From 5bb477285863c09af8af3c61e705aed6b2c53901 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Fri, 15 Aug 2014 12:13:00 +0200
Subject: [PATCH 1/2] Move authentication failed logging to checkPassword

Fixes https://github.com/owncloud/core/issues/10366
---
 config/config.sample.php     | 3 ---
 lib/base.php                 | 7 -------
 lib/private/user/manager.php | 2 ++
 3 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 1cf2c22866..402c84fe0c 100755
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -185,9 +185,6 @@ $CONFIG = array(
  (watch out, this option can increase the size of your log file)*/
 "log_query" => false,
 
-/* Enable or disable the logging of IP addresses in case of webform auth failures */
-"log_authfailip" => false,
-
 /* Whether ownCloud should log the last successfull cron exec */
 "cron_log" => true,
 
diff --git a/lib/base.php b/lib/base.php
index ab1d8e9823..219e8ab8b4 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -856,13 +856,6 @@ class OC {
 		} // logon via web form
 		elseif (OC::tryFormLogin()) {
 			$error[] = 'invalidpassword';
-			if ( OC_Config::getValue('log_authfailip', false) ) {
-				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'],
-				OC_Log::WARN);
-			} else {
-				OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf',
-                                OC_Log::WARN);
-			}
 		}
 
 		OC_Util::displayLoginPage(array_unique($error));
diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php
index d4d9116300..a897545e55 100644
--- a/lib/private/user/manager.php
+++ b/lib/private/user/manager.php
@@ -164,6 +164,8 @@ class Manager extends PublicEmitter implements IUserManager {
 				}
 			}
 		}
+
+		\OC::$server->getLogger()->warning('Login failed: \''. $loginname .'\' (Remote IP: \''. $_SERVER['REMOTE_ADDR'] .'\', X-Forwarded-For: \''. $_SERVER['HTTP_X_FORWARDED_FOR'] .'\')', array('app' => 'core'));
 		return false;
 	}
 

From a82cd1ff67b8b0eba7fb4f4d57d1a94e98417ebf Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Fri, 15 Aug 2014 14:15:27 +0200
Subject: [PATCH 2/2] Fix unit test

---
 lib/private/user/manager.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/private/user/manager.php b/lib/private/user/manager.php
index a897545e55..a54755e71c 100644
--- a/lib/private/user/manager.php
+++ b/lib/private/user/manager.php
@@ -165,7 +165,10 @@ class Manager extends PublicEmitter implements IUserManager {
 			}
 		}
 
-		\OC::$server->getLogger()->warning('Login failed: \''. $loginname .'\' (Remote IP: \''. $_SERVER['REMOTE_ADDR'] .'\', X-Forwarded-For: \''. $_SERVER['HTTP_X_FORWARDED_FOR'] .'\')', array('app' => 'core'));
+		$remoteAddr = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
+		$forwardedFor = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
+
+		\OC::$server->getLogger()->warning('Login failed: \''. $loginname .'\' (Remote IP: \''. $remoteAddr .'\', X-Forwarded-For: \''. $forwardedFor .'\')', array('app' => 'core'));
 		return false;
 	}