Add DisableLoginLog config setting.
The tests / tickloop portions (to purge existing login logs when the setting is enabled) are coming with the tickloop rewrite.
This commit is contained in:
parent
0c0f265daf
commit
67a968caf2
|
@ -103,6 +103,7 @@ type config struct {
|
||||||
DisablePostIP bool
|
DisablePostIP bool
|
||||||
DisablePollIP bool
|
DisablePollIP bool
|
||||||
DisableRegLog bool
|
DisableRegLog bool
|
||||||
|
DisableLoginLog bool
|
||||||
//DisableSelfDeleteLog bool
|
//DisableSelfDeleteLog bool
|
||||||
|
|
||||||
DisableLiveTopicList bool
|
DisableLiveTopicList bool
|
||||||
|
|
|
@ -37,29 +37,31 @@ func AccountLoginSubmit(w http.ResponseWriter, r *http.Request, u *c.User) c.Rou
|
||||||
}
|
}
|
||||||
|
|
||||||
name := c.SanitiseSingleLine(r.PostFormValue("username"))
|
name := c.SanitiseSingleLine(r.PostFormValue("username"))
|
||||||
uid, err, requiresExtraAuth := c.Auth.Authenticate(name, r.PostFormValue("password"))
|
uid, e, requiresExtraAuth := c.Auth.Authenticate(name, r.PostFormValue("password"))
|
||||||
if err != nil {
|
if e != nil {
|
||||||
// TODO: uid is currently set to 0 as authenticate fetches the user by username and password. Get the actual uid, so we can alert the user of attempted logins? What if someone takes advantage of the response times to deduce if an account exists?
|
// TODO: uid is currently set to 0 as authenticate fetches the user by username and password. Get the actual uid, so we can alert the user of attempted logins? What if someone takes advantage of the response times to deduce if an account exists?
|
||||||
logItem := &c.LoginLogItem{UID: uid, Success: false, IP: u.GetIP()}
|
if !c.Config.DisableLoginLog {
|
||||||
_, ierr := logItem.Create()
|
li := &c.LoginLogItem{UID: uid, Success: false, IP: u.GetIP()}
|
||||||
if ierr != nil {
|
if _, ie := li.Create(); ie != nil {
|
||||||
return c.InternalError(ierr, w, r)
|
return c.InternalError(ie, w, r)
|
||||||
}
|
}
|
||||||
return c.LocalError(err.Error(), w, r, u)
|
}
|
||||||
|
return c.LocalError(e.Error(), w, r, u)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Take 2FA into account
|
// TODO: Take 2FA into account
|
||||||
logItem := &c.LoginLogItem{UID: uid, Success: true, IP: u.GetIP()}
|
if !c.Config.DisableLoginLog {
|
||||||
_, err = logItem.Create()
|
li := &c.LoginLogItem{UID: uid, Success: true, IP: u.GetIP()}
|
||||||
if err != nil {
|
if _, e = li.Create(); e != nil {
|
||||||
return c.InternalError(err, w, r)
|
return c.InternalError(e, w, r)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Do we want to slacken this by only doing it when the IP changes?
|
// TODO: Do we want to slacken this by only doing it when the IP changes?
|
||||||
if requiresExtraAuth {
|
if requiresExtraAuth {
|
||||||
provSession, signedSession, err := c.Auth.CreateProvisionalSession(uid)
|
provSession, signedSession, e := c.Auth.CreateProvisionalSession(uid)
|
||||||
if err != nil {
|
if e != nil {
|
||||||
return c.InternalError(err, w, r)
|
return c.InternalError(e, w, r)
|
||||||
}
|
}
|
||||||
// TODO: Use the login log ID in the provisional cookie?
|
// TODO: Use the login log ID in the provisional cookie?
|
||||||
c.Auth.SetProvisionalCookies(w, uid, provSession, signedSession)
|
c.Auth.SetProvisionalCookies(w, uid, provSession, signedSession)
|
||||||
|
@ -283,9 +285,8 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user *c.User)
|
||||||
|
|
||||||
regLog := c.RegLogItem{Username: name, Email: email, FailureReason: regErrReason, Success: regSuccess, IP: user.GetIP()}
|
regLog := c.RegLogItem{Username: name, Email: email, FailureReason: regErrReason, Success: regSuccess, IP: user.GetIP()}
|
||||||
if !c.Config.DisableRegLog && regSuccess {
|
if !c.Config.DisableRegLog && regSuccess {
|
||||||
_, err := regLog.Create()
|
if _, e := regLog.Create(); e != nil {
|
||||||
if err != nil {
|
return c.InternalError(e, w, r)
|
||||||
return c.InternalError(err, w, r)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if !regSuccess {
|
if !regSuccess {
|
||||||
|
@ -305,8 +306,8 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user *c.User)
|
||||||
pushLog := func(reason string) error {
|
pushLog := func(reason string) error {
|
||||||
if !c.Config.DisableRegLog {
|
if !c.Config.DisableRegLog {
|
||||||
regLog.FailureReason += reason + "|"
|
regLog.FailureReason += reason + "|"
|
||||||
_, err := regLog.Create()
|
_, e := regLog.Create()
|
||||||
return err
|
return e
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue