vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit b82710eecfd660996a7c75210a86125c7114af45
parent 8d1ee859f28563b72fd57011eef230de5834d314
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sun, 26 Aug 2018 17:43:50 +0200

Merge pull request #152 from Baelyk/master

Add ip and username to failed login attempts
Diffstat:
Msrc/api/identity.rs | 23++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/api/identity.rs b/src/api/identity.rs @@ -1,4 +1,5 @@ use std::collections::HashMap; +use std::net::{IpAddr, Ipv4Addr, SocketAddr}; use rocket::request::{self, Form, FormItems, FromForm, FromRequest, Request}; use rocket::{Outcome, Route}; @@ -21,12 +22,12 @@ pub fn routes() -> Vec<Route> { } #[post("/connect/token", data = "<connect_data>")] -fn login(connect_data: Form<ConnectData>, device_type: DeviceType, conn: DbConn) -> JsonResult { +fn login(connect_data: Form<ConnectData>, device_type: DeviceType, conn: DbConn, socket: Option<SocketAddr>) -> JsonResult { let data = connect_data.get(); match data.grant_type { GrantType::RefreshToken => _refresh_login(data, device_type, conn), - GrantType::Password => _password_login(data, device_type, conn), + GrantType::Password => _password_login(data, device_type, conn, socket), } } @@ -57,7 +58,13 @@ fn _refresh_login(data: &ConnectData, _device_type: DeviceType, conn: DbConn) -> }))) } -fn _password_login(data: &ConnectData, device_type: DeviceType, conn: DbConn) -> JsonResult { +fn _password_login(data: &ConnectData, device_type: DeviceType, conn: DbConn, remote: Option<SocketAddr>) -> JsonResult { + // Get the ip for error reporting + let ip = match remote { + Some(ip) => ip.ip(), + None => IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), + }; + // Validate scope let scope = data.get("scope"); if scope != "api offline_access" { @@ -68,13 +75,19 @@ fn _password_login(data: &ConnectData, device_type: DeviceType, conn: DbConn) -> let username = data.get("username"); let user = match User::find_by_mail(username, &conn) { Some(user) => user, - None => err!("Username or password is incorrect. Try again."), + None => err!(format!( + "Username or password is incorrect. Try again. IP: {}. Username: {}.", + ip, username + )), }; // Check password let password = data.get("password"); if !user.check_valid_password(password) { - err!("Username or password is incorrect. Try again.") + err!(format!( + "Username or password is incorrect. Try again. IP: {}. Username: {}.", + ip, username + )) } // Let's only use the header and ignore the 'devicetype' parameter