Browse Source

Merge pull request #9009 from Chocobo1/login

Add logging messages in WebUI login action
adaptive-webui-19844
Mike Tzou 7 years ago committed by GitHub
parent
commit
c4e4e7432d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 31
      src/webui/api/authcontroller.cpp

31
src/webui/api/authcontroller.cpp

@ -30,6 +30,7 @@
#include <QCryptographicHash> #include <QCryptographicHash>
#include "base/logger.h"
#include "base/preferences.h" #include "base/preferences.h"
#include "base/utils/string.h" #include "base/utils/string.h"
#include "apierror.h" #include "apierror.h"
@ -45,29 +46,41 @@ void AuthController::loginAction()
return; return;
} }
if (isBanned()) const QString clientAddr {sessionManager()->clientId()};
const QString usernameFromWeb {params()["username"]};
const QString passwordFromWeb {params()["password"]};
if (isBanned()) {
LogMsg(tr("WebAPI login failure. Reason: IP has been banned, IP: %1, username: %2")
.arg(clientAddr, usernameFromWeb)
, Log::WARNING);
throw APIError(APIErrorType::AccessDenied throw APIError(APIErrorType::AccessDenied
, tr("Your IP address has been banned after too many failed authentication attempts.")); , tr("Your IP address has been banned after too many failed authentication attempts."));
}
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(params()["password"].toLocal8Bit());
QString pass = md5.result().toHex();
const QString username {Preferences::instance()->getWebUiUsername()}; const QString username {Preferences::instance()->getWebUiUsername()};
const QString password {Preferences::instance()->getWebUiPassword()}; const QString password {Preferences::instance()->getWebUiPassword()};
const bool equalUser = Utils::String::slowEquals(params()["username"].toUtf8(), username.toUtf8()); QCryptographicHash md5(QCryptographicHash::Md5);
const bool equalPass = Utils::String::slowEquals(pass.toUtf8(), password.toUtf8()); md5.addData(passwordFromWeb.toLocal8Bit());
const QString passwordFromWebHashed = md5.result().toHex();
const bool equalUser = Utils::String::slowEquals(usernameFromWeb.toUtf8(), username.toUtf8());
const bool equalPass = Utils::String::slowEquals(passwordFromWebHashed.toUtf8(), password.toUtf8());
if (equalUser && equalPass) { if (equalUser && equalPass) {
m_clientFailedLogins.remove(clientAddr);
sessionManager()->sessionStart(); sessionManager()->sessionStart();
setResult(QLatin1String("Ok.")); setResult(QLatin1String("Ok."));
LogMsg(tr("WebAPI login success. IP: %1").arg(clientAddr));
} }
else { else {
QString addr = sessionManager()->clientId();
increaseFailedAttempts(); increaseFailedAttempts();
qDebug("client IP: %s (%d failed attempts)", qUtf8Printable(addr), failedAttemptsCount());
setResult(QLatin1String("Fails.")); setResult(QLatin1String("Fails."));
LogMsg(tr("WebAPI login failure. Reason: invalid credentials, attempt count: %1, IP: %2, username: %3")
.arg(QString::number(failedAttemptsCount()), clientAddr, usernameFromWeb)
, Log::WARNING);
} }
} }

Loading…
Cancel
Save