Use a listener to catch auth failure

2025-07-22 17:18:37 +00:00 · 2017-06-09 09:45:43 +02:00 · 2017-06-09 09:45:43 +02:00 · f81a34e379
commit f81a34e379
parent fa1c9d7cc7
5 changed files with 111 additions and 68 deletions
--- a/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
+++ b/src/Wallabag/UserBundle/EventListener/AuthenticationFailureListener.php
@ -0,0 +1,40 @@
+<?php
+
+namespace Wallabag\UserBundle\EventListener;
+
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\AuthenticationEvents;
+
+class AuthenticationFailureListener implements EventSubscriberInterface
+{
+    private $requestStack;
+    private $logger;
+
+    public function __construct(RequestStack $requestStack, LoggerInterface $logger)
+    {
+        $this->requestStack = $requestStack;
+        $this->logger = $logger;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return [
+            AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthenticationFailure',
+        ];
+    }
+
+    /**
+     * On failure, add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
+     */
+    public function onAuthenticationFailure()
+    {
+        $request = $this->requestStack->getMasterRequest();
+
+        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
+    }
+}
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@ -36,10 +36,10 @@ services:
        tags:
            - { name: kernel.event_subscriber }

-    wallabag_user.security.custom_auth_failure_handler:
-        class: Wallabag\UserBundle\Security\CustomAuthenticationFailureHandler
+    wallabag_user.listener.authentication_failure_event_listener:
+        class: Wallabag\UserBundle\EventListener\AuthenticationFailureListener
        arguments:
-            - "@http_kernel"
-            - "@security.http_utils"
-            - {  }
+            - "@request_stack"
            - "@logger"
+        tags:
+            - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure }
--- a/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php
+++ b/src/Wallabag/UserBundle/Security/CustomAuthenticationFailureHandler.php
@ -1,62 +0,0 @@
-<?php
-
-namespace Wallabag\UserBundle\Security;
-
-use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Http\ParameterBagUtils;
-use Symfony\Component\HttpKernel\HttpKernelInterface;
-use Symfony\Component\Security\Core\Security;
-
-/**
- * This is a custom authentication failure.
- * It only aims to add a custom error in log so server admin can configure fail2ban to block IP from people who try to login too much.
- *
- * This only changing thing is the logError() addition
- */
-class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
-    {
-        if ($failureUrl = ParameterBagUtils::getRequestParameterValue($request, $this->options['failure_path_parameter'])) {
-            $this->options['failure_path'] = $failureUrl;
-        }
-
-        if (null === $this->options['failure_path']) {
-            $this->options['failure_path'] = $this->options['login_path'];
-        }
-
-        if ($this->options['failure_forward']) {
-            $this->logger->debug('Authentication failure, forward triggered.', ['failure_path' => $this->options['failure_path']]);
-
-            $this->logError($request);
-
-            $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
-            $subRequest->attributes->set(Security::AUTHENTICATION_ERROR, $exception);
-
-            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
-        }
-
-        $this->logger->debug('Authentication failure, redirect triggered.', ['failure_path' => $this->options['failure_path']]);
-
-        $this->logError($request);
-
-        $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
-
-        return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
-    }
-
-    /**
-     * Log error information about fialure.
-     *
-     * @param Request $request
-     */
-    private function logError(Request $request)
-    {
-        $this->logger->error('Authentication failure for user "'.$request->request->get('_username').'", from IP "'.$request->getClientIp().'", with UA: "'.$request->server->get('HTTP_USER_AGENT').'".');
-    }
-}