1
0
mirror of https://github.com/xuthus83/pigallery2.git synced 2025-01-14 14:43:17 +08:00

Logging failed login attempts. #519

This commit is contained in:
Patrik J. Braun 2023-02-21 10:04:59 +01:00
parent e7983a6def
commit edb974cf0b

View File

@ -1,16 +1,15 @@
import { NextFunction, Request, Response } from 'express'; import {NextFunction, Request, Response} from 'express';
import { ErrorCodes, ErrorDTO } from '../../../common/entities/Error'; import {ErrorCodes, ErrorDTO} from '../../../common/entities/Error';
import { import {UserDTO, UserDTOUtils, UserRoles,} from '../../../common/entities/UserDTO';
UserDTO, import {ObjectManagers} from '../../model/ObjectManagers';
UserDTOUtils, import {Config} from '../../../common/config/private/Config';
UserRoles, import {PasswordHelper} from '../../model/PasswordHelper';
} from '../../../common/entities/UserDTO'; import {Utils} from '../../../common/Utils';
import { ObjectManagers } from '../../model/ObjectManagers'; import {QueryParams} from '../../../common/QueryParams';
import { Config } from '../../../common/config/private/Config';
import { PasswordHelper } from '../../model/PasswordHelper';
import { Utils } from '../../../common/Utils';
import { QueryParams } from '../../../common/QueryParams';
import * as path from 'path'; import * as path from 'path';
import {Logger} from '../../Logger';
const LOG_TAG = 'AuthenticationMWs';
export class AuthenticationMWs { export class AuthenticationMWs {
public static async tryAuthenticate( public static async tryAuthenticate(
@ -32,7 +31,8 @@ export class AuthenticationMWs {
return next(); return next();
} }
// eslint-disable-next-line no-empty // eslint-disable-next-line no-empty
} catch (err) {} } catch (err) {
}
return next(); return next();
} }
@ -164,6 +164,7 @@ export class AuthenticationMWs {
sharing.password && sharing.password &&
!PasswordHelper.comparePassword(password, sharing.password)) !PasswordHelper.comparePassword(password, sharing.password))
) { ) {
Logger.warn(LOG_TAG, 'Failed login with sharing:' + sharing.sharingKey + ', bad password');
res.status(401); res.status(401);
return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND)); return next(new ErrorDTO(ErrorCodes.CREDENTIAL_NOT_FOUND));
} }
@ -212,6 +213,7 @@ export class AuthenticationMWs {
typeof req.body.loginCredential.username === 'undefined' || typeof req.body.loginCredential.username === 'undefined' ||
typeof req.body.loginCredential.password === 'undefined' typeof req.body.loginCredential.password === 'undefined'
) { ) {
Logger.warn(LOG_TAG, 'Failed login no user or password provided');
return next( return next(
new ErrorDTO( new ErrorDTO(
ErrorCodes.INPUT_ERROR, ErrorCodes.INPUT_ERROR,
@ -220,7 +222,7 @@ export class AuthenticationMWs {
); );
} }
try { try {
// lets find the user // let's find the user
const user = Utils.clone( const user = Utils.clone(
await ObjectManagers.getInstance().UserManager.findOne({ await ObjectManagers.getInstance().UserManager.findOne({
name: req.body.loginCredential.username, name: req.body.loginCredential.username,
@ -236,6 +238,8 @@ export class AuthenticationMWs {
} }
return next(); return next();
} catch (err) { } catch (err) {
Logger.warn(LOG_TAG, 'Failed login for user:' + req.body.loginCredential.username
+ ', bad password');
return next( return next(
new ErrorDTO( new ErrorDTO(
ErrorCodes.CREDENTIAL_NOT_FOUND, ErrorCodes.CREDENTIAL_NOT_FOUND,