From ae95cd544643957c1fed62cccdf33b9c7b1432a0 Mon Sep 17 00:00:00 2001
From: pjft <pjft@users.noreply.github.com>
Date: Sun, 30 May 2021 21:25:34 +0100
Subject: [PATCH] Update TwoFactorChallengeController.php

For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
It's my first attempt at doing any such changes, so I'm open to feedback or inputs here.
Keep up the great work.
---
 core/Controller/TwoFactorChallengeController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index a9e1ee3591..cfe4a9dda0 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -209,6 +209,9 @@ class TwoFactorChallengeController extends Controller {
 			$this->session->set('two_factor_auth_error_message', $e->getMessage());
 		}
 
+		$ip = $this->request->getRemoteAddress();
+		$uid = $user->getUID();
+		\OC::$server->getLogger()->warning("Two-factor challenge failed: $uid (Remote IP: $ip)");
 		$this->session->set('two_factor_auth_error', true);
 		return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
 			'challengeProviderId' => $provider->getId(),