summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/private/Server.php11
-rw-r--r--lib/private/User/Session.php31
2 files changed, 31 insertions, 11 deletions
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 90072f8b63b..f8257cd9801 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -355,7 +355,16 @@ class Server extends ServerContainer implements IServerContainer {
$dispatcher = $c->getEventDispatcher();
- $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom(), $c->getLockdownManager());
+ $userSession = new \OC\User\Session(
+ $manager,
+ $session,
+ $timeFactory,
+ $defaultTokenProvider,
+ $c->getConfig(),
+ $c->getSecureRandom(),
+ $c->getLockdownManager(),
+ $c->getLogger()
+ );
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
});
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 19b303e46ea..5fcb83dc443 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -51,6 +51,7 @@ use OCA\DAV\Connector\Sabre\Auth;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Files\NotPermittedException;
use OCP\IConfig;
+use OCP\ILogger;
use OCP\IRequest;
use OCP\ISession;
use OCP\IUser;
@@ -107,6 +108,9 @@ class Session implements IUserSession, Emitter {
/** @var ILockdownManager */
private $lockdownManager;
+ /** @var ILogger */
+ private $logger;
+
/**
* @param IUserManager $manager
* @param ISession $session
@@ -115,6 +119,7 @@ class Session implements IUserSession, Emitter {
* @param IConfig $config
* @param ISecureRandom $random
* @param ILockdownManager $lockdownManager
+ * @param ILogger $logger
*/
public function __construct(IUserManager $manager,
ISession $session,
@@ -122,8 +127,8 @@ class Session implements IUserSession, Emitter {
$tokenProvider,
IConfig $config,
ISecureRandom $random,
- ILockdownManager $lockdownManager
- ) {
+ ILockdownManager $lockdownManager,
+ ILogger $logger) {
$this->manager = $manager;
$this->session = $session;
$this->timeFactory = $timeFactory;
@@ -131,6 +136,7 @@ class Session implements IUserSession, Emitter {
$this->config = $config;
$this->random = $random;
$this->lockdownManager = $lockdownManager;
+ $this->logger = $logger;
}
/**
@@ -400,17 +406,22 @@ class Session implements IUserSession, Emitter {
if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) {
throw new PasswordLoginForbiddenException();
}
+
+ // Try to login with this username and password
if (!$this->login($user, $password) ) {
+
+ // Failed, maybe the user used their email address
$users = $this->manager->getByEmail($user);
- if (count($users) === 1) {
- return $this->login($users[0]->getUID(), $password);
- }
+ if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
- $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
- if($currentDelay === 0) {
- $throttler->sleepDelay($request->getRemoteAddress(), 'login');
+ $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
+
+ $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
+ if ($currentDelay === 0) {
+ $throttler->sleepDelay($request->getRemoteAddress(), 'login');
+ }
+ return false;
}
- return false;
}
if ($isTokenPassword) {
@@ -544,7 +555,7 @@ class Session implements IUserSession, Emitter {
* @throws LoginException if an app canceld the login process or the user is not enabled
*/
private function loginWithPassword($uid, $password) {
- $user = $this->manager->checkPassword($uid, $password);
+ $user = $this->manager->checkPasswordNoLogging($uid, $password);
if ($user === false) {
// Password check failed
return false;