From 8a049803665d3e600f19ae70158c53132ec5a505 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Fri, 25 Oct 2019 09:55:32 +0000 Subject: [PATCH] Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize --- C4/Auth.pm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 067c576950..e00d6216da 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -45,6 +45,7 @@ use List::MoreUtils qw/ any /; use Encode qw( encode is_utf8); use C4::Auth_with_shibboleth; use Net::CIDR; +use C4::Log qw/logaction/; # use utf8; use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout); @@ -1862,6 +1863,14 @@ sub checkpw { $patron->update({ login_attempts => $patron->login_attempts + 1 }); } } + + # Optionally log success or failure + if( $patron && $passwd_ok && C4::Context->preference('AuthSuccessLog') ) { + logaction( 'AUTH', 'SUCCESS', $patron->id, "Valid password for $userid", $type ); + } elsif( !$passwd_ok && C4::Context->preference('AuthFailureLog') ) { + logaction( 'AUTH', 'FAILURE', 0, "Wrong password for $userid", $type ); + } + return @return; } -- 2.39.5