Commit 9b651087 authored by Markus Klein's avatar Markus Klein Committed by Richard Haeser
Browse files

[BUGFIX] Include IP in authentication logs

Logs written via the logging API now include the correct
remote address instead of the marker ###IP###.

Additionally, some actions were logged twice, this is
streamlined.

Resolves: #93693
Resolves: #93943
Releases: master, 10.4, 9.5
Change-Id: I7d420046f5cff605383ce330784821644d9b9fac
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68801

Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
Reviewed-by: Torben Hansen's avatarTorben Hansen <derhansen@gmail.com>
Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
parent 139fb31d
......@@ -192,17 +192,15 @@ class AuthenticationService extends AbstractAuthenticationService
$message = 'Login-attempt from ###IP###, username \'%s\', no suitable hash method found!';
$this->writeLogMessage($message, $submittedUsername);
$this->writelog(255, 3, 3, 1, $message, [$submittedUsername]);
$this->logger->info(sprintf($message, $submittedUsername));
// Not responsible, check other services
return 100;
}
if (!$isValidPassword) {
// Failed login attempt - wrong password
$this->writeLogMessage(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $submittedUsername);
$message = 'Login-attempt from ###IP###, username \'%s\', password not accepted!';
$this->writeLogMessage($message, $submittedUsername);
$this->writelog(255, 3, 3, 1, $message, [$submittedUsername]);
$this->logger->info(sprintf($message, $submittedUsername));
// Responsible, authentication failed, do NOT check other services
return 0;
}
......@@ -212,7 +210,6 @@ class AuthenticationService extends AbstractAuthenticationService
$errorMessage = 'Login-attempt from ###IP###, username \'%s\', locked domain \'%s\' did not match \'%s\'!';
$this->writeLogMessage($errorMessage, $user[$this->db_user['username_column']], $configuredDomainLock, $queriedDomain);
$this->writelog(255, 3, 3, 1, $errorMessage, [$user[$this->db_user['username_column']], $configuredDomainLock, $queriedDomain]);
$this->logger->info(sprintf($errorMessage, $user[$this->db_user['username_column']], $configuredDomainLock, $queriedDomain));
// Responsible, authentication ok, but domain lock not ok, do NOT check other services
return 0;
}
......@@ -388,6 +385,7 @@ class AuthenticationService extends AbstractAuthenticationService
*
* This function accepts variable number of arguments and can format
* parameters. The syntax is the same as for sprintf()
* If a marker ###IP### is present in the message, it is automatically replaced with the REMOTE_ADDR
*
* @param string $message Message to output
* @param array<int, mixed> $params
......@@ -397,6 +395,7 @@ class AuthenticationService extends AbstractAuthenticationService
if (!empty($params)) {
$message = vsprintf($message, $params);
}
$message = str_replace('###IP###', (string)GeneralUtility::getIndpEnv('REMOTE_ADDR'), $message);
if (TYPO3_MODE === 'FE') {
$timeTracker = GeneralUtility::makeInstance(TimeTracker::class);
$timeTracker->setTSlogMessage($message);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment