Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P1916
failed_logins.diff
Active
Public
Actions
Authored by
epriestley
on Jan 7 2016, 6:19 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
None
Referenced Files
F1056544: failed_logins.txt
Jan 7 2016, 6:19 PM
2016-01-07 18:19:37 (UTC+0)
Subscribers
None
diff --git a/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php b/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php
index 013cd21..3a8aa93 100644
--- a/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php
@@ -144,31 +144,31 @@ final class PhabricatorLDAPAuthProvider extends PhabricatorAuthProvider {
$has_password = strlen($password);
$password = new PhutilOpaqueEnvelope($password);
- if (!strlen($username) || !$has_password) {
- $response = $controller->buildProviderPageResponse(
- $this,
- $this->renderLoginForm($request, 'login'));
- return array($account, $response);
- }
-
if ($request->isFormPost()) {
try {
- if (strlen($username) && $has_password) {
- $adapter = $this->getAdapter();
- $adapter->setLoginUsername($username);
- $adapter->setLoginPassword($password);
-
- // TODO: This calls ldap_bind() eventually, which dumps cleartext
- // passwords to the error log. See note in PhutilLDAPAuthAdapter.
- // See T3351.
-
- DarkConsoleErrorLogPluginAPI::enableDiscardMode();
- $account_id = $adapter->getAccountID();
- DarkConsoleErrorLogPluginAPI::disableDiscardMode();
- } else {
- throw new Exception(pht('Username and password are required!'));
+ if (!strlen($username) || !$has_password) {
+ throw new PhutilAuthCredentialException();
}
+
+ $adapter = $this->getAdapter();
+ $adapter->setLoginUsername($username);
+ $adapter->setLoginPassword($password);
+
+ // TODO: This calls ldap_bind() eventually, which dumps cleartext
+ // passwords to the error log. See note in PhutilLDAPAuthAdapter.
+ // See T3351.
+
+ DarkConsoleErrorLogPluginAPI::enableDiscardMode();
+ $account_id = $adapter->getAccountID();
+ DarkConsoleErrorLogPluginAPI::disableDiscardMode();
} catch (PhutilAuthCredentialException $ex) {
+ $log = PhabricatorUserLog::initializeNewLog(
+ null,
+ null,
+ PhabricatorUserLog::ACTION_LOGIN_FAILURE);
+ $log->setFailedUsername($username);
+ $log->save();
+
$response = $controller->buildProviderPageResponse(
$this,
$this->renderLoginForm($request, 'login'));
diff --git a/src/applications/auth/provider/PhabricatorPasswordAuthProvider.php b/src/applications/auth/provider/PhabricatorPasswordAuthProvider.php
index 68dbf1e..72bb95c 100644
--- a/src/applications/auth/provider/PhabricatorPasswordAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorPasswordAuthProvider.php
@@ -270,9 +270,9 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
$account = null;
$log_user = null;
+ $username_or_email = $request->getStr('username');
if ($request->isFormPost()) {
if (!$require_captcha || $captcha_valid) {
- $username_or_email = $request->getStr('username');
if (strlen($username_or_email)) {
$user = id(new PhabricatorUser())->loadOneWhere(
'username = %s',
@@ -313,6 +313,7 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
null,
$log_user ? $log_user->getPHID() : null,
PhabricatorUserLog::ACTION_LOGIN_FAILURE);
+ $log->setFailedUsername($username_or_email);
$log->save();
}
diff --git a/src/applications/people/storage/PhabricatorUserLog.php b/src/applications/people/storage/PhabricatorUserLog.php
index 5939778..37968bc 100644
--- a/src/applications/people/storage/PhabricatorUserLog.php
+++ b/src/applications/people/storage/PhabricatorUserLog.php
@@ -122,6 +122,15 @@ final class PhabricatorUserLog extends PhabricatorUserDAO
time() - $timespan);
}
+ public function setFailedUsername($username) {
+ $this->details['fail.username'] = $username;
+ return $this;
+ }
+
+ public function getFailedUsername() {
+ return idx($this->details, 'fail.username');
+ }
+
public function save() {
$this->details['host'] = php_uname('n');
$this->details['user_agent'] = AphrontRequest::getHTTPHeader('User-Agent');
diff --git a/src/applications/people/view/PhabricatorUserLogView.php b/src/applications/people/view/PhabricatorUserLogView.php
index 12bcee9..e4bc027 100644
--- a/src/applications/people/view/PhabricatorUserLogView.php
+++ b/src/applications/people/view/PhabricatorUserLogView.php
@@ -55,6 +55,16 @@ final class PhabricatorUserLogView extends AphrontView {
$action = $log->getAction();
$action_name = idx($action_map, $action, $action);
+ $user = null;
+ if ($log->getUserPHID()) {
+ $username = $handles[$log->getUserPHID()]->getName();
+ } else if (strlen($log->getFailedUsername())) {
+ $username = $log->getFailedUsername();
+ } else {
+ $username = null;
+ }
+
+
$rows[] = array(
phabricator_date($log->getDateCreated(), $viewer),
phabricator_time($log->getDateCreated(), $viewer),
@@ -62,7 +72,7 @@ final class PhabricatorUserLogView extends AphrontView {
$log->getActorPHID()
? $handles[$log->getActorPHID()]->getName()
: null,
- $handles[$log->getUserPHID()]->getName(),
+ $username,
$ip,
$session,
);
Event Timeline
epriestley
created this paste.
Jan 7 2016, 6:19 PM
2016-01-07 18:19:37 (UTC+0)
epriestley
changed the title of this paste from
failed_logins.txt
to
failed_logins.diff
.
epriestley
mentioned this in
T10095: provide administrators more hints to track down initial failed logins
.
Jan 7 2016, 6:22 PM
2016-01-07 18:22:32 (UTC+0)
Log In to Comment