From 5bb477285863c09af8af3c61e705aed6b2c53901 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 15 Aug 2014 12:13:00 +0200 Subject: [PATCH 1/2] Move authentication failed logging to checkPassword Fixes https://github.com/owncloud/core/issues/10366 --- config/config.sample.php | 3 --- lib/base.php | 7 ------- lib/private/user/manager.php | 2 ++ 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index 1cf2c22866..402c84fe0c 100755 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -185,9 +185,6 @@ $CONFIG = array( (watch out, this option can increase the size of your log file)*/ "log_query" => false, -/* Enable or disable the logging of IP addresses in case of webform auth failures */ -"log_authfailip" => false, - /* Whether ownCloud should log the last successfull cron exec */ "cron_log" => true, diff --git a/lib/base.php b/lib/base.php index ab1d8e9823..219e8ab8b4 100644 --- a/lib/base.php +++ b/lib/base.php @@ -856,13 +856,6 @@ class OC { } // logon via web form elseif (OC::tryFormLogin()) { $error[] = 'invalidpassword'; - if ( OC_Config::getValue('log_authfailip', false) ) { - OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'], - OC_Log::WARN); - } else { - OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf', - OC_Log::WARN); - } } OC_Util::displayLoginPage(array_unique($error)); diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php index d4d9116300..a897545e55 100644 --- a/lib/private/user/manager.php +++ b/lib/private/user/manager.php @@ -164,6 +164,8 @@ class Manager extends PublicEmitter implements IUserManager { } } } + + \OC::$server->getLogger()->warning('Login failed: \''. $loginname .'\' (Remote IP: \''. $_SERVER['REMOTE_ADDR'] .'\', X-Forwarded-For: \''. $_SERVER['HTTP_X_FORWARDED_FOR'] .'\')', array('app' => 'core')); return false; } From a82cd1ff67b8b0eba7fb4f4d57d1a94e98417ebf Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 15 Aug 2014 14:15:27 +0200 Subject: [PATCH 2/2] Fix unit test --- lib/private/user/manager.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php index a897545e55..a54755e71c 100644 --- a/lib/private/user/manager.php +++ b/lib/private/user/manager.php @@ -165,7 +165,10 @@ class Manager extends PublicEmitter implements IUserManager { } } - \OC::$server->getLogger()->warning('Login failed: \''. $loginname .'\' (Remote IP: \''. $_SERVER['REMOTE_ADDR'] .'\', X-Forwarded-For: \''. $_SERVER['HTTP_X_FORWARDED_FOR'] .'\')', array('app' => 'core')); + $remoteAddr = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; + $forwardedFor = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; + + \OC::$server->getLogger()->warning('Login failed: \''. $loginname .'\' (Remote IP: \''. $remoteAddr .'\', X-Forwarded-For: \''. $forwardedFor .'\')', array('app' => 'core')); return false; }