Mercurial > prosody-modules
annotate mod_log_auth/mod_log_auth.lua @ 5186:fa3059e653fa
mod_http_oauth2: Implement the Implicit flow
Everyone says this is insecure and bad, but it's also the only thing
that makes sense for e.g. pure JavaScript clients, but hey implement
this even more complicated thing instead!
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 02 Mar 2023 22:06:50 +0100 |
parents | 6d1ec8099315 |
children |
rev | line source |
---|---|
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
1 local mode = module:get_option_string("log_auth_ips", "failure"); |
2695
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
2 assert(({ all = true, failure = true, success = true })[mode], |
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
3 "Unknown log mode: "..tostring(mode).." - valid modes are 'all', 'failure', 'success'"); |
407
41feaf7fd8ac
mod_auth_log: New module (currently) to log failed auth attempts and their IP address, requires trunk
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
5 if mode == "failure" or mode == "all" then |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
6 module:hook("authentication-failure", function (event) |
2695
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
7 local session = event.session; |
2698
88205b77e385
mod_log_auth: Handle missing sasl handler
Kim Alvefur <zash@zash.se>
parents:
2696
diff
changeset
|
8 local username = session.username or session.sasl_handler and session.sasl_handler.username or "?"; |
3941
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
9 session.log("info", "Failed authentication attempt (%s) for user %s@%s from IP: %s", |
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
10 event.condition or "unknown-condition", username, module.host, session.ip or "?"); |
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
11 end); |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
12 end |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
13 |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
14 if mode == "success" or mode == "all" then |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
15 module:hook("authentication-success", function (event) |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
16 local session = event.session; |
3941
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
17 session.log("info", "Successful authentication as %s@%s from IP: %s", session.username, module.host, session.ip or "?"); |
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
18 end); |
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
19 end |