mirror of
https://github.com/lldap/lldap.git
synced 2024-11-25 09:06:03 +00:00
server: Clarify logging of login attempts and failures
This commit is contained in:
Valentin Tolmer
nitnelave
parent
120ad34f92
commit
0c6a92a8fa
3 changed files with 43 additions and 60 deletions
|
|
@ -3,7 +3,7 @@ use thiserror::Error;
|
|||
#[allow(clippy::enum_variant_names)]
|
||||
#[derive(Error, Debug)]
|
||||
pub enum DomainError {
|
||||
#[error("Authentication error: `{0}`")]
|
||||
#[error("Authentication error {0}")]
|
||||
AuthenticationError(String),
|
||||
#[error("Database error: `{0}`")]
|
||||
DatabaseError(#[from] sea_orm::DbErr),
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ use super::{
|
|||
use async_trait::async_trait;
|
||||
use base64::Engine;
|
||||
use lldap_auth::opaque;
|
||||
use log::info;
|
||||
use sea_orm::{ActiveModelTrait, ActiveValue, EntityTrait, QuerySelect};
|
||||
use secstr::SecUtf8;
|
||||
use tracing::{debug, instrument};
|
||||
|
|
@ -70,14 +71,15 @@ impl LoginHandler for SqlBackendHandler {
|
|||
.get_password_file_for_user(request.name.clone())
|
||||
.await?
|
||||
{
|
||||
if let Err(e) = passwords_match(
|
||||
info!(r#"Login attempt for "{}""#, &request.name);
|
||||
if passwords_match(
|
||||
&password_hash,
|
||||
&request.password,
|
||||
self.config.get_server_setup(),
|
||||
&request.name,
|
||||
) {
|
||||
debug!(r#"Invalid password for "{}": {}"#, &request.name, e);
|
||||
} else {
|
||||
)
|
||||
.is_ok()
|
||||
{
|
||||
return Ok(());
|
||||
}
|
||||
} else {
|
||||
|
|
@ -87,7 +89,7 @@ impl LoginHandler for SqlBackendHandler {
|
|||
);
|
||||
}
|
||||
Err(DomainError::AuthenticationError(format!(
|
||||
" for user '{}'",
|
||||
r#"for user "{}""#,
|
||||
request.name
|
||||
)))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -345,6 +345,7 @@ async fn opaque_login_start<Backend>(
|
|||
where
|
||||
Backend: OpaqueHandler + 'static,
|
||||
{
|
||||
info!(r#"OPAQUE login attempt for "{}""#, &request.username);
|
||||
data.get_opaque_handler()
|
||||
.login_start(request.into_inner())
|
||||
.await
|
||||
|
|
@ -401,11 +402,20 @@ async fn opaque_login_finish<Backend>(
|
|||
where
|
||||
Backend: TcpBackendHandler + BackendHandler + OpaqueHandler + 'static,
|
||||
{
|
||||
let name = data
|
||||
match data
|
||||
.get_opaque_handler()
|
||||
.login_finish(request.into_inner())
|
||||
.await?;
|
||||
get_login_successful_response(&data, &name).await
|
||||
.await
|
||||
{
|
||||
Ok(name) => {
|
||||
info!(r#"OPAQUE login successful"#);
|
||||
get_login_successful_response(&data, &name).await
|
||||
}
|
||||
Err(e) => {
|
||||
warn!(r#"OPAQUE login attempt failed"#);
|
||||
Err(e.into())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn opaque_login_finish_handler<Backend>(
|
||||
|
|
@ -449,31 +459,6 @@ where
|
|||
.unwrap_or_else(error_to_http_response)
|
||||
}
|
||||
|
||||
#[instrument(skip_all, level = "debug", fields(name = %request.name))]
|
||||
async fn post_authorize<Backend>(
|
||||
data: web::Data<AppState<Backend>>,
|
||||
request: web::Json<BindRequest>,
|
||||
) -> TcpResult<HttpResponse>
|
||||
where
|
||||
