MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [auth][log] log correct org/userid with failed login fixes #8807

pull/8826/head
Christophe Vandeplas 2022-12-07 00:55:20 +01:00
parent 9d51d143bb
commit f18f0514f7
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/AppController.php
View File

@ -236,8 +236,9 @@ class AppController extends Controller
if ($this->_isRest() || $this->_isAutomation()) {
// disable CSRF for REST access
$this->Security->csrfCheck = false;
if ($this->__loginByAuthKey() === false || $this->Auth->user() === null) {
if ($this->__loginByAuthKey() === null) {
$loginByAuthKeyResult = $this->__loginByAuthKey();
if ($loginByAuthKeyResult === false || $this->Auth->user() === null) {
if ($loginByAuthKeyResult === null) {
$this->loadModel('Log');
$this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed API authentication. No authkey was provided.");
}
@ -458,6 +459,9 @@ class AppController extends Controller
}
$this->Session->destroy();
}
} else {
$this->loadModel('Log');
$this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed authentication using an API key of incorrect length.");
}
return false;
}

21
app/Model/Bruteforce.php
View File

@ -22,15 +22,30 @@ class Bruteforce extends AppModel
$this->save($bruteforceEntry);
$title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.';
if ($this->isBlocklisted($username)) {
$change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.';
$change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The source IP/username is now blocklisted for ' . $expire . ' seconds.';
} else {
$change = '';
}
// lookup the real user details
$this->User = ClassRegistry::init('User');
$user = $this->User->find('first', array(
'conditions' => array('User.email' => $username),
'fields' => array('User.id', 'Organisation.name'),
'recursive' => 0));
if ($user) {
$org = $user['Organisation']['name'];
$userId = $user['User']['id'];
} else {
$org = 'SYSTEM';
$userId = 0;
}
$log = array(
'org' => 'SYSTEM',
'org' => $org,
'model' => 'User',
'model_id' => 0,
'model_id' => $userId,
'email' => $username,
'user_id' => $userId,
'action' => 'login_fail',
'title' => $title,
'change' => $change