aboutsummaryrefslogblamecommitdiffhomepage
path: root/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php
blob: 93e2d17b7487e4b9a23b9719b76e0a24d7894a0f (plain) (tree) 
63f9f22f






























































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62






























































                                                                                                                                                                                                           
<?php

namespace Wallabag\UserBundle\Security;

use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\ParameterBagUtils;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\Security\Core\Security;

/**
 * This is a custom authentication failure.
 * It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
 *
 * This only changing thing is the logError() addition
 */
class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
{
    /**
     * {@inheritdoc}
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) {
            $this->options['failure_path'] = $failureUrl;
        }

        if (null === $this->options['failure_path']) {
            $this->options['failure_path'] = $this->options['login_path'];
        }

        if ($this->options['failure_forward']) {
            $this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]);

            $this->logError($request);

            $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
            $subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception);

            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
        }

        $this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]);

        $this->logError($request);

        $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);

        return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
    }

    /**
     * Log error information about fialure
     *
     * @param  Request $request
     */
    private function logError(Request $request)
    {
        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
    }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 03:03:39 +0000