ref: refs/heads/master
commit f5d99fc2558d284b10f286dd93b943743157b76c
Author: Josef Reidinger
Date: Mon Nov 2 16:53:09 2009 +0100
log each login which failed
---
webservice/app/controllers/sessions_controller.rb | 1 +
webservice/package/yast2-webservice.changes | 5 +++++
2 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/webservice/app/controllers/sessions_controller.rb b/webservice/app/controllers/sessions_controller.rb
index d88f3e0..9b16cd9 100644
--- a/webservice/app/controllers/sessions_controller.rb
+++ b/webservice/app/controllers/sessions_controller.rb
@@ -46,6 +46,7 @@ class SessionsController < ApplicationController
@cmd_ret["login"] = "granted"
@cmd_ret["auth_token"] = { :value => self.current_account.remember_token , :expires => self.current_account.remember_token_expires_at }
else
+ logger.warn "Login failed from ip #{request.remote_ip} with user #{params[:login] ||""}"
@cmd_ret["login"] = "denied"
BruteForceProtection.instance.fail_attempt
end
diff --git a/webservice/package/yast2-webservice.changes b/webservice/package/yast2-webservice.changes
index 386731c..5fa067f 100644
--- a/webservice/package/yast2-webservice.changes
+++ b/webservice/package/yast2-webservice.changes
@@ -1,4 +1,9 @@
-------------------------------------------------------------------
+Mon Nov 2 16:52:08 CET 2009 - jreidinger@suse.cz
+
+- log all failed login (user and its ip) (bnc#550377)
+
+-------------------------------------------------------------------
Mon Nov 2 16:12:32 CET 2009 - jreidinger@suse.cz
- add brute force attack protection (bnc#550377)
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org