Skip to content

Commit

Permalink
Raise an event on failed login attempt
Browse files Browse the repository at this point in the history 
https://bugzilla.redhat.com/show_bug.cgi?id=1318353
  • Loading branch information
@Fryguy
Fryguy committed Jun 1, 2018
1 parent c174d0b commit 5472810
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 9 deletions.
25 changes: 17 additions & 8 deletions app/models/authenticator/base.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ def authenticate(username, password, request = nil, options = {})

authenticated = options[:authorize_only] || _authenticate(username, password, request)
if authenticated
AuditEvent.success(audit.merge(:message => "User #{username} successfully validated by #{self.class.proper_name}"))
audit_success(audit.merge(:message => "User #{username} successfully validated by #{self.class.proper_name}"))

if authorize?
user_or_taskid = authorize_queue(username, request, options)
Expand All @@ -66,17 +66,17 @@ def authenticate(username, password, request = nil, options = {})
user_or_taskid ||= autocreate_user(username)

unless user_or_taskid
AuditEvent.failure(audit.merge(:message => "User #{username} authenticated but not defined in EVM"))
audit_failure(audit.merge(:message => "User #{username} authenticated but not defined in EVM"))
raise MiqException::MiqEVMLoginError,
_("User authenticated but not defined in EVM, please contact your EVM administrator")
end
end

AuditEvent.success(audit.merge(:message => "Authentication successful for user #{username}"))
audit_success(audit.merge(:message => "Authentication successful for user #{username}"))
else
reason = failure_reason(username, request)
reason = ": #{reason}" unless reason.blank?
AuditEvent.failure(audit.merge(:message => "Authentication failed for userid #{username}#{reason}"))
audit_failure(audit.merge(:message => "Authentication failed for userid #{username}#{reason}"))
raise MiqException::MiqEVMLoginError, fail_message
end

Expand Down Expand Up @@ -115,7 +115,7 @@ def authorize(taskid, username, *args)
unless identity
msg = "Authentication failed for userid #{username}, unable to find user object in #{self.class.proper_name}"
_log.warn(msg)
AuditEvent.failure(audit.merge(:message => msg))
audit_failure(audit.merge(:message => msg))
task.error(msg)
task.state_finished
return nil
Expand All @@ -128,8 +128,8 @@ def authorize(taskid, username, *args)

if matching_groups.empty?
msg = "Authentication failed for userid #{user.userid}, unable to match user's group membership to an EVM role"
AuditEvent.failure(audit.merge(:message => msg))
_log.warn(msg)
audit_failure(audit.merge(:message => msg))
task.error(msg)
task.state_finished
user.save! unless user.new_record?
Expand All @@ -145,7 +145,7 @@ def authorize(taskid, username, *args)

user
rescue Exception => err
AuditEvent.failure(audit.merge(:message => err.message))
audit_failure(audit.merge(:message => err.message))
raise
end
end
Expand All @@ -166,7 +166,7 @@ def authenticate_with_http_basic(username, password, request = nil, options = {}
result = user && authenticate(username, password, request, options)
rescue MiqException::MiqEVMLoginError
end
AuditEvent.failure(:userid => username, :message => "Authentication failed for user #{username}") if result.nil?
audit_failure(:userid => username, :message => "Authentication failed for user #{username}") if result.nil?
[!!result, username]
end

Expand Down Expand Up @@ -287,5 +287,14 @@ def autocreate_user(_username)
def normalize_username(username)
username.downcase
end

private def audit_success(options)
AuditEvent.success(options)
end

private def audit_failure(options)
AuditEvent.failure(options)
MiqEvent.raise_evm_event_queue(MiqServer.my_server, "login_failed", options)
end
end
end
3 changes: 2 additions & 1 deletion db/fixtures/miq_event_definition_sets.csv
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name,description
authentication,Authentication Validation
evm_operations,Appliance Operation
ems_operations,Provider Operation
host_operations,Host Operation
Expand All @@ -10,6 +11,6 @@ vm_process,VM Lifecycle
service_process,Service Lifecycle
orchestration_process,Orchestration Lifecycle
storage_operational,Datastore Operation
auth_validation,Authentication Validation
auth_validation,Authentication Validation (Provider)
container_operations,Container Operation
physical_server_operations,Physical Server Operation
5 changes: 5 additions & 0 deletions db/fixtures/miq_event_definitions.csv
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
name,description,event_type,set_type
#
# Authentication
#
login_failed,Login failed,Default,authentication

#
# EVM Server operations
#
Expand Down

0 comments on commit 5472810

Please sign in to comment.