mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Log authentication attempts
This commit is contained in:
parent
0dc075d147
commit
e9105ffbe4
@ -78,6 +78,30 @@ class Controller:
|
||||
self.first_login = False
|
||||
self.cached_login = self.management.get_login_image()
|
||||
self.support_scheduler.start()
|
||||
try:
|
||||
with open(
|
||||
os.path.join(os.path.curdir, "logs", "auth_tracker.log"),
|
||||
"r",
|
||||
encoding="utf-8",
|
||||
) as f:
|
||||
self.auth_tracker = json.load(f)
|
||||
except:
|
||||
self.auth_tracker = {}
|
||||
|
||||
def log_attempt(self, remote_ip, username):
|
||||
remote = self.auth_tracker.get(str(remote_ip), None)
|
||||
if remote:
|
||||
remote["names"].append(username)
|
||||
remote["attempts"] += 1
|
||||
self.auth_tracker[str(remote_ip)] = remote
|
||||
else:
|
||||
self.auth_tracker[str(remote_ip)] = {"names": [username], "attempts": 1}
|
||||
with open(
|
||||
os.path.join(os.path.curdir, "logs", "auth_tracker.log"),
|
||||
"w",
|
||||
encoding="utf-8",
|
||||
) as f:
|
||||
json.dump(self.auth_tracker, f, indent=4)
|
||||
|
||||
@staticmethod
|
||||
def check_system_user():
|
||||
|
@ -6,6 +6,7 @@ from app.classes.models.users import HelperUsers
|
||||
from app.classes.web.base_handler import BaseHandler
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
auth_log = logging.getLogger("auth")
|
||||
|
||||
|
||||
class PublicHandler(BaseHandler):
|
||||
@ -96,6 +97,9 @@ class PublicHandler(BaseHandler):
|
||||
page_data["query"] = self.request.query
|
||||
|
||||
if page == "login":
|
||||
auth_log.info(
|
||||
f"User attempting to authenticate from {self.get_remote_ip()}"
|
||||
)
|
||||
next_page = "/login"
|
||||
if self.request.query:
|
||||
next_page = "/login?" + self.request.query
|
||||
@ -108,6 +112,12 @@ class PublicHandler(BaseHandler):
|
||||
user_id = HelperUsers.get_user_id_by_name(entered_username.lower())
|
||||
user_data = HelperUsers.get_user_model(user_id)
|
||||
except:
|
||||
self.controller.log_attempt(self.get_remote_ip(), entered_username)
|
||||
auth_log.error(
|
||||
f"User attempted to log into {entered_username}."
|
||||
f" Authentication failed from remote IP {self.get_remote_ip()}"
|
||||
" Users does not exist."
|
||||
)
|
||||
error_msg = "Incorrect username or password. Please try again."
|
||||
# self.clear_cookie("user")
|
||||
# self.clear_cookie("user_data")
|
||||
@ -120,6 +130,12 @@ class PublicHandler(BaseHandler):
|
||||
|
||||
# if we don't have a user
|
||||
if not user_data:
|
||||
auth_log.error(
|
||||
f"User attempted to log into {entered_username}. Authentication"
|
||||
f" failed from remote IP {self.get_remote_ip()}"
|
||||
" User does not exist."
|
||||
)
|
||||
self.controller.log_attempt(self.get_remote_ip(), entered_username)
|
||||
error_msg = "Incorrect username or password. Please try again."
|
||||
# self.clear_cookie("user")
|
||||
# self.clear_cookie("user_data")
|
||||
@ -132,6 +148,12 @@ class PublicHandler(BaseHandler):
|
||||
|
||||
# if they are disabled
|
||||
if not user_data.enabled:
|
||||
auth_log.error(
|
||||
f"User attempted to log into {entered_username}. "
|
||||
f"Authentication failed from remote IP {self.get_remote_ip()}."
|
||||
" User account disabled"
|
||||
)
|
||||
self.controller.log_attempt(self.get_remote_ip(), entered_username)
|
||||
error_msg = (
|
||||
"User account disabled. Please contact "
|
||||
"your system administrator for more info."
|
||||
@ -159,7 +181,11 @@ class PublicHandler(BaseHandler):
|
||||
user_data.last_ip = self.get_remote_ip()
|
||||
user_data.last_login = Helpers.get_time_as_string()
|
||||
user_data.save()
|
||||
|
||||
auth_log.info(
|
||||
f"{entered_username} successfully"
|
||||
" authenticated and logged"
|
||||
f" into panel from remote IP {self.get_remote_ip()}"
|
||||
)
|
||||
# log this login
|
||||
self.controller.management.add_to_audit_log(
|
||||
user_data.user_id, "Logged in", 0, self.get_remote_ip()
|
||||
@ -172,6 +198,11 @@ class PublicHandler(BaseHandler):
|
||||
|
||||
self.redirect(next_page)
|
||||
else:
|
||||
auth_log.error(
|
||||
f"User attempted to log into {entered_username}."
|
||||
f" Authentication failed from remote IP {self.get_remote_ip()}"
|
||||
)
|
||||
self.controller.log_attempt(self.get_remote_ip(), entered_username)
|
||||
# self.clear_cookie("user")
|
||||
# self.clear_cookie("user_data")
|
||||
self.clear_cookie("token")
|
||||
|
@ -10,16 +10,17 @@
|
||||
},
|
||||
"schedule": {
|
||||
"format": "%(asctime)s - [Schedules] - %(levelname)s - %(message)s"
|
||||
},
|
||||
"auth": {
|
||||
"format": "%(asctime)s - [AUTH] - %(levelname)s - %(message)s"
|
||||
}
|
||||
},
|
||||
|
||||
"handlers": {
|
||||
"console": {
|
||||
"class": "logging.StreamHandler",
|
||||
"formatter": "commander",
|
||||
"stream": "ext://sys.stdout"
|
||||
},
|
||||
|
||||
"main_file_handler": {
|
||||
"class": "logging.handlers.RotatingFileHandler",
|
||||
"formatter": "commander",
|
||||
@ -50,23 +51,44 @@
|
||||
"maxBytes": 10485760,
|
||||
"backupCount": 20,
|
||||
"encoding": "utf8"
|
||||
},
|
||||
"auth_file_handler": {
|
||||
"class": "logging.handlers.RotatingFileHandler",
|
||||
"formatter": "auth",
|
||||
"filename": "logs/auth.log",
|
||||
"maxBytes": 10485760,
|
||||
"backupCount": 20,
|
||||
"encoding": "utf8"
|
||||
}
|
||||
},
|
||||
|
||||
"loggers": {
|
||||
"": {
|
||||
"level": "INFO",
|
||||
"handlers": ["main_file_handler", "session_file_handler"],
|
||||
"handlers": [
|
||||
"main_file_handler",
|
||||
"session_file_handler"
|
||||
],
|
||||
"propagate": false
|
||||
},
|
||||
"tornado.access": {
|
||||
"level": "INFO",
|
||||
"handlers": ["tornado_access_file_handler"],
|
||||
"handlers": [
|
||||
"tornado_access_file_handler"
|
||||
],
|
||||
"propagate": false
|
||||
},
|
||||
"apscheduler": {
|
||||
"level": "INFO",
|
||||
"handlers": ["schedule_file_handler"],
|
||||
"handlers": [
|
||||
"schedule_file_handler"
|
||||
],
|
||||
"propagate": false
|
||||
},
|
||||
"auth": {
|
||||
"level": "INFO",
|
||||
"handlers": [
|
||||
"auth_file_handler"
|
||||
],
|
||||
"propagate": false
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user