Add failed_access_message option
to be able to change or disable the failed accesses log messages
This commit is contained in:
parent
ef80df9508
commit
676c1d460b
4 changed files with 22 additions and 18 deletions
|
@ -186,7 +186,7 @@ class Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Log failed accesses, matching the default fail2ban nginx/apache auth rules.
|
* Log failed accesses, for further processing by tools like Fail2Ban.
|
||||||
*
|
*
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
|
@ -195,10 +195,10 @@ class Server {
|
||||||
// Applications may make their first call without auth so don't log these attempts
|
// Applications may make their first call without auth so don't log these attempts
|
||||||
// Pattern from sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php
|
// Pattern from sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php
|
||||||
if (!preg_match("/No 'Authorization: (Basic|Digest)' header found./", $e->getMessage())) {
|
if (!preg_match("/No 'Authorization: (Basic|Digest)' header found./", $e->getMessage())) {
|
||||||
if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) {
|
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
|
||||||
error_log('user "(name stripped-out)" was not found in "Baikal DAV"', 4);
|
if (isset($config['system']["failed_access_message"]) && $config['system']["failed_access_message"] !== "") {
|
||||||
} else {
|
$log_msg = str_replace("%u", "(name stripped-out)", $config['system']["failed_access_message"]);
|
||||||
error_log('user "(name stripped-out)" authentication failure for "Baikal DAV"', 4);
|
error_log($log_msg, 4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -32,16 +32,17 @@ use Symfony\Component\Yaml\Yaml;
|
||||||
class Standard extends \Baikal\Model\Config {
|
class Standard extends \Baikal\Model\Config {
|
||||||
# Default values
|
# Default values
|
||||||
protected $aData = [
|
protected $aData = [
|
||||||
"configured_version" => BAIKAL_VERSION,
|
"configured_version" => BAIKAL_VERSION,
|
||||||
"timezone" => "Europe/Paris",
|
"timezone" => "Europe/Paris",
|
||||||
"card_enabled" => true,
|
"card_enabled" => true,
|
||||||
"cal_enabled" => true,
|
"cal_enabled" => true,
|
||||||
"dav_auth_type" => "Digest",
|
"dav_auth_type" => "Digest",
|
||||||
"admin_passwordhash" => "",
|
"admin_passwordhash" => "",
|
||||||
|
"failed_access_message" => "user %u authentication failure for Baikal",
|
||||||
// While not editable as will change admin & any existing user passwords,
|
// While not editable as will change admin & any existing user passwords,
|
||||||
// could be set to different value when migrating from legacy config
|
// could be set to different value when migrating from legacy config
|
||||||
"auth_realm" => "BaikalDAV",
|
"auth_realm" => "BaikalDAV",
|
||||||
"base_uri" => ""
|
"base_uri" => ""
|
||||||
];
|
];
|
||||||
|
|
||||||
function __construct() {
|
function __construct() {
|
||||||
|
|
|
@ -27,6 +27,8 @@
|
||||||
|
|
||||||
namespace BaikalAdmin\Controller;
|
namespace BaikalAdmin\Controller;
|
||||||
|
|
||||||
|
use Symfony\Component\Yaml\Yaml;
|
||||||
|
|
||||||
class Login extends \Flake\Core\Controller {
|
class Login extends \Flake\Core\Controller {
|
||||||
function execute() {
|
function execute() {
|
||||||
}
|
}
|
||||||
|
@ -39,11 +41,11 @@ class Login extends \Flake\Core\Controller {
|
||||||
$sLogin = htmlspecialchars(\Flake\Util\Tools::POST("login"));
|
$sLogin = htmlspecialchars(\Flake\Util\Tools::POST("login"));
|
||||||
|
|
||||||
if (self::isSubmitted() && !\BaikalAdmin\Core\Auth::isAuthenticated()) {
|
if (self::isSubmitted() && !\BaikalAdmin\Core\Auth::isAuthenticated()) {
|
||||||
// Log failed accesses, matching the default fail2ban nginx/apache auth rules
|
// Log failed accesses, for further processing by tools like Fail2Ban
|
||||||
if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) {
|
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
|
||||||
error_log('user "' . $sLogin . '" was not found in "Baikal GUI"', 4);
|
if (isset($config['system']["failed_access_message"]) && $config['system']["failed_access_message"] !== "") {
|
||||||
} else {
|
$log_msg = str_replace("%u", $sLogin, $config['system']["failed_access_message"]);
|
||||||
error_log('user "' . $sLogin . '" authentication failure for "Baikal GUI"', 4);
|
error_log($log_msg, 4);
|
||||||
}
|
}
|
||||||
$sMessage = \Formal\Core\Message::error(
|
$sMessage = \Formal\Core\Message::error(
|
||||||
"The login/password you provided is invalid. Please retry.",
|
"The login/password you provided is invalid. Please retry.",
|
||||||
|
|
|
@ -6,6 +6,7 @@ system:
|
||||||
invite_from: 'noreply@localhost'
|
invite_from: 'noreply@localhost'
|
||||||
dav_auth_type: 'Digest'
|
dav_auth_type: 'Digest'
|
||||||
admin_passwordhash: 5fe794627e1f841f8debba065e2c807a
|
admin_passwordhash: 5fe794627e1f841f8debba065e2c807a
|
||||||
|
failed_access_message: 'user %u authentication failure for Baikal'
|
||||||
auth_realm: BaikalDAV
|
auth_realm: BaikalDAV
|
||||||
base_uri: ''
|
base_uri: ''
|
||||||
database:
|
database:
|
||||||
|
|
Loading…
Reference in a new issue