diff options
Diffstat (limited to 'lib/private/User')
| -rw-r--r-- | lib/private/User/Session.php | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 19b303e46ea..5fcb83dc443 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -51,6 +51,7 @@ use OCA\DAV\Connector\Sabre\Auth; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Files\NotPermittedException; use OCP\IConfig; +use OCP\ILogger; use OCP\IRequest; use OCP\ISession; use OCP\IUser; @@ -107,6 +108,9 @@ class Session implements IUserSession, Emitter { /** @var ILockdownManager */ private $lockdownManager; + /** @var ILogger */ + private $logger; + /** * @param IUserManager $manager * @param ISession $session @@ -115,6 +119,7 @@ class Session implements IUserSession, Emitter { * @param IConfig $config * @param ISecureRandom $random * @param ILockdownManager $lockdownManager + * @param ILogger $logger */ public function __construct(IUserManager $manager, ISession $session, @@ -122,8 +127,8 @@ class Session implements IUserSession, Emitter { $tokenProvider, IConfig $config, ISecureRandom $random, - ILockdownManager $lockdownManager - ) { + ILockdownManager $lockdownManager, + ILogger $logger) { $this->manager = $manager; $this->session = $session; $this->timeFactory = $timeFactory; @@ -131,6 +136,7 @@ class Session implements IUserSession, Emitter { $this->config = $config; $this->random = $random; $this->lockdownManager = $lockdownManager; + $this->logger = $logger; } /** @@ -400,17 +406,22 @@ class Session implements IUserSession, Emitter { if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) { throw new PasswordLoginForbiddenException(); } + + // Try to login with this username and password if (!$this->login($user, $password) ) { + + // Failed, maybe the user used their email address $users = $this->manager->getByEmail($user); - if (count($users) === 1) { - return $this->login($users[0]->getUID(), $password); - } + if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { - $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]); - if($currentDelay === 0) { - $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']); + + $throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]); + if ($currentDelay === 0) { + $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + } + return false; } - return false; } if ($isTokenPassword) { @@ -544,7 +555,7 @@ class Session implements IUserSession, Emitter { * @throws LoginException if an app canceld the login process or the user is not enabled */ private function loginWithPassword($uid, $password) { - $user = $this->manager->checkPassword($uid, $password); + $user = $this->manager->checkPasswordNoLogging($uid, $password); if ($user === false) { // Password check failed return false; |