mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update TwoFactorChallengeController.php 

For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
It's my first attempt at doing any such changes, so I'm open to feedback or inputs here.
Keep up the great work.
This commit is contained in:
pjft 2021-05-30 21:25:34 +01:00 committed by GitHub
parent 719430559f
commit ae95cd5446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/Controller/TwoFactorChallengeController.php
View File

@ -209,6 +209,9 @@ class TwoFactorChallengeController extends Controller {
$this->session->set('two_factor_auth_error_message', $e->getMessage());
}
$ip = $this->request->getRemoteAddress();
$uid = $user->getUID();
\OC::$server->getLogger()->warning("Two-factor challenge failed: $uid (Remote IP: $ip)");
$this->session->set('two_factor_auth_error', true);
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
'challengeProviderId' => $provider->getId(),