Log authentication attempts

app/classes/shared/main_controller.py

@@ -78,6 +78,30 @@ class Controller:
         self.first_login = False
         self.cached_login = self.management.get_login_image()
         self.support_scheduler.start()
+        try:
+            with open(
+                os.path.join(os.path.curdir, "logs", "auth_tracker.log"),
+                "r",
+                encoding="utf-8",
+            ) as f:
+                self.auth_tracker = json.load(f)
+        except:
+            self.auth_tracker = {}
+
+    def log_attempt(self, remote_ip, username):
+        remote = self.auth_tracker.get(str(remote_ip), None)
+        if remote:
+            remote["names"].append(username)
+            remote["attempts"] += 1
+            self.auth_tracker[str(remote_ip)] = remote
+        else:
+            self.auth_tracker[str(remote_ip)] = {"names": [username], "attempts": 1}
+        with open(
+            os.path.join(os.path.curdir, "logs", "auth_tracker.log"),
+            "w",
+            encoding="utf-8",
+        ) as f:
+            json.dump(self.auth_tracker, f, indent=4)
 
     @staticmethod
     def check_system_user():

app/classes/web/public_handler.py

@@ -6,6 +6,7 @@ from app.classes.models.users import HelperUsers
 from app.classes.web.base_handler import BaseHandler
 
 logger = logging.getLogger(__name__)
+auth_log = logging.getLogger("auth")
 
 
 class PublicHandler(BaseHandler):
@@ -96,6 +97,9 @@ class PublicHandler(BaseHandler):
             page_data["query"] = self.request.query
 
         if page == "login":
+            auth_log.info(
+                f"User attempting to authenticate from {self.get_remote_ip()}"
+            )
             next_page = "/login"
             if self.request.query:
                 next_page = "/login?" + self.request.query
@@ -108,6 +112,12 @@ class PublicHandler(BaseHandler):
                 user_id = HelperUsers.get_user_id_by_name(entered_username.lower())
                 user_data = HelperUsers.get_user_model(user_id)
             except:
+                self.controller.log_attempt(self.get_remote_ip(), entered_username)
+                auth_log.error(
+                    f"User attempted to log into {entered_username}."
+                    f" Authentication failed from remote IP {self.get_remote_ip()}"
+                    " Users does not exist."
+                )
                 error_msg = "Incorrect username or password. Please try again."
                 # self.clear_cookie("user")
                 # self.clear_cookie("user_data")
@@ -120,6 +130,12 @@ class PublicHandler(BaseHandler):
 
             # if we don't have a user
             if not user_data:
+                auth_log.error(
+                    f"User attempted to log into {entered_username}. Authentication"
+                    f" failed from remote IP {self.get_remote_ip()}"
+                    " User does not exist."
+                )
+                self.controller.log_attempt(self.get_remote_ip(), entered_username)
                 error_msg = "Incorrect username or password. Please try again."
                 # self.clear_cookie("user")
                 # self.clear_cookie("user_data")
@@ -132,6 +148,12 @@ class PublicHandler(BaseHandler):
 
             # if they are disabled
             if not user_data.enabled:
+                auth_log.error(
+                    f"User attempted to log into {entered_username}. "
+                    f"Authentication failed from remote IP {self.get_remote_ip()}."
+                    " User account disabled"
+                )
+                self.controller.log_attempt(self.get_remote_ip(), entered_username)
                 error_msg = (
                     "User account disabled. Please contact "
                     "your system administrator for more info."
@@ -159,7 +181,11 @@ class PublicHandler(BaseHandler):
                 user_data.last_ip = self.get_remote_ip()
                 user_data.last_login = Helpers.get_time_as_string()
                 user_data.save()
-
+                auth_log.info(
+                    f"{entered_username} successfully"
+                    " authenticated and logged"
+                    f" into panel from remote IP {self.get_remote_ip()}"
+                )
                 # log this login
                 self.controller.management.add_to_audit_log(
                     user_data.user_id, "Logged in", 0, self.get_remote_ip()
@@ -172,6 +198,11 @@ class PublicHandler(BaseHandler):
 
                 self.redirect(next_page)
             else:
+                auth_log.error(
+                    f"User attempted to log into {entered_username}."
+                    f" Authentication failed from remote IP {self.get_remote_ip()}"
+                )
+                self.controller.log_attempt(self.get_remote_ip(), entered_username)
                 # self.clear_cookie("user")
                 # self.clear_cookie("user_data")
                 self.clear_cookie("token")

app/config/logging.json

@@ -10,16 +10,17 @@
     },
     "schedule": {
       "format": "%(asctime)s - [Schedules] - %(levelname)s - %(message)s"
+    },
+    "auth": {
+      "format": "%(asctime)s - [AUTH] - %(levelname)s - %(message)s"
     }
   },
-
   "handlers": {
     "console": {
       "class": "logging.StreamHandler",
       "formatter": "commander",
       "stream": "ext://sys.stdout"
     },
-
     "main_file_handler": {
       "class": "logging.handlers.RotatingFileHandler",
       "formatter": "commander",
@@ -50,24 +51,45 @@
       "maxBytes": 10485760,
       "backupCount": 20,
       "encoding": "utf8"
+    },
+    "auth_file_handler": {
+      "class": "logging.handlers.RotatingFileHandler",
+      "formatter": "auth",
+      "filename": "logs/auth.log",
+      "maxBytes": 10485760,
+      "backupCount": 20,
+      "encoding": "utf8"
     }
   },
-
   "loggers": {
     "": {
       "level": "INFO",
-      "handlers": ["main_file_handler", "session_file_handler"],
+      "handlers": [
+        "main_file_handler",
+        "session_file_handler"
+      ],
       "propagate": false
     },
     "tornado.access": {
       "level": "INFO",
-      "handlers": ["tornado_access_file_handler"],
+      "handlers": [
+        "tornado_access_file_handler"
+      ],
       "propagate": false
     },
     "apscheduler": {
       "level": "INFO",
-      "handlers": ["schedule_file_handler"],
+      "handlers": [
+        "schedule_file_handler"
+      ],
+      "propagate": false
+    },
+    "auth": {
+      "level": "INFO",
+      "handlers": [
+        "auth_file_handler"
+      ],
       "propagate": false
     }
   }
-}
+}