Merge branch 'auth' of git://github.com/benrubson/BookStack into benrubson-auth

2024-11-23 19:32:29 +01:00 · 2020-07-28 10:46:40 +01:00 · 2020-07-28 10:46:40 +01:00 · 2f6ff07347
commit 2f6ff07347
parent 76fcbd3752 9d7ce59b18
4 changed files with 36 additions and 1 deletions
--- a/.env.example.complete
+++ b/.env.example.complete
@ -270,4 +270,10 @@ API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500

 # The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
+API_REQUESTS_PER_MIN=180
+
+# Failed access
+# message to log into webserver logs in case of failed access, for further processing by tools like Fail2Ban
+# Apache users should use : user "%u" authentication failure for "BookStack"
+# Nginx  users should use : user "%u" was not found in "BookStack"
+FAILED_ACCESS_MESSAGE=''
--- a/app/Actions/ActivityService.php
+++ b/app/Actions/ActivityService.php
@ -159,4 +159,21 @@ class ActivityService
            session()->flash('success', $message);
        }
    }
+
+    /**
+     * Log failed accesses, for further processing by tools like Fail2Ban
+     *
+     * @param username
+     * @return void
+      */
+    public function logFailedAccess($username)
+    {
+        $log_msg = config('logging.failed_access_message');
+
+        if (!is_string($username) || !is_string($log_msg) || strlen($log_msg)<1)
+            return;
+
+        $log_msg = str_replace("%u", $username, $log_msg);
+        error_log($log_msg, 4);
+    }
 }
--- a/app/Config/logging.php
+++ b/app/Config/logging.php
@ -86,4 +86,9 @@ return [
        ],
    ],

+    // Failed Access Message
+    // Defines the message to log into webserver logs in case of failed access,
+    // for further processing by tools like Fail2Ban.
+    'failed_access_message' => env('FAILED_ACCESS_MESSAGE', ''),
+
 ];
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -2,6 +2,7 @@

 namespace BookStack\Http\Controllers\Auth;

+use Activity;
 use BookStack\Auth\Access\SocialAuthService;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
@ -106,6 +107,9 @@ class LoginController extends Controller
            $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

+            // Also log some error message
+            Activity::logFailedAccess($request->get($this->username()));
+
            return $this->sendLockoutResponse($request);
        }

@ -122,6 +126,9 @@ class LoginController extends Controller
        // user surpasses their maximum number of attempts they will get locked out.
        $this->incrementLoginAttempts($request);

+        // Also log some error message
+        Activity::logFailedAccess($request->get($this->username()));
+
        return $this->sendFailedLoginResponse($request);
    }