mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-22 17:02:03 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'wip-mdl-40911' of https://github.com/rajeshtaneja/moodle

Browse Source
This commit is contained in:
Sam Hemelryk 2014-02-04 09:53:16 +13:00
commit 7c8c6aa76b
4 changed files with 230 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lang/en/auth.php
View File

@ -83,6 +83,7 @@ $string['errorminpasswordupper'] = 'Passwords must have at least {$a} upper case
$string['errorpasswordupdate'] = 'Error updating password, password not changed';
$string['event_user_loggedin'] = 'User has logged in';
$string['eventuserloggedinas'] = 'User logged in as another user';
$string['eventuserloginfailed'] = 'User login failed';
$string['forcechangepassword'] = 'Force change password';
$string['forcechangepasswordfirst_help'] = 'Force users to change password on their first login to Moodle.';
$string['forcechangepassword_help'] = 'Force users to change password on their next login to Moodle.';

109
lib/classes/event/user_login_failed.php Normal file
View File

@ -0,0 +1,109 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* User login failed event.
*
* @package core
* @copyright 2014 Rajesh Taneja <rajesh@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace core\event;
defined('MOODLE_INTERNAL') || die();
/**
* User login failed event class.
*
* @property-read array $other {
* Extra information about event.
*
* @type string username name of user.
* @type int reason failure reason.
* }
*
* @package core
* @copyright 2014 Rajesh Taneja <rajesh@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class user_login_failed extends \core\event\base {
/**
* Init method.
*
* @return void
*/
protected function init() {
$this->context = \context_system::instance();
$this->data['crud'] = 'r';
$this->data['edulevel'] = self::LEVEL_OTHER;
}
/**
* Return localised event name.
*
* @return string
*/
public static function get_name() {
return get_string('eventuserloginfailed', 'auth');
}
/**
* Returns non-localised event description with id's for admin use only.
*
* @return string
*/
public function get_description() {
return 'Login failed for user "' . $this->other['username'] . '" for reason id: ' . $this->other['reason'];
}
/**
* Get URL related to the action.
*
* @return \moodle_url
*/
public function get_url() {
if (isset($this->data['userid'])) {
return new \moodle_url('/user/profile.php', array('id' => $this->data['userid']));
} else {
return null;
}
}
/**
* Return legacy data for add_to_log().
*
* @return array
*/
protected function get_legacy_logdata() {
return array(SITEID, 'login', 'error', 'index.php', $this->other['username']);
}
/**
* Custom validation.
*
* @throws \coding_exception when validation does not pass.
* @return void
*/
protected function validate_data() {
if (!isset($this->other['reason'])) {
throw new \coding_exception("other['reason'] has to be specified.");
} else if (!isset($this->other['username'])) {
throw new \coding_exception("other['username'] has to be specified.");
}
}
}

62
lib/moodlelib.php
View File

@ -4338,16 +4338,24 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
// Use manual if auth not set.
$auth = empty($user->auth) ? 'manual' : $user->auth;
if (!empty($user->suspended)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Suspended Login: $username ".$_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_SUSPENDED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id,
'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Suspended Login: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
if ($auth=='nologin' or !is_enabled_auth($auth)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Disabled Login: $username ".$_SERVER['HTTP_USER_AGENT']);
// Legacy way to suspend user.
$failurereason = AUTH_LOGIN_SUSPENDED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id,
'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Disabled Login: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
$auths = array($auth);
@ -4355,16 +4363,27 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
} else {
// Check if there's a deleted record (cheaply), this should not happen because we mangle usernames in delete_user().
if ($DB->get_field('user', 'id', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'deleted' => 1))) {
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_NOUSER;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username,
'reason' => $failurereason)));
$event->trigger();
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
// Do not try to authenticate non-existent accounts when user creation is not disabled.
if (!empty($CFG->authpreventaccountcreation)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Unknown user, can not create new accounts: $username ".$_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_NOUSER;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username,
'reason' => $failurereason)));
$event->trigger();
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Unknown user, can not create new accounts: $username ".
$_SERVER['HTTP_USER_AGENT']);
return false;
}
@ -4380,9 +4399,14 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
} else if ($user->id) {
// Verify login lockout after other ways that may prevent user login.
if (login_is_lockedout($user)) {
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Login lockout: $username ".$_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_LOCKOUT;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id,
'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Login lockout: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
} else {
@ -4428,14 +4452,21 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
if (empty($user->id)) {
$failurereason = AUTH_LOGIN_NOUSER;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username,
'reason' => $failurereason)));
$event->trigger();
return false;
}
if (!empty($user->suspended)) {
// Just in case some auth plugin suspended account.
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Suspended Login: $username ".$_SERVER['HTTP_USER_AGENT']);
$failurereason = AUTH_LOGIN_SUSPENDED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id,
'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Suspended Login: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
@ -4445,7 +4476,6 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
}
// Failed if all the plugins have failed.
add_to_log(SITEID, 'login', 'error', 'index.php', $username);
if (debugging('', DEBUG_ALL)) {
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Failed Login: $username ".$_SERVER['HTTP_USER_AGENT']);
}
@ -4453,8 +4483,16 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
if ($user->id) {
login_attempt_failed($user);
$failurereason = AUTH_LOGIN_FAILED;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('userid' => $user->id,
'other' => array('username' => $username, 'reason' => $failurereason)));
$event->trigger();
} else {
$failurereason = AUTH_LOGIN_NOUSER;
// Trigger login failed event.
$event = \core\event\user_login_failed::create(array('other' => array('username' => $username,
'reason' => $failurereason)));
$event->trigger();
}
return false;

