mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 15:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

webaccess: Log all authentication successes/failures

Browse source 
This loses some of the granularity of the default HTTP basic auth
(unknown username vs. bad password), but there is considerable value
in having logging that is consistent no matter what authentication
plugins are installed.
This commit is contained in:
Richard Hansen 2020-08-27 21:41:31 -04:00 committed by John McLear
parent ea4b9bf7d7
commit 411b278881
1 changed files with 7 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/node/hooks/express/webaccess.js
View file

@ -94,7 +94,10 @@ exports.checkAccess = (req, res, next) => {
} }
hooks.aCallFirst('authenticate', ctx, hookResultMangle((ok) => { hooks.aCallFirst('authenticate', ctx, hookResultMangle((ok) => {
if (!ok) { if (!ok) {
const failure = () => { // Fall back to HTTP basic auth.
if (!httpBasicAuth || !(ctx.username in settings.users) ||
settings.users[ctx.username].password !== ctx.password) {
httpLogger.info(`Failed authentication from IP ${req.ip}`);
return hooks.aCallFirst('authnFailure', {req, res}, hookResultMangle((ok) => { return hooks.aCallFirst('authnFailure', {req, res}, hookResultMangle((ok) => {
if (ok) return; if (ok) return;
return hooks.aCallFirst('authFailure', {req, res, next}, hookResultMangle((ok) => { return hooks.aCallFirst('authFailure', {req, res, next}, hookResultMangle((ok) => {
@ -107,18 +110,7 @@ exports.checkAccess = (req, res, next) => {
}, 1000); }, 1000);
})); }));
})); }));
};
// Fall back to HTTP basic auth.
if (!httpBasicAuth) return failure();
if (!(ctx.username in settings.users)) {
httpLogger.info(`Failed authentication from IP ${req.ip} - no such user`);
return failure();
} }
if (settings.users[ctx.username].password !== ctx.password) {
httpLogger.info(`Failed authentication from IP ${req.ip} for user ${ctx.username} - incorrect password`);
return failure();
}
httpLogger.info(`Successful authentication from IP ${req.ip} for user ${ctx.username}`);
settings.users[ctx.username].username = ctx.username; settings.users[ctx.username].username = ctx.username;
req.session.user = settings.users[ctx.username]; req.session.user = settings.users[ctx.username];
} }
@ -127,6 +119,9 @@ exports.checkAccess = (req, res, next) => {
res.status(500).send('Internal Server Error'); res.status(500).send('Internal Server Error');
return; return;
} }
let username = req.session.user.username;
username = (username != null) ? username : '<no username>';
httpLogger.info(`Successful authentication from IP ${req.ip} for username ${username}`);
step3Authorize(); step3Authorize();
})); }));
}; };