diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2018-02-06 15:34:28 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-06 15:34:28 +0100 |
| commit | b55b1b5854b532f8544d00790f21fd92bc646dda (patch) | |
| tree | a286e53168c111a45d7e9028046422282812ac0b /lib/private | |
| parent | b2068704e7ccd269a1af4dc6b32343fa78cd221c (diff) | |
| parent | 2bed7a7f9561ec8191fb06bad98b6532096f1364 (diff) | |
| download | nextcloud-server-b55b1b5854b532f8544d00790f21fd92bc646dda.tar.gz nextcloud-server-b55b1b5854b532f8544d00790f21fd92bc646dda.zip | |
Merge pull request #8045 from nextcloud/8002_13
[stable13] Dont polute the log on DAV emaillogin
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Server.php | 11 | ||||
| -rw-r--r-- | lib/private/User/Session.php | 37 |
2 files changed, 34 insertions, 14 deletions
diff --git a/lib/private/Server.php b/lib/private/Server.php index 4a851d67226..c84780c4fb2 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -355,7 +355,16 @@ class Server extends ServerContainer implements IServerContainer { $dispatcher = $c->getEventDispatcher(); - $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom(), $c->getLockdownManager()); + $userSession = new \OC\User\Session( + $manager, + $session, + $timeFactory, + $defaultTokenProvider, + $c->getConfig(), + $c->getSecureRandom(), + $c->getLockdownManager(), + $c->getLogger() + ); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); }); diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 19b303e46ea..34319760c86 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -51,6 +51,7 @@ use OCA\DAV\Connector\Sabre\Auth; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Files\NotPermittedException; use OCP\IConfig; +use OCP\ILogger; use OCP\IRequest; use OCP\ISession; use OCP\IUser; @@ -83,7 +84,7 @@ use Symfony\Component\EventDispatcher\GenericEvent; */ class Session implements IUserSession, Emitter { - /** @var IUserManager|PublicEmitter $manager */ + /** @var Manager|PublicEmitter $manager */ private $manager; /** @var ISession $session */ @@ -107,23 +108,27 @@ class Session implements IUserSession, Emitter { /** @var ILockdownManager */ private $lockdownManager; + /** @var ILogger */ + private $logger; + /** - * @param IUserManager $manager + * @param Manager $manager * @param ISession $session * @param ITimeFactory $timeFactory * @param IProvider $tokenProvider * @param IConfig $config * @param ISecureRandom $random * @param ILockdownManager $lockdownManager + * @param ILogger $logger */ - public function __construct(IUserManager $manager, + public function __construct(Manager $manager, ISession $session, ITimeFactory $timeFactory, $tokenProvider, IConfig $config, ISecureRandom $random, - ILockdownManager $lockdownManager - ) { + ILockdownManager $lockdownManager, + ILogger $logger) { $this->manager = $manager; $this->session = $session; $this->timeFactory = $timeFactory; @@ -131,6 +136,7 @@ class Session implements IUserSession, Emitter { $this->config = $config; $this->random = $random; $this->lockdownManager = $lockdownManager; + $this->logger = $logger; } /** @@ -400,17 +406,22 @@ class Session implements IUserSession, Emitter { if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) { throw new PasswordLoginForbiddenException(); } + + // Try to login with this username and password if (!$this->login($user, $password) ) { + + // Failed, maybe the user used their email address $users = $this->manager->getByEmail($user); - if (count($users) === 1) { - return $this->login($users[0]->getUID(), $password); - } + if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { - $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]); - if($currentDelay === 0) { - $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']); + + $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]); + if ($currentDelay === 0) { + $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + } + return false; } - return false; } if ($isTokenPassword) { @@ -544,7 +555,7 @@ class Session implements IUserSession, Emitter { * @throws LoginException if an app canceld the login process or the user is not enabled */ private function loginWithPassword($uid, $password) { - $user = $this->manager->checkPassword($uid, $password); + $user = $this->manager->checkPasswordNoLogging($uid, $password); if ($user === false) { // Password check failed return false; |