From bfbe059505f5dba9e43bf86fb8910373aa880228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6ssler?= Date: Tue, 16 Jan 2024 12:24:28 +0100 Subject: [PATCH 1/2] Log IP address on failed login attempts --- src/pages/api/auth/login.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/pages/api/auth/login.ts b/src/pages/api/auth/login.ts index e1007b3c4..6dba9faa0 100644 --- a/src/pages/api/auth/login.ts +++ b/src/pages/api/auth/login.ts @@ -16,8 +16,10 @@ import { import { getUserByUsername } from 'queries'; import * as yup from 'yup'; import { ROLES } from 'lib/constants'; +import { getIpAddress } from 'lib/detect'; const log = debug('umami:auth'); +const logFailed = debug('umami:auth:failed'); export interface LoginRequestBody { username: string; @@ -68,6 +70,7 @@ export default async ( } log('Login failed:', { username, user }); + logFailed(`Login from ip ${getIpAddress(req)} failed.`); return unauthorized(res, 'message.incorrect-username-password'); } From 6bf1aa7f66b7bf0ae193a04d6a0dcf3725f3b5ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6ssler?= Date: Wed, 17 Jan 2024 13:54:06 +0100 Subject: [PATCH 2/2] Modify logging of IP on failed login --- src/pages/api/auth/login.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/pages/api/auth/login.ts b/src/pages/api/auth/login.ts index 6dba9faa0..00cb09d1d 100644 --- a/src/pages/api/auth/login.ts +++ b/src/pages/api/auth/login.ts @@ -19,7 +19,6 @@ import { ROLES } from 'lib/constants'; import { getIpAddress } from 'lib/detect'; const log = debug('umami:auth'); -const logFailed = debug('umami:auth:failed'); export interface LoginRequestBody { username: string; @@ -69,8 +68,7 @@ export default async ( }); } - log('Login failed:', { username, user }); - logFailed(`Login from ip ${getIpAddress(req)} failed.`); + log(`Login from ip ${getIpAddress(req)} with username "${username.replace(/["\r\n]/g, '')}" failed.`); return unauthorized(res, 'message.incorrect-username-password'); }