johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 08:44:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

WebDAV: Log successful authentication attempts via auth token #808 #3943

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2024-04-17 07:29:44 +02:00
parent 26d1a9b2b3
commit b08b06c2fe
4 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@@ -71,7 +71,7 @@ require (
golang.org/x/time v0.5.0
)
require github.com/go-ldap/ldap/v3 v3.4.7
require github.com/go-ldap/ldap/v3 v3.4.8
require (
github.com/prometheus/client_golang v1.19.0

4
go.sum
View File

@@ -136,8 +136,8 @@ github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8b
github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-ldap/ldap/v3 v3.4.7 h1:3Hbd7mIB1qjd3Ra59fI3JYea/t5kykFu2CVHBca9koE=
github.com/go-ldap/ldap/v3 v3.4.7/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk=
github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ=
github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=

8
internal/server/webdav_auth.go
View File

@@ -125,8 +125,8 @@ func WebDAVAuth(conf *config.Config) gin.HandlerFunc {
return
} else if username != "" && !strings.EqualFold(clean.Username(username), user.Username()) {
limiter.Auth.Reserve(clientIp)
// Log warning if WebDAV is disabled for this account.
message := authn.ErrBasicAuthDoesNotMatch.Error()
// Log warning if auth token username and specified username do not match.
message := authn.ErrUsernameDoesNotMatch.Error()
event.AuditWarn([]string{clientIp, "webdav", "client %s", "session %s", "access as %s", message}, clean.Log(sess.ClientInfo()), sess.RefID, clean.LogQuote(user.Username()))
WebDAVAbortUnauthorized(c)
return
@@ -140,6 +140,10 @@ func WebDAVAuth(conf *config.Config) gin.HandlerFunc {
// Update session activity.
sess.UpdateLastActive(true)
// Log successful authentication.
event.AuditInfo([]string{clientIp, "webdav", "client %s", "session %s", "access as %s", authn.Succeeded}, clean.LogQuote(username))
event.LoginInfo(clientIp, "webdav", username, api.UserAgent(c))
// Cache authentication to improve performance.
webdavAuthCache.SetDefault(sid, user)

2
pkg/authn/errors.go
View File

@@ -40,6 +40,7 @@ var (
var (
ErrUsernameRequired = errors.New("username required")
ErrInvalidUsername = errors.New("invalid username")
ErrUsernameDoesNotMatch = errors.New("specified username does not match")
)
// Passcode-related error messages:
@@ -74,5 +75,4 @@ var (
var (
ErrWebDAVAccessDisabled = errors.New("webdav access is disabled")
ErrFailedToCreateUploadPath = errors.New("failed to create upload path")
ErrBasicAuthDoesNotMatch = errors.New("basic auth username does not match")
)