Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add logging for blocked user accounts #244

Open
mzed2k opened this issue Jul 27, 2021 · 1 comment
Open

Add logging for blocked user accounts #244

mzed2k opened this issue Jul 27, 2021 · 1 comment
Labels
1. to develop enhancement good first issue

Comments

@mzed2k
Copy link

mzed2k commented Jul 27, 2021

Steps to reproduce

  1. Set "login attempts before the user account is blocked" to 5
  2. Try to login using wrong password 5x
  3. User account gets disabled

Expected behaviour

If user account gets disabled report it in the nextcloud.log to make it clear who disabled the user.
As an add on a admin notification would be super.

Actual behaviour

Incidence not reported in nextcloud.log, no notification.

Server configuration detail

Operating system: Linux 3.10.0-1127.18.2.el7.x86_64 #1 SMP Sun Jul 26 15:27:06 UTC 2020 x86_64

Webserver: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.24 (apache2handler)

Database: mysql 10.3.13

PHP version:

7.2.24
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, bcmath, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, intl, json, ldap, exif, mysqlnd, PDO, Phar, posix, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlwriter, xsl, zip, mysqli, pdo_mysql, pdo_sqlite, wddx, xmlreader, apcu, imagick, Zend OPcache

Nextcloud version: 19.0.13 - 19.0.13.1

Updated from an older Nextcloud/ownCloud or fresh install: updated

Where did you install Nextcloud from: github

Signing status

Array
(
)

List of activated apps 
Enabled:
 - activity: 2.12.1
 - checksum: 0.4.5
 - cloud_federation_api: 1.2.0
 - comments: 1.9.0
 - customproperties: 1.0.1
 - data_request: 1.6.0
 - dav: 1.15.0
 - extract: 1.3.2
 - federatedfilesharing: 1.9.0
 - files: 1.14.0
 - files_accesscontrol: 1.9.3
 - files_automatedtagging: 1.9.1
 - files_downloadactivity: 1.8.0
 - files_pdfviewer: 1.8.0
 - files_retention: 1.8.2
 - files_rightclick: 0.16.0
 - files_sharing: 1.11.0
 - files_videoplayer: 1.8.0
 - flowupload: 1.1.2
 - guests: 1.6.3
 - impersonate: 1.6.1
 - issuetemplate: 0.7.0
 - logreader: 2.4.0
 - lookup_server_connector: 1.7.0
 - metadata: 0.14.0
 - music: 1.2.1
 - notifications: 2.7.0
 - oauth2: 1.7.0
 - password_policy: 1.9.1
 - privacy: 1.3.0
 - provisioning_api: 1.9.0
 - quota_warning: 1.8.0
 - ransomware_protection: 1.7.1
 - serverinfo: 1.9.0
 - settings: 1.1.0
 - systemtags: 1.9.0
 - terms_of_service: 1.5.2
 - text: 3.0.1
 - theming: 1.10.0
 - twofactor_backupcodes: 1.8.0
 - updatenotification: 1.9.0
 - viewer: 1.3.0
 - workflow_script: 1.4.1
 - workflowengine: 2.1.0
Disabled:
 - accessibility
 - admin_audit
 - contactsinteraction
 - encryption
 - federation
 - files_antivirus
 - files_external
 - files_trackdownloads
 - files_trashbin
 - files_versions
 - firstrunwizard
 - nextcloud_announcements
 - photos
 - recommendations
 - sharebymail
 - support
 - survey_client
 - user_ldap
Configuration (config/config.php) 
{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "transfer.***REMOVED SENSITIVE VALUE***"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "19.0.13.1",
    "overwrite.cli.url": "http:\/\/transfer.br.de",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "mail_smtpmode": "smtp",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "maintenance": false,
    "theme": "",
    "loglevel": 2,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "25"
}

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36

Operating system: Windows 10
@joshtrichards
Copy link
Member

If someone wishes to attempt to add this, it should probably go here:

password_policy/lib/FailedLoginCompliance.php

Lines 74 to 78 in 5d00442

if ($attempts >= $allowedAttempts) {
$this->setAttempts($uid, 0);
$user->setEnabled(false);
return;
}

https://docs.nextcloud.com/server/latest/developer_manual/basics/logging.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop enhancement good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshtrichards @mzed2k