Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/NGINXController.php
Show First 20 Lines • Show All 65 Lines • ▼ Show 20 Lines | public function authenticate(Request $request) | ||||
} | } | ||||
$result = Hash::check($password, $user->password); | $result = Hash::check($password, $user->password); | ||||
$clientIP = $request->headers->get('Client-Ip', null); | $clientIP = $request->headers->get('Client-Ip', null); | ||||
if (!$result) { | if (!$result) { | ||||
$attempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP); | $attempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP); | ||||
// Avoid setting a passowrd failure reason if previously accepted the location. | |||||
if (!$attempt->isAccepted()) { | if (!$attempt->isAccepted()) { | ||||
$attempt->reason = \App\AuthAttempt::REASON_PASSWORD; | $attempt->reason = \App\AuthAttempt::REASON_PASSWORD; | ||||
$attempt->save(); | $attempt->save(); | ||||
$attempt->notify(); | $attempt->notify(); | ||||
} | } | ||||
\Log::info("Failed authentication attempt due to password mismatch for user: {$login}"); | \Log::info("Failed authentication attempt due to password mismatch for user: {$login}"); | ||||
return $this->byebye($request, "Password mismatch"); | return $this->byebye($request, "Password mismatch"); | ||||
} | } | ||||
// validate country of origin against restrictions, otherwise bye bye | // validate country of origin against restrictions, otherwise bye bye | ||||
/* $countryCodes = json_decode($user->getSetting('limit_geo', "[]")); */ | $countryCodes = json_decode($user->getSetting('limit_geo', "[]")); | ||||
/* \Log::debug("Countries for {$user->email}: " . var_export($countryCodes, true)); */ | \Log::debug("Countries for {$user->email}: " . var_export($countryCodes, true)); | ||||
/* // TODO: Consider "new geographical area notification". */ | if (!empty($countryCodes)) { | ||||
$country = \App\Utils::countryForIP($clientIP); | |||||
/* if (!empty($countryCodes)) { */ | if (!in_array($country, $countryCodes)) { | ||||
/* // fake the country is NL, and the limitation is CH */ | \Log::info( | ||||
/* if ($clientIP == '127.0.0.1' && $login == "piet@kolab.org") { */ | "Failed authentication attempt due to country code mismatch ({$country}) for user: {$login}" | ||||
/* $country = "NL"; */ | ); | ||||
/* } else { */ | $attempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP); | ||||
/* // TODO: GeoIP reliance */ | $attempt->deny(); | ||||
/* $country = "CH"; */ | $attempt->reason = \App\AuthAttempt::REASON_GEOLOCATION; | ||||
/* } */ | $attempt->save(); | ||||
$attempt->notify(); | |||||
/* if (!in_array($country, $countryCodes)) { */ | return $this->byebye($request, "Country code mismatch"); | ||||
/* // TODO: Log, notify user. */ | } | ||||
/* return $this->byebye($request, "Country code mismatch"); */ | } | ||||
/* } */ | |||||
/* } */ | |||||
// TODO: Apply some sort of limit for Auth-Login-Attempt -- docs say it is the number of | // TODO: Apply some sort of limit for Auth-Login-Attempt -- docs say it is the number of | ||||
// attempts over the same authAttempt. | // attempts over the same authAttempt. | ||||
// Check 2fa | // Check 2fa | ||||
if ($user->getSetting('2fa_enabled', false)) { | if ($user->getSetting('2fa_enabled', false)) { | ||||
$authAttempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP); | $authAttempt = \App\AuthAttempt::recordAuthAttempt($user, $clientIP); | ||||
if (!$authAttempt->waitFor2FA()) { | if (!$authAttempt->waitFor2FA()) { | ||||
▲ Show 20 Lines • Show All 101 Lines • Show Last 20 Lines |