1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
<?php
namespace Kanboard\Subscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Kanboard\Core\Security\AuthenticationManager;
use Kanboard\Core\Session\SessionManager;
use Kanboard\Event\AuthSuccessEvent;
use Kanboard\Event\AuthFailureEvent;
/**
* Authentication Subscriber
*
* @package subscriber
* @author Frederic Guillot
*/
class AuthSubscriber extends BaseSubscriber implements EventSubscriberInterface
{
/**
* Get event listeners
*
* @static
* @access public
* @return array
*/
public static function getSubscribedEvents()
{
return array(
AuthenticationManager::EVENT_SUCCESS => 'afterLogin',
AuthenticationManager::EVENT_FAILURE => 'onLoginFailure',
SessionManager::EVENT_DESTROY => 'afterLogout',
);
}
/**
* After Login callback
*
* @access public
* @param AuthSuccessEvent $event
*/
public function afterLogin(AuthSuccessEvent $event)
{
$this->logger->debug('Subscriber executed: '.__METHOD__);
$userAgent = $this->request->getUserAgent();
$ipAddress = $this->request->getIpAddress();
$this->userLocking->resetFailedLogin($this->userSession->getUsername());
$this->lastLogin->create(
$event->getAuthType(),
$this->userSession->getId(),
$ipAddress,
$userAgent
);
if ($event->getAuthType() === 'RememberMe') {
$this->userSession->validatePostAuthentication();
}
if (isset($this->sessionStorage->hasRememberMe) && $this->sessionStorage->hasRememberMe) {
$session = $this->rememberMeSession->create($this->userSession->getId(), $ipAddress, $userAgent);
$this->rememberMeCookie->write($session['token'], $session['sequence'], $session['expiration']);
}
}
/**
* Destroy RememberMe session on logout
*
* @access public
*/
public function afterLogout()
{
$this->logger->debug('Subscriber executed: '.__METHOD__);
$credentials = $this->rememberMeCookie->read();
if ($credentials !== false) {
$session = $this->rememberMeSession->find($credentials['token'], $credentials['sequence']);
if (! empty($session)) {
$this->rememberMeSession->remove($session['id']);
}
$this->rememberMeCookie->remove();
}
}
/**
* Increment failed login counter
*
* @access public
*/
public function onLoginFailure(AuthFailureEvent $event)
{
$this->logger->debug('Subscriber executed: '.__METHOD__);
$username = $event->getUsername();
if (! empty($username)) {
$this->userLocking->incrementFailedLogin($username);
if ($this->userLocking->getFailedLogin($username) > BRUTEFORCE_LOCKDOWN) {
$this->userLocking->lock($username, BRUTEFORCE_LOCKDOWN_DURATION);
}
}
}
}
|