X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/7728931f150cb9f80a98cf6a2f947d7f25532cc4..12a9a45747f3ce3ff58464cd7ccb88f2c42438e8:/app/Http/Controllers/Auth/LoginController.php diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 2302937cb..75ade74e7 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -5,6 +5,7 @@ namespace BookStack\Http\Controllers\Auth; use BookStack\Auth\Access\SocialAuthService; use BookStack\Exceptions\LoginAttemptEmailNeededException; use BookStack\Exceptions\LoginAttemptException; +use BookStack\Exceptions\UserRegistrationException; use BookStack\Http\Controllers\Controller; use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Http\Request; @@ -38,7 +39,9 @@ class LoginController extends Controller */ public function __construct(SocialAuthService $socialAuthService) { - $this->middleware('guest', ['only' => ['getLogin', 'postLogin']]); + $this->middleware('guest', ['only' => ['getLogin', 'login']]); + $this->middleware('guard:standard,ldap', ['only' => ['login', 'logout']]); + $this->socialAuthService = $socialAuthService; $this->redirectPath = url('/'); $this->redirectAfterLogout = url('/http/source.bookstackapp.com/login'); @@ -65,7 +68,6 @@ class LoginController extends Controller { $socialDrivers = $this->socialAuthService->getActiveDrivers(); $authMethod = config('auth.method'); - $samlEnabled = config('saml2.enabled') === true; if ($request->has('email')) { session()->flashInput([ @@ -77,7 +79,6 @@ class LoginController extends Controller return view('auth.login', [ 'socialDrivers' => $socialDrivers, 'authMethod' => $authMethod, - 'samlEnabled' => $samlEnabled, ]); } @@ -100,6 +101,9 @@ class LoginController extends Controller $this->hasTooManyLoginAttempts($request)) { $this->fireLockoutEvent($request); + // Also log some error message + $this->logFailedAccess($request); + return $this->sendLockoutResponse($request); } @@ -116,6 +120,9 @@ class LoginController extends Controller // user surpasses their maximum number of attempts they will get locked out. $this->incrementLoginAttempts($request); + // Also log some error message + $this->logFailedAccess($request); + return $this->sendFailedLoginResponse($request); } @@ -129,28 +136,16 @@ class LoginController extends Controller */ protected function validateLogin(Request $request) { - $rules = []; + $rules = ['password' => 'required|string']; $authMethod = config('auth.method'); if ($authMethod === 'standard') { - $rules = [ - 'email' => 'required|string|email', - 'password' => 'required|string' - ]; + $rules['email'] = 'required|email'; } if ($authMethod === 'ldap') { - $rules = [ - 'username' => 'required|string', - 'password' => 'required|string', - 'email' => 'email', - ]; - } - - if ($authMethod === 'saml2') { - $rules = [ - 'email' => 'email', - ]; + $rules['username'] = 'required|string'; + $rules['email'] = 'email'; } $request->validate($rules); @@ -174,17 +169,15 @@ class LoginController extends Controller } /** - * Log the user out of the application. + * Log failed accesses, matching the default fail2ban nginx/apache auth rules. */ - public function logout(Request $request) + protected function logFailedAccess(Request $request) { - if (config('saml2.enabled') && session()->get('last_login_type') === 'saml2') { - return redirect('/saml2/logout'); - } - - $this->guard()->logout(); - $request->session()->invalidate(); - - return $this->loggedOut($request) ?: redirect('/'); + if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) { + error_log('user "' . $request->get($this->username()) . '" was not found in "BookStack"', 4); + } else { + error_log('user "' . $request->get($this->username()) . '" authentication failure for "BookStack"', 4); + } } + }