API_MAX_ITEM_COUNT=500
# The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
\ No newline at end of file
+API_REQUESTS_PER_MIN=180
+
+# Failed access
+# message to log into webserver logs in case of failed access, for further processing by tools like Fail2Ban
+# Apache users should use : user "%u" authentication failure for "BookStack"
+# Nginx users should use : user "%u" was not found in "BookStack"
+FAILED_ACCESS_MESSAGE=''
session()->flash('success', $message);
}
}
+
+ /**
+ * Log failed accesses, for further processing by tools like Fail2Ban
+ *
+ * @param username
+ * @return void
+ */
+ public function logFailedAccess($username)
+ {
+ $log_msg = config('logging.failed_access_message');
+
+ if (!is_string($username) || !is_string($log_msg) || strlen($log_msg)<1)
+ return;
+
+ $log_msg = str_replace("%u", $username, $log_msg);
+ error_log($log_msg, 4);
+ }
}
],
],
+ // Failed Access Message
+ // Defines the message to log into webserver logs in case of failed access,
+ // for further processing by tools like Fail2Ban.
+ 'failed_access_message' => env('FAILED_ACCESS_MESSAGE', ''),
+
];
namespace BookStack\Http\Controllers\Auth;
+use Activity;
use BookStack\Auth\Access\SocialAuthService;
use BookStack\Exceptions\LoginAttemptEmailNeededException;
use BookStack\Exceptions\LoginAttemptException;
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
+ // Also log some error message
+ Activity::logFailedAccess($request->get($this->username()));
+
return $this->sendLockoutResponse($request);
}
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
+ // Also log some error message
+ Activity::logFailedAccess($request->get($this->username()));
+
return $this->sendFailedLoginResponse($request);
}