Don't polute log when loggin into dav with email
* We first try the email as username but this fails * Then we get the uid from the email and try again We should not log the first attempt since it polutes the log with failed login attempts while the login actually is valid. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
cc4f9986cf
commit
0660e57b1f
|
@ -355,7 +355,16 @@ class Server extends ServerContainer implements IServerContainer {
|
||||||
|
|
||||||
$dispatcher = $c->getEventDispatcher();
|
$dispatcher = $c->getEventDispatcher();
|
||||||
|
|
||||||
$userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom(), $c->getLockdownManager());
|
$userSession = new \OC\User\Session(
|
||||||
|
$manager,
|
||||||
|
$session,
|
||||||
|
$timeFactory,
|
||||||
|
$defaultTokenProvider,
|
||||||
|
$c->getConfig(),
|
||||||
|
$c->getSecureRandom(),
|
||||||
|
$c->getLockdownManager(),
|
||||||
|
$c->getLogger()
|
||||||
|
);
|
||||||
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
|
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
|
||||||
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
|
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
|
||||||
});
|
});
|
||||||
|
|
|
@ -51,6 +51,7 @@ use OCA\DAV\Connector\Sabre\Auth;
|
||||||
use OCP\AppFramework\Utility\ITimeFactory;
|
use OCP\AppFramework\Utility\ITimeFactory;
|
||||||
use OCP\Files\NotPermittedException;
|
use OCP\Files\NotPermittedException;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
|
use OCP\ILogger;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
use OCP\ISession;
|
use OCP\ISession;
|
||||||
use OCP\IUser;
|
use OCP\IUser;
|
||||||
|
@ -107,6 +108,9 @@ class Session implements IUserSession, Emitter {
|
||||||
/** @var ILockdownManager */
|
/** @var ILockdownManager */
|
||||||
private $lockdownManager;
|
private $lockdownManager;
|
||||||
|
|
||||||
|
/** @var ILogger */
|
||||||
|
private $logger;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param IUserManager $manager
|
* @param IUserManager $manager
|
||||||
* @param ISession $session
|
* @param ISession $session
|
||||||
|
@ -115,6 +119,7 @@ class Session implements IUserSession, Emitter {
|
||||||
* @param IConfig $config
|
* @param IConfig $config
|
||||||
* @param ISecureRandom $random
|
* @param ISecureRandom $random
|
||||||
* @param ILockdownManager $lockdownManager
|
* @param ILockdownManager $lockdownManager
|
||||||
|
* @param ILogger $logger
|
||||||
*/
|
*/
|
||||||
public function __construct(IUserManager $manager,
|
public function __construct(IUserManager $manager,
|
||||||
ISession $session,
|
ISession $session,
|
||||||
|
@ -122,8 +127,8 @@ class Session implements IUserSession, Emitter {
|
||||||
$tokenProvider,
|
$tokenProvider,
|
||||||
IConfig $config,
|
IConfig $config,
|
||||||
ISecureRandom $random,
|
ISecureRandom $random,
|
||||||
ILockdownManager $lockdownManager
|
ILockdownManager $lockdownManager,
|
||||||
) {
|
ILogger $logger) {
|
||||||
$this->manager = $manager;
|
$this->manager = $manager;
|
||||||
$this->session = $session;
|
$this->session = $session;
|
||||||
$this->timeFactory = $timeFactory;
|
$this->timeFactory = $timeFactory;
|
||||||
|
@ -131,6 +136,7 @@ class Session implements IUserSession, Emitter {
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
$this->random = $random;
|
$this->random = $random;
|
||||||
$this->lockdownManager = $lockdownManager;
|
$this->lockdownManager = $lockdownManager;
|
||||||
|
$this->logger = $logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -400,17 +406,22 @@ class Session implements IUserSession, Emitter {
|
||||||
if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) {
|
if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) {
|
||||||
throw new PasswordLoginForbiddenException();
|
throw new PasswordLoginForbiddenException();
|
||||||
}
|
}
|
||||||
if (!$this->login($user, $password) ) {
|
|
||||||
$users = $this->manager->getByEmail($user);
|
|
||||||
if (count($users) === 1) {
|
|
||||||
return $this->login($users[0]->getUID(), $password);
|
|
||||||
}
|
|
||||||
|
|
||||||
$throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
|
// Try to login with this username and password
|
||||||
if($currentDelay === 0) {
|
if (!$this->login($user, $password) ) {
|
||||||
$throttler->sleepDelay($request->getRemoteAddress(), 'login');
|
|
||||||
|
// Failed, maybe the user used their email address
|
||||||
|
$users = $this->manager->getByEmail($user);
|
||||||
|
if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
|
||||||
|
|
||||||
|
$this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
|
||||||
|
|
||||||
|
$throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
|
||||||
|
if ($currentDelay === 0) {
|
||||||
|
$throttler->sleepDelay($request->getRemoteAddress(), 'login');
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($isTokenPassword) {
|
if ($isTokenPassword) {
|
||||||
|
@ -544,7 +555,7 @@ class Session implements IUserSession, Emitter {
|
||||||
* @throws LoginException if an app canceld the login process or the user is not enabled
|
* @throws LoginException if an app canceld the login process or the user is not enabled
|
||||||
*/
|
*/
|
||||||
private function loginWithPassword($uid, $password) {
|
private function loginWithPassword($uid, $password) {
|
||||||
$user = $this->manager->checkPassword($uid, $password);
|
$user = $this->manager->checkPasswordNoLogging($uid, $password);
|
||||||
if ($user === false) {
|
if ($user === false) {
|
||||||
// Password check failed
|
// Password check failed
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in New Issue