xuthus/pigallery2
1
0
Fork 0
mirror of https://github.com/xuthus83/pigallery2.git synced 2025-01-14 14:43:17 +08:00
Code Actions Projects Activity

Logging failed login attempts. #519

Browse Source
This commit is contained in:
Patrik J. Braun 2023-02-21 10:04:59 +01:00
parent e7983a6def
commit edb974cf0b
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/middlewares/user/AuthenticationMWs.ts
View File

@ -1,16 +1,15 @@
import {NextFunction, Request, Response} from 'express'; import {NextFunction, Request, Response} from 'express';
import {ErrorCodes, ErrorDTO} from '../../../common/entities/Error'; import {ErrorCodes, ErrorDTO} from '../../../common/entities/Error';
import { import {UserDTO, UserDTOUtils, UserRoles,} from '../../../common/entities/UserDTO';
UserDTO,
UserDTOUtils,
UserRoles,
} from '../../../common/entities/UserDTO';
import {ObjectManagers} from '../../model/ObjectManagers'; import {ObjectManagers} from '../../model/ObjectManagers';
import {Config} from '../../../common/config/private/Config'; import {Config} from '../../../common/config/private/Config';
import {PasswordHelper} from '../../model/PasswordHelper'; import {PasswordHelper} from '../../model/PasswordHelper';
import {Utils} from '../../../common/Utils'; import {Utils} from '../../../common/Utils';
import {QueryParams} from '../../../common/QueryParams'; import {QueryParams} from '../../../common/QueryParams';
import * as path from 'path'; import * as path from 'path';
import {Logger} from '../../Logger';
const LOG_TAG = 'AuthenticationMWs';
export class AuthenticationMWs { export class AuthenticationMWs {
public static async tryAuthenticate( public static async tryAuthenticate(
@ -32,7 +31,8 @@ export class AuthenticationMWs {
return next(); return next();
} }
// eslint-disable-next-line no-empty // eslint-disable-next-line no-empty
} catch (err) {} } catch (err) {
}
return next(); return next();
} }
@ -164,6 +164,7 @@ export class AuthenticationMWs {
sharing.password && sharing.password &&
!PasswordHelper.comparePassword(password, sharing.password)) !PasswordHelper.comparePassword(password, sharing.password))
) { ) {
Logger.warn(LOG_TAG, 'Failed login with sharing:' + sharing.sharingKey + ', bad password');
res.status(401); res.status(401);
return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND)); return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND));
} }
@ -212,6 +213,7 @@ export class AuthenticationMWs {
typeof req.body.loginCredential.username === 'undefined' || typeof req.body.loginCredential.username === 'undefined' ||
typeof req.body.loginCredential.password === 'undefined' typeof req.body.loginCredential.password === 'undefined'
) { ) {
Logger.warn(LOG_TAG, 'Failed login no user or password provided');
return next( return next(
new ErrorDTO( new ErrorDTO(
ErrorCodes.INPUT_ERROR, ErrorCodes.INPUT_ERROR,
@ -220,7 +222,7 @@ export class AuthenticationMWs {
); );
} }
try { try {
// lets find the user // let's find the user
const user = Utils.clone( const user = Utils.clone(
await ObjectManagers.getInstance().UserManager.findOne({ await ObjectManagers.getInstance().UserManager.findOne({
name: req.body.loginCredential.username, name: req.body.loginCredential.username,
@ -236,6 +238,8 @@ export class AuthenticationMWs {
} }
return next(); return next();
} catch (err) { } catch (err) {
Logger.warn(LOG_TAG, 'Failed login for user:' + req.body.loginCredential.username
+ ', bad password');
return next( return next(
new ErrorDTO( new ErrorDTO(
ErrorCodes.CREDENTIAL_NOT_FOUND, ErrorCodes.CREDENTIAL_NOT_FOUND,