From 07c73d4f2d311fc5bec842345e1829ac9df2e398 Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Mon, 1 Jun 2020 15:11:57 -0400
Subject: [PATCH] webaccess: Log authentication attempts (#4022)

Addresses issue #4016.
---
 src/node/hooks/express/webaccess.js | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index ffb132ae1..b3e9a3827 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -38,12 +38,18 @@ exports.basicAuth = function (req, res, next) {
       var password = userpass.join(':');
       var fallback = function(success) {
         if (success) return cb(true);
-        if (settings.users[username] != undefined && settings.users[username].password === password) {
-          settings.users[username].username = username;
-          req.session.user = settings.users[username];
-          return cb(true);
+        if (!(username in settings.users)) {
+          httpLogger.info(`Failed authentication from IP ${req.ip} - no such user`);
+          return cb(false);
         }
-        return cb(false);
+        if (settings.users[username].password !== password) {
+          httpLogger.info(`Failed authentication from IP ${req.ip} for user ${username} - incorrect password`);
+          return cb(false);
+        }
+        httpLogger.info(`Successful authentication from IP ${req.ip} for user ${username}`);
+        settings.users[username].username = username;
+        req.session.user = settings.users[username];
+        return cb(true);
       };
       return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(fallback));
     }