3 files changed, 79 insertions, 7 deletions

diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index ed6ce331..aba76ca7 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -6,6 +6,7 @@ use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\ORM\Mapping as ORM;
 use JMS\Serializer\Annotation\Groups;
 use JMS\Serializer\Annotation\XmlRoot;
+use JMS\Serializer\Annotation\Accessor;
 use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
 use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
 use FOS\UserBundle\Model\User as BaseUser;
@@ -36,7 +37,7 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      * @ORM\Id
      * @ORM\GeneratedValue(strategy="AUTO")
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $id;
 
@@ -45,21 +46,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      *
      * @ORM\Column(name="name", type="text", nullable=true)
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $name;
 
     /**
      * @var string
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $username;
 
     /**
      * @var string
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $email;
 
@@ -68,7 +69,7 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      *
      * @ORM\Column(name="created_at", type="datetime")
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $createdAt;
 
@@ -77,7 +78,7 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
      *
      * @ORM\Column(name="updated_at", type="datetime")
      *
-     * @Groups({"user_api"})
+     * @Groups({"user_api", "user_api_with_client"})
      */
     protected $updatedAt;
 
@@ -97,7 +98,8 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     private $authCode;
 
     /**
-     * @var bool Enabled yes/no
+     * @var bool
+     *
      * @ORM\Column(type="boolean")
      */
     private $twoFactorAuthentication = false;
@@ -108,10 +110,20 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     private $trusted;
 
     /**
+     * @var ArrayCollection
+     *
      * @ORM\OneToMany(targetEntity="Wallabag\ApiBundle\Entity\Client", mappedBy="user", cascade={"remove"})
      */
     protected $clients;
 
+    /**
+     * @see getFirstClient() below
+     *
+     * @Groups({"user_api_with_client"})
+     * @Accessor(getter="getFirstClient")
+     */
+    protected $default_client;
+
     public function __construct()
     {
         parent::__construct();
@@ -288,4 +300,16 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     {
         return $this->clients;
     }
+
+    /**
+     * Only used by the API when creating a new user it'll also return the first client (which was also created at the same time).
+     *
+     * @return Client
+     */
+    public function getFirstClient()
+    {
+        if (!empty($this->clients)) {
+            return $this->clients->first();
+        }
+    }
 }
diff --git a/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
new file mode 100644
index 00000000..10f13233
--- /dev/null
+++ b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Wallabag\UserBundle\EventListener;
+
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+
+class AuthenticationFailureListener implements EventSubscriberInterface
+{
+    private $requestStack;
+    private $logger;
+
+    public function __construct(RequestStack $requestStack, LoggerInterface $logger)
+    {
+        $this->requestStack = $requestStack;
+        $this->logger = $logger;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return [
+            AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure',
+        ];
+    }
+
+    /**
+     * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
+     */
+    public function onAuthenticationFailure()
+    {
+        $request = $this->requestStack->getMasterRequest();
+
+        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
+    }
+}
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index bfba6010..d3925de3 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -35,3 +35,11 @@ services:
             - "%wallabag_core.list_mode%"
         tags:
             - { name: kernel.event_subscriber }
+
+    wallabag_user.listener.authentication_failure_event_listener:
+        class: Wallabag\UserBundle\EventListener\AuthenticationFailureListener
+        arguments:
+            - "@request_stack"
+            - "@logger"
+        tags:
+            - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure }