Skip to content

Commit

Permalink
Merge pull request #62 from axllent/failed-logins
Browse files Browse the repository at this point in the history
Fix logging of failed logins & unknown users
  • Loading branch information
emteknetnz authored Jan 23, 2024
2 parents 9e2e0ce + d5f2f0b commit d262afb
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 1 deletion.
10 changes: 9 additions & 1 deletion code/AuditHook.php
Original file line number Diff line number Diff line change
Expand Up @@ -382,7 +382,7 @@ public function authenticationFailed($data)
// LDAP authentication uses a "Login" POST field instead of Email.
$login = isset($data['Login'])
? $data['Login']
: (isset($data[Email::class]) ? $data[Email::class] : '');
: (isset($data['Email']) ? $data['Email'] : '');

if (empty($login)) {
return $this->getAuditLogger()->warning(
Expand All @@ -394,6 +394,14 @@ public function authenticationFailed($data)
$this->getAuditLogger()->info(sprintf('Failed login attempt using email "%s"', $login));
}

/**
* Log failed login attempts when the email address doesn't map to an existing member record
*/
public function authenticationFailedUnknownUser($data)
{
$this->authenticationFailed($data);
}

/**
* @deprecated 2.1.0 Use tractorcow/silverstripe-proxy-db instead
*/
Expand Down
27 changes: 27 additions & 0 deletions tests/AuditHookTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -333,4 +333,31 @@ public function testRestoreToStage()
$this->assertStringContainsString('deleted Page', $message);
$this->assertStringContainsString('My page', $message);
}

public function testFailedLogin()
{
$member = $this->createMemberWithPermission('ADMIN');
$this->get('Security/login');
$this->submitForm(
'MemberLoginForm_LoginForm',
null,
['Email' => $member->Email, 'Password' => 'clearly wrong password']
);

$message = $this->writer->getLastMessage();
$this->assertStringContainsString('Failed login attempt using email "' . $member->Email . '"', $message);
}

public function testFailedLoginWithoutMember()
{
$this->get('Security/login');
$this->submitForm(
'MemberLoginForm_LoginForm',
null,
['Email' => '__NO VALID USER__', 'Password' => 'clearly wrong password']
);

$message = $this->writer->getLastMessage();
$this->assertStringContainsString('Failed login attempt using email "__NO VALID USER__"', $message);
}
}

0 comments on commit d262afb

Please sign in to comment.