From 63f9f22fa37b14171c6f92d24f99ccf01ae7af00 Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Thu, 8 Jun 2017 22:24:49 +0200
Subject: Log an error level message when user auth fail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a user login using the form we know log an error level information with information about the user:
- username used
- IP
- User agent

For example:

> Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36".

It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.
---
 app/config/security.yml | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/config/security.yml')

diff --git a/app/config/security.yml b/app/config/security.yml
index ffb1d356..171a69e2 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -41,6 +41,7 @@ security:
             form_login:
                 provider: fos_userbundle
                 csrf_token_generator: security.csrf.token_manager
+                failure_handler: wallabag_user.security.custom_auth_failure_handler
 
             anonymous: true
             remember_me:
-- 
cgit v1.2.3