Add failed_access_message option

to be able to change or disable the failed accesses log messages
2020-10-19 18:21:30 +02:00 · 2020-10-19 18:21:30 +02:00 · 676c1d460b
commit 676c1d460b
parent ef80df9508
4 changed files with 22 additions and 18 deletions
--- a/Core/Frameworks/Baikal/Core/Server.php
+++ b/Core/Frameworks/Baikal/Core/Server.php
@ -186,7 +186,7 @@ class Server {
    }
    /**
-     * Log failed accesses, matching the default fail2ban nginx/apache auth rules.
+     * Log failed accesses, for further processing by tools like Fail2Ban.
     *
     * @return void
     */
@ -195,10 +195,10 @@ class Server {
            // Applications may make their first call without auth so don't log these attempts
            // Pattern from sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php
            if (!preg_match("/No 'Authorization: (Basic|Digest)' header found./", $e->getMessage())) {
-                if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) {
+                $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
-                    error_log('user "(name stripped-out)" was not found in "Baikal DAV"', 4);
+                if (isset($config['system']["failed_access_message"]) && $config['system']["failed_access_message"] !== "") {
-                } else {
+                    $log_msg = str_replace("%u", "(name stripped-out)", $config['system']["failed_access_message"]);
-                    error_log('user "(name stripped-out)" authentication failure for "Baikal DAV"', 4);
+                    error_log($log_msg, 4);
                }
            }
        } else {
--- a/Core/Frameworks/Baikal/Model/Config/Standard.php
+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php
@ -38,6 +38,7 @@ class Standard extends \Baikal\Model\Config {
        "cal_enabled"           => true,
        "dav_auth_type"         => "Digest",
        "admin_passwordhash"    => "",
        "failed_access_message" => "user %u authentication failure for Baikal",
        // While not editable as will change admin & any existing user passwords,
        // could be set to different value when migrating from legacy config
        "auth_realm"            => "BaikalDAV",
--- a/Core/Frameworks/BaikalAdmin/Controller/Login.php
+++ b/Core/Frameworks/BaikalAdmin/Controller/Login.php
@ -27,6 +27,8 @@
 namespace BaikalAdmin\Controller;
 use Symfony\Component\Yaml\Yaml;
 class Login extends \Flake\Core\Controller {
    function execute() {
    }
@ -39,11 +41,11 @@ class Login extends \Flake\Core\Controller {
        $sLogin = htmlspecialchars(\Flake\Util\Tools::POST("login"));
        if (self::isSubmitted() && !\BaikalAdmin\Core\Auth::isAuthenticated()) {
-            // Log failed accesses, matching the default fail2ban nginx/apache auth rules
+            // Log failed accesses, for further processing by tools like Fail2Ban
-            if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) {
+            $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
-                error_log('user "' . $sLogin . '" was not found in "Baikal GUI"', 4);
+            if (isset($config['system']["failed_access_message"]) && $config['system']["failed_access_message"] !== "") {
-            } else {
+                $log_msg = str_replace("%u", $sLogin, $config['system']["failed_access_message"]);
-                error_log('user "' . $sLogin . '" authentication failure for "Baikal GUI"', 4);
+                error_log($log_msg, 4);
            }
            $sMessage = \Formal\Core\Message::error(
                "The login/password you provided is invalid. Please retry.",
--- a/config/baikal.yaml.dist
+++ b/config/baikal.yaml.dist
@ -6,6 +6,7 @@ system:
    invite_from: 'noreply@localhost'
    dav_auth_type: 'Digest'
    admin_passwordhash: 5fe794627e1f841f8debba065e2c807a
    failed_access_message: 'user %u authentication failure for Baikal'
    auth_realm: BaikalDAV
    base_uri: ''
 database: