Merge branch 'auth' of git://github.com/benrubson/BookStack into benrubson-auth

This commit is contained in:
Dan Brown 2020-07-28 10:46:40 +01:00
commit 2f6ff07347
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
4 changed files with 36 additions and 1 deletions

View File

@ -270,4 +270,10 @@ API_DEFAULT_ITEM_COUNT=100
API_MAX_ITEM_COUNT=500
# The number of API requests that can be made per minute by a single user.
API_REQUESTS_PER_MIN=180
API_REQUESTS_PER_MIN=180
# Failed access
# message to log into webserver logs in case of failed access, for further processing by tools like Fail2Ban
# Apache users should use : user "%u" authentication failure for "BookStack"
# Nginx users should use : user "%u" was not found in "BookStack"
FAILED_ACCESS_MESSAGE=''

View File

@ -159,4 +159,21 @@ class ActivityService
session()->flash('success', $message);
}
}
/**
* Log failed accesses, for further processing by tools like Fail2Ban
*
* @param username
* @return void
*/
public function logFailedAccess($username)
{
$log_msg = config('logging.failed_access_message');
if (!is_string($username) || !is_string($log_msg) || strlen($log_msg)<1)
return;
$log_msg = str_replace("%u", $username, $log_msg);
error_log($log_msg, 4);
}
}

View File

@ -86,4 +86,9 @@ return [
],
],
// Failed Access Message
// Defines the message to log into webserver logs in case of failed access,
// for further processing by tools like Fail2Ban.
'failed_access_message' => env('FAILED_ACCESS_MESSAGE', ''),
];

View File

@ -2,6 +2,7 @@
namespace BookStack\Http\Controllers\Auth;
use Activity;
use BookStack\Auth\Access\SocialAuthService;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\LoginAttemptException;
@ -106,6 +107,9 @@ class LoginController extends Controller
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
// Also log some error message
Activity::logFailedAccess($request->get($this->username()));
return $this->sendLockoutResponse($request);
}
@ -122,6 +126,9 @@ class LoginController extends Controller
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
// Also log some error message
Activity::logFailedAccess($request->get($this->username()));
return $this->sendFailedLoginResponse($request);
}