Log an error level message when user auth fail

When a user login using the form we know log an error level information with information about the user: - username used - IP - User agent For example: > Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36". It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.
author: Jeremy Benoist <jeremy.benoist@gmail.com> 2017-06-08 22:24:49 +0200
committer: Jeremy Benoist <jeremy.benoist@gmail.com> 2017-06-08 22:24:49 +0200
commit: 63f9f22fa37b14171c6f92d24f99ccf01ae7af00 (patch)
tree: ddefd381025de91686995c883bb7122dd986898b /src/Wallabag/UserBundle/Security
parent: 3f474025d889c3eff20b481f005f4d292f1ef29d (diff)
download: wallabag-63f9f22fa37b14171c6f92d24f99ccf01ae7af00.tar.gz
wallabag-63f9f22fa37b14171c6f92d24f99ccf01ae7af00.tar.zst
wallabag-63f9f22fa37b14171c6f92d24f99ccf01ae7af00.zip
1 files changed, 62 insertions, 0 deletions
diff --git a/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php b/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php
new file mode 100644
index 00000000..93e2d17b
--- /dev/null
+++ b/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php
@@ -0,0 +1,62 @@
+<?php
+namespace Wallabag\UserBundle\Security;
+use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\ParameterBagUtils;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Security\Core\Security;
+/**
+ * This is a custom authentication failure.
+ * It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
+ *
+ * This only changing thing is the logError() addition
+ */
+class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
+    {
+        if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) {
+            $this->options['failure_path'] = $failureUrl;
+        }
+        if (null === $this->options['failure_path']) {
+            $this->options['failure_path'] = $this->options['login_path'];
+        }
+        if ($this->options['failure_forward']) {
+            $this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]);
+            $this->logError($request);
+            $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
+            $subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception);
+            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+        }
+        $this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]);
+        $this->logError($request);
+        $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
+        return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
+    }
+    /**
+     * Log error information about fialure
+     *
+     * @param  Request $request
+     */
+    private function logError(Request $request)
+    {
+        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
+    }
+}
author	Jeremy Benoist <jeremy.benoist@gmail.com>	2017-06-08 22:24:49 +0200
committer	Jeremy Benoist <jeremy.benoist@gmail.com>	2017-06-08 22:24:49 +0200
commit	63f9f22fa37b14171c6f92d24f99ccf01ae7af00 (patch)
tree	ddefd381025de91686995c883bb7122dd986898b /src/Wallabag/UserBundle/Security
parent	3f474025d889c3eff20b481f005f4d292f1ef29d (diff)
download	wallabag-63f9f22fa37b14171c6f92d24f99ccf01ae7af00.tar.gz wallabag-63f9f22fa37b14171c6f92d24f99ccf01ae7af00.tar.zst wallabag-63f9f22fa37b14171c6f92d24f99ccf01ae7af00.zip

diff --git a/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php b/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php new file mode 100644 index 00000000..93e2d17b --- /dev/null +++ b/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php
@@ -0,0 +1,62 @@
	1	<?php
	2
	3	namespace Wallabag\UserBundle\Security;
	4
	5	use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
	6	use Symfony\Component\HttpFoundation\Request;
	7	use Symfony\Component\Security\Core\Exception\AuthenticationException;
	8	use Symfony\Component\Security\Http\ParameterBagUtils;
	9	use Symfony\Component\HttpKernel\HttpKernelInterface;
	10	use Symfony\Component\Security\Core\Security;
	11
	12	/**
	13	* This is a custom authentication failure.
	14	* It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
	15	*
	16	* This only changing thing is the logError() addition
	17	*/
	18	class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
	19	{
	20	/**
	21	* {@inheritdoc}
	22	*/
	23	public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
	24	{
	25	if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) {
	26	$this->options['failure_path'] = $failureUrl;
	27	}
	28
	29	if (null === $this->options['failure_path']) {
	30	$this->options['failure_path'] = $this->options['login_path'];
	31	}
	32
	33	if ($this->options['failure_forward']) {
	34	$this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]);
	35
	36	$this->logError($request);
	37
	38	$subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
	39	$subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception);
	40
	41	return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
	42	}
	43
	44	$this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]);
	45
	46	$this->logError($request);
	47
	48	$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
	49
	50	return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
	51	}
	52
	53	/**
	54	* Log error information about fialure
	55	*
	56	* @param Request $request
	57	*/
	58	private function logError(Request $request)
	59	{
	60	$this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
	61	}
	62	}