ari/arimelody.me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

log IP address for account locks 🧌

Browse source
This commit is contained in:
ari melody 2025-04-30 18:21:47 +01:00
parent 37fa1f4fa8
commit 76cf1bb0d5
Signed by: ari
GPG key ID: 60B5F0386E3DDB7E
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
admin/http.go
View file

@ -283,7 +283,7 @@ func loginHandler(app *model.AppState) http.Handler {
err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password)) err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
if err != nil { if err != nil {
app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r)) app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
if locked := handleFailedLogin(app, account); locked { if locked := handleFailedLogin(app, account, r); locked {
controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.") controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
} else { } else {
controller.SetSessionError(app.DB, session, "Invalid username or password.") controller.SetSessionError(app.DB, session, "Invalid username or password.")
@ -389,7 +389,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
} }
if totpMethod == nil { if totpMethod == nil {
app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
if locked := handleFailedLogin(app, session.AttemptAccount); locked { if locked := handleFailedLogin(app, session.AttemptAccount, r); locked {
controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.") controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
controller.SetSessionAttemptAccount(app.DB, session, nil) controller.SetSessionAttemptAccount(app.DB, session, nil)
http.Redirect(w, r, "/admin", http.StatusFound) http.Redirect(w, r, "/admin", http.StatusFound)
@ -514,7 +514,7 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
}) })
} }
func handleFailedLogin(app *model.AppState, account *model.Account) bool { func handleFailedLogin(app *model.AppState, account *model.Account, r *http.Request) bool {
locked, err := controller.IncrementAccountFails(app.DB, account.ID) locked, err := controller.IncrementAccountFails(app.DB, account.ID)
if err != nil { if err != nil {
fmt.Fprintf( fmt.Fprintf(
@ -532,9 +532,10 @@ func handleFailedLogin(app *model.AppState, account *model.Account) bool {
if locked { if locked {
app.Log.Warn( app.Log.Warn(
log.TYPE_ACCOUNT, log.TYPE_ACCOUNT,
"Account \"%s\" was locked: %d failed login attempts", "Account \"%s\" was locked: %d failed login attempts (IP: %s)",
account.Username, account.Username,
model.MAX_LOGIN_FAIL_ATTEMPTS, model.MAX_LOGIN_FAIL_ATTEMPTS,
controller.ResolveIP(app, r),
) )
} }
return locked return locked