	$this->conf = $conf;	76	$this->conf = $conf;
67	$this->session = $session;	77	$this->session = $session;
		78	$this->logger = $logger;
68	$this->bookmarkService = $linkDB;	79	$this->bookmarkService = $linkDB;
69	$this->token = $token;	80	$this->token = $token;
70	$this->isLoggedIn = $isLoggedIn;	81	$this->isLoggedIn = $isLoggedIn;
@@ -98,7 +109,7 @@ class PageBuilder
98	$this->tpl->assign('newVersion', escape($version));	109	$this->tpl->assign('newVersion', escape($version));
99	$this->tpl->assign('versionError', '');	110	$this->tpl->assign('versionError', '');
100	} catch (Exception $exc) {	111	} catch (Exception $exc) {
101	logm($this->conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], $exc->getMessage());	112	$this->logger->error(format_log('Error: ' . $exc->getMessage(), client_ip_id($_SERVER)));
102	$this->tpl->assign('newVersion', '');	113	$this->tpl->assign('newVersion', '');
103	$this->tpl->assign('versionError', escape($exc->getMessage()));	114	$this->tpl->assign('versionError', escape($exc->getMessage()));
104	}	115	}


diff --git a/application/security/BanManager.php b/application/security/BanManager.php index 68190c54..f72c8b7b 100644 --- a/application/security/BanManager.php +++ b/application/security/BanManager.php
@@ -3,6 +3,7 @@
3		3
4	namespace Shaarli\Security;	4	namespace Shaarli\Security;
5		5
		6	use Psr\Log\LoggerInterface;
6	use Shaarli\FileUtils;	7	use Shaarli\FileUtils;
7		8
8	/**	9	/**
@@ -28,8 +29,8 @@ class BanManager
28	/** @var string Path to the file containing IP bans and failures */	29	/** @var string Path to the file containing IP bans and failures */
29	protected $banFile;	30	protected $banFile;
30		31
31	/** @var string Path to the log file, used to log bans */	32	/** @var LoggerInterface Path to the log file, used to log bans */
32	protected $logFile;	33	protected $logger;
33		34
34	/** @var array List of IP with their associated number of failed attempts */	35	/** @var array List of IP with their associated number of failed attempts */
35	protected $failures = [];	36	protected $failures = [];
@@ -40,18 +41,19 @@ class BanManager
40	/**	41	/**
41	* BanManager constructor.	42	* BanManager constructor.
42	*	43	*
43	* @param array $trustedProxies List of allowed proxies IP	44	* @param array $trustedProxies List of allowed proxies IP
44	* @param int $nbAttempts Number of allowed failed attempt before the ban	45	* @param int $nbAttempts Number of allowed failed attempt before the ban
45	* @param int $banDuration Ban duration in seconds	46	* @param int $banDuration Ban duration in seconds
46	* @param string $banFile Path to the file containing IP bans and failures	47	* @param string $banFile Path to the file containing IP bans and failures
47	* @param string $logFile Path to the log file, used to log bans	48	* @param LoggerInterface $logger PSR-3 logger to save login attempts in log directory
48	*/	49	*/
49	public function __construct($trustedProxies, $nbAttempts, $banDuration, $banFile, $logFile) {	50	public function __construct($trustedProxies, $nbAttempts, $banDuration, $banFile, LoggerInterface $logger) {
50	$this->trustedProxies = $trustedProxies;	51	$this->trustedProxies = $trustedProxies;
51	$this->nbAttempts = $nbAttempts;	52	$this->nbAttempts = $nbAttempts;
52	$this->banDuration = $banDuration;	53	$this->banDuration = $banDuration;
53	$this->banFile = $banFile;	54	$this->banFile = $banFile;
54	$this->logFile = $logFile;	55	$this->logger = $logger;
		56
55	$this->readBanFile();	57	$this->readBanFile();
56	}	58	}
57		59
@@ -78,11 +80,7 @@ class BanManager
78		80
79	if ($this->failures[$ip] >= $this->nbAttempts) {	81	if ($this->failures[$ip] >= $this->nbAttempts) {
80	$this->bans[$ip] = time() + $this->banDuration;	82	$this->bans[$ip] = time() + $this->banDuration;
81	logm(	83	$this->logger->info(format_log('IP address banned from login: '. $ip, $ip));
82	$this->logFile,
83	$server['REMOTE_ADDR'],
84	'IP address banned from login: '. $ip
85	);
86	}	84	}
87	$this->writeBanFile();	85	$this->writeBanFile();
88	}	86	}
@@ -138,7 +136,7 @@ class BanManager
138	unset($this->failures[$ip]);	136	unset($this->failures[$ip]);
139	}	137	}
140	unset($this->bans[$ip]);	138	unset($this->bans[$ip]);
141	logm($this->logFile, $server['REMOTE_ADDR'], 'Ban lifted for: '. $ip);	139	$this->logger->info(format_log('Ban lifted for: '. $ip, $ip));
142		140
143	$this->writeBanFile();	141	$this->writeBanFile();
144	return false;	142	return false;


diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 65048f10..426e785e 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php
@@ -2,6 +2,7 @@
2	namespace Shaarli\Security;	2	namespace Shaarli\Security;
3		3