Backend: TcpBackendHandler + BackendHandler + LoginHandler + 'static,
|
||||
{
|
||||
let name = request.name.clone();
|
||||
data.get_login_handler().bind(request.into_inner()).await?;
|
||||
get_login_successful_response(&data, &name).await
|
||||
}
|
||||
|
||||
async fn post_authorize_handler<Backend>(
|
||||
data: web::Data<AppState<Backend>>,
|
||||
request: web::Json<BindRequest>,
|
||||
) -> HttpResponse
|
||||
where
|
||||
Backend: TcpBackendHandler + BackendHandler + LoginHandler + 'static,
|
||||
{
|
||||
post_authorize(data, request)
|
||||
.await
|
||||
.unwrap_or_else(error_to_http_response)
|
||||
}
|
||||
|
||||
#[instrument(skip_all, level = "debug")]
|
||||
async fn opaque_register_start<Backend>(
|
||||
request: actix_web::HttpRequest,
|
||||
|
|
@ -648,32 +633,28 @@ pub fn configure_server<Backend>(cfg: &mut web::ServiceConfig, enable_password_r
|
|||
where
|
||||
Backend: TcpBackendHandler + LoginHandler + OpaqueHandler + BackendHandler + 'static,
|
||||
{
|
||||
cfg.service(web::resource("").route(web::post().to(post_authorize_handler::<Backend>)))
|
||||
.service(
|
||||
web::resource("/opaque/login/start")
|
||||
.route(web::post().to(opaque_login_start::<Backend>)),
|
||||
)
|
||||
.service(
|
||||
web::resource("/opaque/login/finish")
|
||||
.route(web::post().to(opaque_login_finish_handler::<Backend>)),
|
||||
)
|
||||
.service(
|
||||
web::resource("/simple/login").route(web::post().to(simple_login_handler::<Backend>)),
|
||||
)
|
||||
.service(web::resource("/refresh").route(web::get().to(get_refresh_handler::<Backend>)))
|
||||
.service(web::resource("/logout").route(web::get().to(get_logout_handler::<Backend>)))
|
||||
.service(
|
||||
web::scope("/opaque/register")
|
||||
.wrap(CookieToHeaderTranslatorFactory)
|
||||
.service(
|
||||
web::resource("/start")
|
||||
.route(web::post().to(opaque_register_start_handler::<Backend>)),
|
||||
)
|
||||
.service(
|
||||
web::resource("/finish")
|
||||
.route(web::post().to(opaque_register_finish_handler::<Backend>)),
|
||||
),
|
||||
);
|
||||
cfg.service(
|
||||
web::resource("/opaque/login/start").route(web::post().to(opaque_login_start::<Backend>)),
|
||||
)
|
||||
.service(
|
||||
web::resource("/opaque/login/finish")
|
||||
.route(web::post().to(opaque_login_finish_handler::<Backend>)),
|
||||
)
|
||||
.service(web::resource("/simple/login").route(web::post().to(simple_login_handler::<Backend>)))
|
||||
.service(web::resource("/refresh").route(web::get().to(get_refresh_handler::<Backend>)))
|
||||
.service(web::resource("/logout").route(web::get().to(get_logout_handler::<Backend>)))
|
||||
.service(
|
||||
web::scope("/opaque/register")
|
||||
.wrap(CookieToHeaderTranslatorFactory)
|
||||
.service(
|
||||
web::resource("/start")
|
||||
.route(web::post().to(opaque_register_start_handler::<Backend>)),
|
||||
)
|
||||
.service(
|
||||
web::resource("/finish")
|
||||
.route(web::post().to(opaque_register_finish_handler::<Backend>)),
|
||||
),
|
||||
);
|
||||
if enable_password_reset {
|
||||
cfg.service(
|
||||
web::resource("/reset/step1/{user_id}")
|
||||
|
|
|
|||
Loading…
Reference in a new issue