From f18f0514f75548117a26d43284a455b94dd48dd5 Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Wed, 7 Dec 2022 00:55:20 +0100
Subject: [PATCH] fix: [auth][log] log correct org/userid with failed login
 fixes #8807

---
 app/Controller/AppController.php |  8 ++++++--
 app/Model/Bruteforce.php         | 21 ++++++++++++++++++---
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 7244f5d59..b3315f33f 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -236,8 +236,9 @@ class AppController extends Controller
             if ($this->_isRest() || $this->_isAutomation()) {
                 // disable CSRF for REST access
                 $this->Security->csrfCheck = false;
-                if ($this->__loginByAuthKey() === false || $this->Auth->user() === null) {
-                    if ($this->__loginByAuthKey() === null) {
+                $loginByAuthKeyResult = $this->__loginByAuthKey();
+                if ($loginByAuthKeyResult === false || $this->Auth->user() === null) {
+                    if ($loginByAuthKeyResult === null) {
                         $this->loadModel('Log');
                         $this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed API authentication. No authkey was provided.");
                     }
@@ -458,6 +459,9 @@ class AppController extends Controller
                     }
                     $this->Session->destroy();
                 }
+            } else {
+                    $this->loadModel('Log');
+                    $this->Log->createLogEntry('SYSTEM', 'auth_fail', 'User', 0, "Failed authentication using an API key of incorrect length.");
             }
             return false;
         }
diff --git a/app/Model/Bruteforce.php b/app/Model/Bruteforce.php
index 7d0efab9d..46c8342f7 100644
--- a/app/Model/Bruteforce.php
+++ b/app/Model/Bruteforce.php
@@ -22,15 +22,30 @@ class Bruteforce extends AppModel
         $this->save($bruteforceEntry);
         $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.';
         if ($this->isBlocklisted($username)) {
-            $change = 'This has tripped the bruteforce protection after  ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.';
+            $change = 'This has tripped the bruteforce protection after  ' . $amount . ' failed attempts. The source IP/username is now blocklisted for ' . $expire . ' seconds.';
         } else {
             $change = '';
         }
+        // lookup the real user details
+        $this->User = ClassRegistry::init('User');
+        $user = $this->User->find('first', array(
+            'conditions' => array('User.email' => $username),
+            'fields' => array('User.id', 'Organisation.name'),
+            'recursive' => 0));
+        if ($user) {
+            $org = $user['Organisation']['name'];
+            $userId = $user['User']['id'];
+        } else {
+            $org = 'SYSTEM';
+            $userId = 0;
+        }
+
         $log = array(
-                'org' => 'SYSTEM',
+                'org' => $org,
                 'model' => 'User',
-                'model_id' => 0,
+                'model_id' => $userId,
                 'email' => $username,
+                'user_id' => $userId,
                 'action' => 'login_fail',
                 'title' => $title,
                 'change' => $change