Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-11-22 05:10:29 +01:00
Merge pull request #152 from Baelyk/master
Add ip and username to failed login attempts
Dieser Commit ist enthalten in:
Commit
b82710eecf
1 geänderte Dateien mit 18 neuen und 5 gelöschten Zeilen
|
@ -1,4 +1,5 @@
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
|
||||||
|
|
||||||
use rocket::request::{self, Form, FormItems, FromForm, FromRequest, Request};
|
use rocket::request::{self, Form, FormItems, FromForm, FromRequest, Request};
|
||||||
use rocket::{Outcome, Route};
|
use rocket::{Outcome, Route};
|
||||||
|
@ -21,12 +22,12 @@ pub fn routes() -> Vec<Route> {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/connect/token", data = "<connect_data>")]
|
#[post("/connect/token", data = "<connect_data>")]
|
||||||
fn login(connect_data: Form<ConnectData>, device_type: DeviceType, conn: DbConn) -> JsonResult {
|
fn login(connect_data: Form<ConnectData>, device_type: DeviceType, conn: DbConn, socket: Option<SocketAddr>) -> JsonResult {
|
||||||
let data = connect_data.get();
|
let data = connect_data.get();
|
||||||
|
|
||||||
match data.grant_type {
|
match data.grant_type {
|
||||||
GrantType::RefreshToken => _refresh_login(data, device_type, conn),
|
GrantType::RefreshToken => _refresh_login(data, device_type, conn),
|
||||||
GrantType::Password => _password_login(data, device_type, conn),
|
GrantType::Password => _password_login(data, device_type, conn, socket),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,7 +58,13 @@ fn _refresh_login(data: &ConnectData, _device_type: DeviceType, conn: DbConn) ->
|
||||||
})))
|
})))
|
||||||
}
|
}
|
||||||
|
|
||||||
fn _password_login(data: &ConnectData, device_type: DeviceType, conn: DbConn) -> JsonResult {
|
fn _password_login(data: &ConnectData, device_type: DeviceType, conn: DbConn, remote: Option<SocketAddr>) -> JsonResult {
|
||||||
|
// Get the ip for error reporting
|
||||||
|
let ip = match remote {
|
||||||
|
Some(ip) => ip.ip(),
|
||||||
|
None => IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
|
||||||
|
};
|
||||||
|
|
||||||
// Validate scope
|
// Validate scope
|
||||||
let scope = data.get("scope");
|
let scope = data.get("scope");
|
||||||
if scope != "api offline_access" {
|
if scope != "api offline_access" {
|
||||||
|
@ -68,13 +75,19 @@ fn _password_login(data: &ConnectData, device_type: DeviceType, conn: DbConn) ->
|
||||||
let username = data.get("username");
|
let username = data.get("username");
|
||||||
let user = match User::find_by_mail(username, &conn) {
|
let user = match User::find_by_mail(username, &conn) {
|
||||||
Some(user) => user,
|
Some(user) => user,
|
||||||
None => err!("Username or password is incorrect. Try again."),
|
None => err!(format!(
|
||||||
|
"Username or password is incorrect. Try again. IP: {}. Username: {}.",
|
||||||
|
ip, username
|
||||||
|
)),
|
||||||
};
|
};
|
||||||
|
|
||||||
// Check password
|
// Check password
|
||||||
let password = data.get("password");
|
let password = data.get("password");
|
||||||
if !user.check_valid_password(password) {
|
if !user.check_valid_password(password) {
|
||||||
err!("Username or password is incorrect. Try again.")
|
err!(format!(
|
||||||
|
"Username or password is incorrect. Try again. IP: {}. Username: {}.",
|
||||||
|
ip, username
|
||||||
|
))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Let's only use the header and ignore the 'devicetype' parameter
|
// Let's only use the header and ignore the 'devicetype' parameter
|
||||||
|
|
Laden …
In neuem Issue referenzieren