diff --git a/lib/private/Server.php b/lib/private/Server.php index 90072f8b63..f8257cd980 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -355,7 +355,16 @@ class Server extends ServerContainer implements IServerContainer { $dispatcher = $c->getEventDispatcher(); - $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom(), $c->getLockdownManager()); + $userSession = new \OC\User\Session( + $manager, + $session, + $timeFactory, + $defaultTokenProvider, + $c->getConfig(), + $c->getSecureRandom(), + $c->getLockdownManager(), + $c->getLogger() + ); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); }); diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 19b303e46e..5fcb83dc44 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -51,6 +51,7 @@ use OCA\DAV\Connector\Sabre\Auth; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Files\NotPermittedException; use OCP\IConfig; +use OCP\ILogger; use OCP\IRequest; use OCP\ISession; use OCP\IUser; @@ -107,6 +108,9 @@ class Session implements IUserSession, Emitter { /** @var ILockdownManager */ private $lockdownManager; + /** @var ILogger */ + private $logger; + /** * @param IUserManager $manager * @param ISession $session @@ -115,6 +119,7 @@ class Session implements IUserSession, Emitter { * @param IConfig $config * @param ISecureRandom $random * @param ILockdownManager $lockdownManager + * @param ILogger $logger */ public function __construct(IUserManager $manager, ISession $session, @@ -122,8 +127,8 @@ class Session implements IUserSession, Emitter { $tokenProvider, IConfig $config, ISecureRandom $random, - ILockdownManager $lockdownManager - ) { + ILockdownManager $lockdownManager, + ILogger $logger) { $this->manager = $manager; $this->session = $session; $this->timeFactory = $timeFactory; @@ -131,6 +136,7 @@ class Session implements IUserSession, Emitter { $this->config = $config; $this->random = $random; $this->lockdownManager = $lockdownManager; + $this->logger = $logger; } /** @@ -400,17 +406,22 @@ class Session implements IUserSession, Emitter { if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) { throw new PasswordLoginForbiddenException(); } - if (!$this->login($user, $password) ) { - $users = $this->manager->getByEmail($user); - if (count($users) === 1) { - return $this->login($users[0]->getUID(), $password); - } - $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]); - if($currentDelay === 0) { - $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + // Try to login with this username and password + if (!$this->login($user, $password) ) { + + // Failed, maybe the user used their email address + $users = $this->manager->getByEmail($user); + if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { + + $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']); + + $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]); + if ($currentDelay === 0) { + $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + } + return false; } - return false; } if ($isTokenPassword) { @@ -544,7 +555,7 @@ class Session implements IUserSession, Emitter { * @throws LoginException if an app canceld the login process or the user is not enabled */ private function loginWithPassword($uid, $password) { - $user = $this->manager->checkPassword($uid, $password); + $user = $this->manager->checkPasswordNoLogging($uid, $password); if ($user === false) { // Password check failed return false;