Add failed_access_message option

to be able to change or disable the failed accesses log messages
This commit is contained in:
benrubson 2020-10-19 18:21:30 +02:00
parent ef80df9508
commit 676c1d460b
4 changed files with 22 additions and 18 deletions

View file

@ -186,7 +186,7 @@ class Server {
} }
/** /**
* Log failed accesses, matching the default fail2ban nginx/apache auth rules. * Log failed accesses, for further processing by tools like Fail2Ban.
* *
* @return void * @return void
*/ */
@ -195,10 +195,10 @@ class Server {
// Applications may make their first call without auth so don't log these attempts // Applications may make their first call without auth so don't log these attempts
// Pattern from sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php // Pattern from sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php
if (!preg_match("/No 'Authorization: (Basic|Digest)' header found./", $e->getMessage())) { if (!preg_match("/No 'Authorization: (Basic|Digest)' header found./", $e->getMessage())) {
if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) { $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
error_log('user "(name stripped-out)" was not found in "Baikal DAV"', 4); if (isset($config['system']["failed_access_message"]) && $config['system']["failed_access_message"] !== "") {
} else { $log_msg = str_replace("%u", "(name stripped-out)", $config['system']["failed_access_message"]);
error_log('user "(name stripped-out)" authentication failure for "Baikal DAV"', 4); error_log($log_msg, 4);
} }
} }
} else { } else {

View file

@ -38,6 +38,7 @@ class Standard extends \Baikal\Model\Config {
"cal_enabled" => true, "cal_enabled" => true,
"dav_auth_type" => "Digest", "dav_auth_type" => "Digest",
"admin_passwordhash" => "", "admin_passwordhash" => "",
"failed_access_message" => "user %u authentication failure for Baikal",
// While not editable as will change admin & any existing user passwords, // While not editable as will change admin & any existing user passwords,
// could be set to different value when migrating from legacy config // could be set to different value when migrating from legacy config
"auth_realm" => "BaikalDAV", "auth_realm" => "BaikalDAV",

View file

@ -27,6 +27,8 @@
namespace BaikalAdmin\Controller; namespace BaikalAdmin\Controller;
use Symfony\Component\Yaml\Yaml;
class Login extends \Flake\Core\Controller { class Login extends \Flake\Core\Controller {
function execute() { function execute() {
} }
@ -39,11 +41,11 @@ class Login extends \Flake\Core\Controller {
$sLogin = htmlspecialchars(\Flake\Util\Tools::POST("login")); $sLogin = htmlspecialchars(\Flake\Util\Tools::POST("login"));
if (self::isSubmitted() && !\BaikalAdmin\Core\Auth::isAuthenticated()) { if (self::isSubmitted() && !\BaikalAdmin\Core\Auth::isAuthenticated()) {
// Log failed accesses, matching the default fail2ban nginx/apache auth rules // Log failed accesses, for further processing by tools like Fail2Ban
if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) { $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
error_log('user "' . $sLogin . '" was not found in "Baikal GUI"', 4); if (isset($config['system']["failed_access_message"]) && $config['system']["failed_access_message"] !== "") {
} else { $log_msg = str_replace("%u", $sLogin, $config['system']["failed_access_message"]);
error_log('user "' . $sLogin . '" authentication failure for "Baikal GUI"', 4); error_log($log_msg, 4);
} }
$sMessage = \Formal\Core\Message::error( $sMessage = \Formal\Core\Message::error(
"The login/password you provided is invalid. Please retry.", "The login/password you provided is invalid. Please retry.",

View file

@ -6,6 +6,7 @@ system:
invite_from: 'noreply@localhost' invite_from: 'noreply@localhost'
dav_auth_type: 'Digest' dav_auth_type: 'Digest'
admin_passwordhash: 5fe794627e1f841f8debba065e2c807a admin_passwordhash: 5fe794627e1f841f8debba065e2c807a
failed_access_message: 'user %u authentication failure for Baikal'
auth_realm: BaikalDAV auth_realm: BaikalDAV
base_uri: '' base_uri: ''
database: database: