Update TwoFactorChallengeController.php
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge. Right now, the only hindrance is rate-limiting, but it's probably not enough. It's my first attempt at doing any such changes, so I'm open to feedback or inputs here. Keep up the great work.
This commit is contained in:
parent
719430559f
commit
ae95cd5446
|
@ -209,6 +209,9 @@ class TwoFactorChallengeController extends Controller {
|
|||
$this->session->set('two_factor_auth_error_message', $e->getMessage());
|
||||
}
|
||||
|
||||
$ip = $this->request->getRemoteAddress();
|
||||
$uid = $user->getUID();
|
||||
\OC::$server->getLogger()->warning("Two-factor challenge failed: $uid (Remote IP: $ip)");
|
||||
$this->session->set('two_factor_auth_error', true);
|
||||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
|
||||
'challengeProviderId' => $provider->getId(),
|
||||
|
|
Loading…
Reference in New Issue