feat(admin_audit): write admin audit log for login failed

Signed-off-by: Luka Trovic <luka@nextcloud.com>

3 files changed, 13 insertions, 0 deletions

diff --git a/apps/admin_audit/lib/Actions/Auth.php b/apps/admin_audit/lib/Actions/Auth.php
index 55a87cf170f..c56d2c4b7c4 100644
--- a/apps/admin_audit/lib/Actions/Auth.php
+++ b/apps/admin_audit/lib/Actions/Auth.php
@@ -42,4 +42,15 @@ class Auth extends Action {
 			[]
 		);
 	}
+
+	public function loginFailed(array $params): void {
+		$this->log(
+			'Login failed: "%s"',
+			$params,
+			[
+				'uid',
+			],
+			true
+		);
+	}
 }
diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
index a95ba0e684a..00494fb0b60 100644
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -145,6 +145,7 @@ class Application extends App implements IBootstrap {
 		Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
 		Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
 		Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+		Util::connectHook('OC_User', 'login_failed', $authActions, 'loginFailed');
 	}
 
 	private function appHooks(IAuditLogger $logger,
diff --git a/lib/private/Authentication/Listeners/LoginFailedListener.php b/lib/private/Authentication/Listeners/LoginFailedListener.php
index 0358887bb86..ccc93532439 100644
--- a/lib/private/Authentication/Listeners/LoginFailedListener.php
+++ b/lib/private/Authentication/Listeners/LoginFailedListener.php
@@ -40,6 +40,7 @@ class LoginFailedListener implements IEventListener {
 		$this->dispatcher->dispatchTyped(new AnyLoginFailedEvent($event->getLoginName(), $event->getPassword()));
 
 		$uid = $event->getLoginName();
+		\OC_Hook::emit('OC_User', 'login_failed', ['run' => true, 'uid' => $uid]);
 		Util::emitHook(
 			'\OCA\Files_Sharing\API\Server2Server',
 			'preLoginNameUsedAsUserName',