4	use Exception;	4	use Exception;
		5	use Psr\Log\LoggerInterface;
5	use Shaarli\Config\ConfigManager;	6	use Shaarli\Config\ConfigManager;
6		7
7	/**	8	/**
@@ -31,26 +32,30 @@ class LoginManager
31	protected $staySignedInToken = '';	32	protected $staySignedInToken = '';
32	/** @var CookieManager */	33	/** @var CookieManager */
33	protected $cookieManager;	34	protected $cookieManager;
		35	/** @var LoggerInterface */
		36	protected $logger;
34		37
35	/**	38	/**
36	* Constructor	39	* Constructor
37	*	40	*
38	* @param ConfigManager $configManager Configuration Manager instance	41	* @param ConfigManager $configManager Configuration Manager instance
39	* @param SessionManager $sessionManager SessionManager instance	42	* @param SessionManager $sessionManager SessionManager instance
40	* @param CookieManager $cookieManager CookieManager instance	43	* @param CookieManager $cookieManager CookieManager instance
		44	* @param BanManager $banManager
		45	* @param LoggerInterface $logger Used to log login attempts
41	*/	46	*/
42	public function __construct($configManager, $sessionManager, $cookieManager)	47	public function __construct(
43	{	48	ConfigManager $configManager,
		49	SessionManager $sessionManager,
		50	CookieManager $cookieManager,
		51	BanManager $banManager,
		52	LoggerInterface $logger
		53	) {
44	$this->configManager = $configManager;	54	$this->configManager = $configManager;
45	$this->sessionManager = $sessionManager;	55	$this->sessionManager = $sessionManager;
46	$this->cookieManager = $cookieManager;	56	$this->cookieManager = $cookieManager;
47	$this->banManager = new BanManager(	57	$this->banManager = $banManager;
48	$this->configManager->get('security.trusted_proxies', []),	58	$this->logger = $logger;
49	$this->configManager->get('security.ban_after'),
50	$this->configManager->get('security.ban_duration'),
51	$this->configManager->get('resource.ban_file', 'data/ipbans.php'),
52	$this->configManager->get('resource.log')
53	);
54		59
55	if ($this->configManager->get('security.open_shaarli') === true) {	60	if ($this->configManager->get('security.open_shaarli') === true) {
56	$this->openShaarli = true;	61	$this->openShaarli = true;
@@ -129,48 +134,34 @@ class LoginManager
129	/**	134	/**
130	* Check user credentials are valid	135	* Check user credentials are valid
131	*	136	*
132	* @param string $remoteIp Remote client IP address
133	* @param string $clientIpId Client IP address identifier	137	* @param string $clientIpId Client IP address identifier
134	* @param string $login Username	138	* @param string $login Username
135	* @param string $password Password	139	* @param string $password Password
136	*	140	*
137	* @return bool true if the provided credentials are valid, false otherwise	141	* @return bool true if the provided credentials are valid, false otherwise
138	*/	142	*/
139	public function checkCredentials($remoteIp, $clientIpId, $login, $password)	143	public function checkCredentials($clientIpId, $login, $password)
140	{	144	{
141	// Check login matches config
142	if ($login !== $this->configManager->get('credentials.login')) {
143	return false;
144	}
145
146	// Check credentials	145	// Check credentials
147	try {	146	try {
148	$useLdapLogin = !empty($this->configManager->get('ldap.host'));	147	$useLdapLogin = !empty($this->configManager->get('ldap.host'));
149	if ((false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))	148	if ($login === $this->configManager->get('credentials.login')
150	\|\| (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))	149	&& (
		150	(false === $useLdapLogin && $this->checkCredentialsFromLocalConfig($login, $password))
		151	\|\| (true === $useLdapLogin && $this->checkCredentialsFromLdap($login, $password))
		152	)
151	) {	153	) {
152	$this->sessionManager->storeLoginInfo($clientIpId);	154	$this->sessionManager->storeLoginInfo($clientIpId);
153	logm(	155	$this->logger->info(format_log('Login successful', $clientIpId));
154	$this->configManager->get('resource.log'),	156
155	$remoteIp,	157	return true;
156	'Login successful'
157	);
158	return true;
159	}	158	}
160	}	159	} catch(Exception $exception) {
161	catch(Exception $exception) {	160	$this->logger->info(format_log('Exception while checking credentials: ' . $exception, $clientIpId));
162	logm(
163	$this->configManager->get('resource.log'),
164	$remoteIp,
165	'Exception while checking credentials: ' . $exception
166	);
167	}	161	}
168		162
169	logm(	163	$this->logger->info(format_log('Login failed for user ' . $login, $clientIpId));
170	$this->configManager->get('resource.log'),	164
171	$remoteIp,
172	'Login failed for user ' . $login
173	);
174	return false;	165	return false;
175	}	166	}
176		167