Investigation of #227 led to this improvement

This commit is contained in:
the-djmaze 2022-02-11 19:45:18 +01:00
parent 569c2081f7
commit cb15085dc6
3 changed files with 13 additions and 17 deletions

View file

@ -632,8 +632,13 @@ class Actions
if (!empty($sLine)) {
$this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount, false, $aAdditionalParams));
}
$this->SysLogAuth($this->compileLogParams('Auth failed: ip={request:ip} user={imap:login}', $oAccount, false, $aAdditionalParams));
}
protected function SysLogAuth(string $message): void
{
if ($this->oConfig->Get('logs', 'auth_logging', false) && \openlog('snappymail', 0, \LOG_AUTHPRIV)) {
\syslog(\LOG_ERR, $this->compileLogParams('Auth failed: ip={request:ip} user={imap:login}', $oAccount, false, $aAdditionalParams));
\syslog(\LOG_ERR, $message);
\closelog();
}
}
@ -960,7 +965,7 @@ class Actions
'{smtp:login}' => $sLogin,
'{smtp:host}' => $sHost,
'{user:email}' => $sLogin,
'{user:login}' => \MailSo\Base\Utils::GetAccountNameFromEmail($sLogin),
'{user:login}' => $bAdmin ? $sLogin : \MailSo\Base\Utils::GetAccountNameFromEmail($sLogin),
'{user:domain}' => $sHost,
);
}

View file

@ -212,15 +212,9 @@ trait Admin
!$this->Config()->ValidatePassword($sPassword)
|| ($totp && !\SnappyMail\TOTP::Verify($totp, $this->GetActionParam('TOTP', ''))))
{
$this->loginErrorDelay();
$this->SysLogAuth($this->compileLogParams('Admin Auth failed: ip={request:ip} user={user:login}'));
$this->LoggerAuthHelper(null, $this->getAdditionalLogParamsByUserLogin($sLogin, true));
if ($this->Config()->Get('logs', 'auth_logging', false)
&& $this->Config()->Get('security', 'allow_admin_panel', true)
&& \openlog('snappymail', 0, \LOG_AUTHPRIV))
{
\syslog(\LOG_ERR, $this->compileLogParams('Admin Auth failed: ip={request:ip} user='.$sLogin));
\closelog();
}
$this->loginErrorDelay();
throw new ClientException(Notifications::AuthError);
}

View file

@ -114,18 +114,15 @@ trait UserAuth
$oAccount = null;
$sClientCert = \trim($this->Config()->Get('ssl', 'client_cert', ''));
try {
if ($bMainAccount) {
$oAccount = MainAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true);
} else {
$oAccount = AdditionalAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true);
}
$oAccount = $bMainAccount
? MainAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true)
: AdditionalAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true);
if (!$oAccount) {
throw new ClientException(Notifications::AuthError);
}
} catch (\Throwable $oException) {
$this->loginErrorDelay();
$this->LoggerAuthHelper($oAccount, $this->getAdditionalLogParamsByUserLogin($sInputEmail));
$this->loginErrorDelay();
throw $oException;
}