github/supysonic
1
0
Fork 0
mirror of https://github.com/spl0k/supysonic.git synced 2024-12-22 08:56:17 +00:00
Code Issues Releases Wiki Activity

Log failed login attempts

Browse Source 
Closes #257
This commit is contained in:
Alban Féron 2023-07-14 12:17:06 +02:00
parent 4bc80bfce5
commit a14a7da11d
No known key found for this signature in database
GPG Key ID: 8CE0313646D16165
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
supysonic/api/__init__.py
View File

@ -1,13 +1,14 @@
# This file is part of Supysonic. # This file is part of Supysonic.
# Supysonic is a Python implementation of the Subsonic server API. # Supysonic is a Python implementation of the Subsonic server API.
# #
# Copyright (C) 2013-2022 Alban 'spl0k' Féron # Copyright (C) 2013-2023 Alban 'spl0k' Féron
# #
# Distributed under terms of the GNU AGPLv3 license. # Distributed under terms of the GNU AGPLv3 license.
API_VERSION = "1.12.0" API_VERSION = "1.12.0"
import binascii import binascii
import logging
import uuid import uuid
from flask import request from flask import request
from flask import Blueprint from flask import Blueprint
@ -20,6 +21,7 @@ from .exceptions import GenericError, Unauthorized, NotFound
from .formatters import JSONFormatter, JSONPFormatter, XMLFormatter from .formatters import JSONFormatter, JSONPFormatter, XMLFormatter
api = Blueprint("api", __name__) api = Blueprint("api", __name__)
logger = logging.getLogger(__name__)
def api_routing(endpoint): def api_routing(endpoint):
@ -57,12 +59,15 @@ def decode_password(password):
@api.before_request @api.before_request
def authorize(): def authorize():
if request.authorization: if request.authorization:
user = UserManager.try_auth( username = request.authorization.username
request.authorization.username, request.authorization.password user = UserManager.try_auth(username, request.authorization.password)
)
if user is not None: if user is not None:
request.user = user request.user = user
return return
logger.error(
"Failed login attempt for user %s (IP: %s)", username, request.remote_addr
)
raise Unauthorized() raise Unauthorized()
username = request.values["u"] username = request.values["u"]
@ -71,6 +76,9 @@ def authorize():
user = UserManager.try_auth(username, password) user = UserManager.try_auth(username, password)
if user is None: if user is None:
logger.error(
"Failed login attempt for user %s (IP: %s)", username, request.remote_addr
)
raise Unauthorized() raise Unauthorized()
request.user = user request.user = user

6
supysonic/frontend/user.py
View File

@ -1,7 +1,7 @@
# This file is part of Supysonic. # This file is part of Supysonic.
# Supysonic is a Python implementation of the Subsonic server API. # Supysonic is a Python implementation of the Subsonic server API.
# #
# Copyright (C) 2013-2022 Alban 'spl0k' Féron # Copyright (C) 2013-2023 Alban 'spl0k' Féron
# #
# Distributed under terms of the GNU AGPLv3 license. # Distributed under terms of the GNU AGPLv3 license.
@ -319,10 +319,14 @@ def login():
if not error: if not error:
user = UserManager.try_auth(name, password) user = UserManager.try_auth(name, password)
if user: if user:
logger.info("Logged user %s (IP: %s)", name, request.remote_addr)
session["userid"] = str(user.id) session["userid"] = str(user.id)
flash("Logged in!") flash("Logged in!")
return redirect(return_url) return redirect(return_url)
else: else:
logger.error(
"Failed login attempt for user %s (IP: %s)", name, request.remote_addr
)
flash("Wrong username or password") flash("Wrong username or password")
return render_template("login.html") return render_template("login.html")