Investigation of #227 led to this improvement

This commit is contained in:
the-djmaze 2022-02-11 19:45:18 +01:00
parent 569c2081f7
commit cb15085dc6
3 changed files with 13 additions and 17 deletions

View file

@ -632,8 +632,13 @@ class Actions
if (!empty($sLine)) { if (!empty($sLine)) {
$this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount, false, $aAdditionalParams)); $this->LoggerAuth()->Write($this->compileLogParams($sLine, $oAccount, false, $aAdditionalParams));
} }
$this->SysLogAuth($this->compileLogParams('Auth failed: ip={request:ip} user={imap:login}', $oAccount, false, $aAdditionalParams));
}
protected function SysLogAuth(string $message): void
{
if ($this->oConfig->Get('logs', 'auth_logging', false) && \openlog('snappymail', 0, \LOG_AUTHPRIV)) { if ($this->oConfig->Get('logs', 'auth_logging', false) && \openlog('snappymail', 0, \LOG_AUTHPRIV)) {
\syslog(\LOG_ERR, $this->compileLogParams('Auth failed: ip={request:ip} user={imap:login}', $oAccount, false, $aAdditionalParams)); \syslog(\LOG_ERR, $message);
\closelog(); \closelog();
} }
} }
@ -960,7 +965,7 @@ class Actions
'{smtp:login}' => $sLogin, '{smtp:login}' => $sLogin,
'{smtp:host}' => $sHost, '{smtp:host}' => $sHost,
'{user:email}' => $sLogin, '{user:email}' => $sLogin,
'{user:login}' => \MailSo\Base\Utils::GetAccountNameFromEmail($sLogin), '{user:login}' => $bAdmin ? $sLogin : \MailSo\Base\Utils::GetAccountNameFromEmail($sLogin),
'{user:domain}' => $sHost, '{user:domain}' => $sHost,
); );
} }

View file

@ -212,15 +212,9 @@ trait Admin
!$this->Config()->ValidatePassword($sPassword) !$this->Config()->ValidatePassword($sPassword)
|| ($totp && !\SnappyMail\TOTP::Verify($totp, $this->GetActionParam('TOTP', '')))) || ($totp && !\SnappyMail\TOTP::Verify($totp, $this->GetActionParam('TOTP', ''))))
{ {
$this->loginErrorDelay(); $this->SysLogAuth($this->compileLogParams('Admin Auth failed: ip={request:ip} user={user:login}'));
$this->LoggerAuthHelper(null, $this->getAdditionalLogParamsByUserLogin($sLogin, true)); $this->LoggerAuthHelper(null, $this->getAdditionalLogParamsByUserLogin($sLogin, true));
if ($this->Config()->Get('logs', 'auth_logging', false) $this->loginErrorDelay();
&& $this->Config()->Get('security', 'allow_admin_panel', true)
&& \openlog('snappymail', 0, \LOG_AUTHPRIV))
{
\syslog(\LOG_ERR, $this->compileLogParams('Admin Auth failed: ip={request:ip} user='.$sLogin));
\closelog();
}
throw new ClientException(Notifications::AuthError); throw new ClientException(Notifications::AuthError);
} }

View file

@ -114,18 +114,15 @@ trait UserAuth
$oAccount = null; $oAccount = null;
$sClientCert = \trim($this->Config()->Get('ssl', 'client_cert', '')); $sClientCert = \trim($this->Config()->Get('ssl', 'client_cert', ''));
try { try {
if ($bMainAccount) { $oAccount = $bMainAccount
$oAccount = MainAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true); ? MainAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true)
} else { : AdditionalAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true);
$oAccount = AdditionalAccount::NewInstanceFromCredentials($this, $sEmail, $sLogin, $sPassword, $sClientCert, true);
}
if (!$oAccount) { if (!$oAccount) {
throw new ClientException(Notifications::AuthError); throw new ClientException(Notifications::AuthError);
} }
} catch (\Throwable $oException) { } catch (\Throwable $oException) {
$this->loginErrorDelay();
$this->LoggerAuthHelper($oAccount, $this->getAdditionalLogParamsByUserLogin($sInputEmail)); $this->LoggerAuthHelper($oAccount, $this->getAdditionalLogParamsByUserLogin($sInputEmail));
$this->loginErrorDelay();
throw $oException; throw $oException;
} }