71
lib/tests/authlib_test.php
View File

@ -133,35 +133,104 @@ class core_authlib_testcase extends advanced_testcase {
$user1 = $this->getDataGenerator()->create_user(array('username'=>'username1', 'password'=>'password1'));
$user2 = $this->getDataGenerator()->create_user(array('username'=>'username2', 'password'=>'password2', 'suspended'=>1));
$user3 = $this->getDataGenerator()->create_user(array('username'=>'username3', 'password'=>'password3', 'auth'=>'nologin'));
// Capture events.
$sink = $this->redirectEvents();
$result = authenticate_user_login('username1', 'password1');
$events = $sink->get_events();
$sink->close();
// No event is triggred.
$this->assertEmpty($events);
$this->assertInstanceOf('stdClass', $result);
$this->assertEquals($user1->id, $result->id);
$reason = null;
// Capture event.
$sink = $this->redirectEvents();
$result = authenticate_user_login('username1', 'password1', false, $reason);
$events = $sink->get_events();
$sink->close();
// No event is triggred.
$this->assertEmpty($events);
$this->assertInstanceOf('stdClass', $result);
$this->assertEquals(AUTH_LOGIN_OK, $reason);
$reason = null;
// Capture failed login event.
$sink = $this->redirectEvents();
$result = authenticate_user_login('username1', 'nopass', false, $reason);
$events = $sink->get_events();
$sink->close();
$event = array_pop($events);
$this->assertFalse($result);
$this->assertEquals(AUTH_LOGIN_FAILED, $reason);
// Test Event.
$this->assertInstanceOf('\core\event\user_login_failed', $event);
$expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username1');
$this->assertEventLegacyLogData($expectedlogdata, $event);
$eventdata = $event->get_data();
$this->assertSame($eventdata['other']['username'], 'username1');
$this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_FAILED);
$this->assertEventContextNotUsed($event);
$reason = null;
// Capture failed login event.
$sink = $this->redirectEvents();
$result = authenticate_user_login('username2', 'password2', false, $reason);
$events = $sink->get_events();
$sink->close();
$event = array_pop($events);
$this->assertFalse($result);
$this->assertEquals(AUTH_LOGIN_SUSPENDED, $reason);
// Test Event.
$this->assertInstanceOf('\core\event\user_login_failed', $event);
$expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username2');
$this->assertEventLegacyLogData($expectedlogdata, $event);
$eventdata = $event->get_data();
$this->assertSame($eventdata['other']['username'], 'username2');
$this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_SUSPENDED);
$this->assertEventContextNotUsed($event);
$reason = null;
// Capture failed login event.
$sink = $this->redirectEvents();
$result = authenticate_user_login('username3', 'password3', false, $reason);
$events = $sink->get_events();
$sink->close();
$event = array_pop($events);
$this->assertFalse($result);
$this->assertEquals(AUTH_LOGIN_SUSPENDED, $reason);
// Test Event.
$this->assertInstanceOf('\core\event\user_login_failed', $event);
$expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username3');
$this->assertEventLegacyLogData($expectedlogdata, $event);
$eventdata = $event->get_data();
$this->assertSame($eventdata['other']['username'], 'username3');
$this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_SUSPENDED);
$this->assertEventContextNotUsed($event);
$reason = null;
// Capture failed login event.
$sink = $this->redirectEvents();
$result = authenticate_user_login('username4', 'password3', false, $reason);
$events = $sink->get_events();
$sink->close();
$event = array_pop($events);
$this->assertFalse($result);
$this->assertEquals(AUTH_LOGIN_NOUSER, $reason);
// Test Event.
$this->assertInstanceOf('\core\event\user_login_failed', $event);
$expectedlogdata = array(SITEID, 'login', 'error', 'index.php', 'username4');
$this->assertEventLegacyLogData($expectedlogdata, $event);
$eventdata = $event->get_data();
$this->assertSame($eventdata['other']['username'], 'username4');
$this->assertSame($eventdata['other']['reason'], AUTH_LOGIN_NOUSER);
$this->assertEventContextNotUsed($event);
set_config('lockoutthreshold', 3);