public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

webaccess: Log authentication attempts (#4022) 

Addresses issue #4016.
pull/4008/head^2
Richard Hansen 2020-06-01 15:11:57 -04:00 committed by GitHub
parent addb9b957a
commit 07c73d4f2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/node/hooks/express/webaccess.js
View File

@ -38,12 +38,18 @@ exports.basicAuth = function (req, res, next) {
var password = userpass.join(':');
var fallback = function(success) {
if (success) return cb(true);
if (settings.users[username] != undefined && settings.users[username].password === password) {
settings.users[username].username = username;
req.session.user = settings.users[username];
return cb(true);
if (!(username in settings.users)) {
httpLogger.info(`Failed authentication from IP ${req.ip} - no such user`);
return cb(false);
}
return cb(false);
if (settings.users[username].password !== password) {
httpLogger.info(`Failed authentication from IP ${req.ip} for user ${username} - incorrect password`);
return cb(false);
}
httpLogger.info(`Successful authentication from IP ${req.ip} for user ${username}`);
settings.users[username].username = username;
req.session.user = settings.users[username];
return cb(true);
};
return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(fallback));
}