From f81a34e37929a822755d120215d2f18f042ff713 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 9 Jun 2017 09:45:43 +0200 Subject: Use a listener to catch auth failure --- .../AuthenticationFailureListener.php | 40 ++++++++++++++ .../UserBundle/Resources/config/services.yml | 10 ++-- .../CustomAuthenticationFailureHandler.php | 62 ---------------------- 3 files changed, 45 insertions(+), 67 deletions(-) create mode 100644 src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php delete mode 100644 src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php (limited to 'src/Wallabag') diff --git a/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php new file mode 100644 index 00000000..10f13233 --- /dev/null +++ b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php @@ -0,0 +1,40 @@ +requestStack = $requestStack; + $this->logger = $logger; + } + + /** + * {@inheritdoc} + */ + public static function getSubscribedEvents() + { + return [ + AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure', + ]; + } + + /** + * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much. + */ + public function onAuthenticationFailure() + { + $request = $this->requestStack->getMasterRequest(); + + $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".'); + } +} diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml index 6ab463e3..f2cd6e01 100644 --- a/src/Wallabag/UserBundle/Resources/config/services.yml +++ b/src/Wallabag/UserBundle/Resources/config/services.yml @@ -36,10 +36,10 @@ services: tags: - { name: kernel.event_subscriber } - wallabag_user.security.custom_auth_failure_handler: - class: Wallabag\UserBundle\Security\CustomAuthenticationFailureHandler + wallabag_user.listener.authentication_failure_event_listener: + class: Wallabag\UserBundle\EventListener\AuthenticationFailureListener arguments: - - "@http_kernel" - - "@security.http_utils" - - { } + - "@request_stack" - "@logger" + tags: + - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure } diff --git a/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php b/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php deleted file mode 100644 index 2d4ea0ea..00000000 --- a/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php +++ /dev/null @@ -1,62 +0,0 @@ -options['failure_path_parameter'])) { - $this->options['failure_path'] = $failureUrl; - } - - if (null === $this->options['failure_path']) { - $this->options['failure_path'] = $this->options['login_path']; - } - - if ($this->options['failure_forward']) { - $this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]); - - $this->logError($request); - - $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']); - $subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception); - - return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); - } - - $this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]); - - $this->logError($request); - - $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); - - return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']); - } - - /** - * Log error information about fialure. - * - * @param Request $request - */ - private function logError(Request $request) - { - $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".'); - } -} -- cgit v1.2.3