mirror of
https://github.com/morpheus65535/bazarr.git
synced 2025-04-24 22:57:13 -04:00
Improved logging of failed attempt to authenticate to UI. Successful basic authentication attempt cannot be logged right now.
This commit is contained in:
morpheus65535
parent
c11af96950
commit
486d2f9481
3 changed files with 29 additions and 12 deletions
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
import gc
|
import gc
|
||||||
|
|
||||||
from flask import session
|
from flask import session, request
|
||||||
from flask_restx import Resource, Namespace, reqparse
|
from flask_restx import Resource, Namespace, reqparse
|
||||||
|
|
||||||
from app.config import settings
|
from app.config import settings
|
||||||
|
|
@ -22,23 +22,31 @@ class SystemAccount(Resource):
|
||||||
@api_ns_system_account.doc(parser=post_request_parser)
|
@api_ns_system_account.doc(parser=post_request_parser)
|
||||||
@api_ns_system_account.response(204, 'Success')
|
@api_ns_system_account.response(204, 'Success')
|
||||||
@api_ns_system_account.response(400, 'Unknown action')
|
@api_ns_system_account.response(400, 'Unknown action')
|
||||||
@api_ns_system_account.response(404, 'Unknown authentication type define in config.ini')
|
@api_ns_system_account.response(403, 'Authentication failed')
|
||||||
|
@api_ns_system_account.response(406, 'Browser must be closed to invalidate basic authentication')
|
||||||
|
@api_ns_system_account.response(500, 'Unknown authentication type define in config.ini')
|
||||||
def post(self):
|
def post(self):
|
||||||
"""Login or logout from Bazarr UI when using form login"""
|
"""Login or logout from Bazarr UI when using form login"""
|
||||||
args = self.post_request_parser.parse_args()
|
args = self.post_request_parser.parse_args()
|
||||||
if settings.auth.type != 'form':
|
if settings.auth.type != 'form':
|
||||||
return 'Unknown authentication type define in config.ini', 404
|
return 'Unknown authentication type define in config.ini', 500
|
||||||
|
|
||||||
action = args.get('action')
|
action = args.get('action')
|
||||||
if action == 'login':
|
if action == 'login':
|
||||||
username = args.get('username')
|
username = args.get('username')
|
||||||
password = args.get('password')
|
password = args.get('password')
|
||||||
if check_credentials(username, password):
|
if check_credentials(username, password, request):
|
||||||
session['logged_in'] = True
|
session['logged_in'] = True
|
||||||
return '', 204
|
return '', 204
|
||||||
|
else:
|
||||||
|
session['logged_in'] = False
|
||||||
|
return 'Authentication failed', 403
|
||||||
elif action == 'logout':
|
elif action == 'logout':
|
||||||
session.clear()
|
if settings.auth.type == 'basic':
|
||||||
gc.collect()
|
return 'Browser must be closed to invalidate basic authentication', 406
|
||||||
return '', 204
|
else:
|
||||||
|
session.clear()
|
||||||
|
gc.collect()
|
||||||
|
return '', 204
|
||||||
|
|
||||||
return 'Unknown action', 400
|
return 'Unknown action', 400
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,8 @@ def check_login(actual_method):
|
||||||
def wrapper(*args, **kwargs):
|
def wrapper(*args, **kwargs):
|
||||||
if settings.auth.type == 'basic':
|
if settings.auth.type == 'basic':
|
||||||
auth = request.authorization
|
auth = request.authorization
|
||||||
if not (auth and check_credentials(request.authorization.username, request.authorization.password)):
|
if not (auth and
|
||||||
|
check_credentials(request.authorization.username, request.authorization.password, request)):
|
||||||
return ('Unauthorized', 401, {
|
return ('Unauthorized', 401, {
|
||||||
'WWW-Authenticate': 'Basic realm="Login Required"'
|
'WWW-Authenticate': 'Basic realm="Login Required"'
|
||||||
})
|
})
|
||||||
|
|
@ -65,12 +66,13 @@ def catch_all(path):
|
||||||
auth = True
|
auth = True
|
||||||
if settings.auth.type == 'basic':
|
if settings.auth.type == 'basic':
|
||||||
auth = request.authorization
|
auth = request.authorization
|
||||||
if not (auth and check_credentials(request.authorization.username, request.authorization.password)):
|
if not (auth and check_credentials(request.authorization.username, request.authorization.password, request,
|
||||||
|
log_success=False)):
|
||||||
return ('Unauthorized', 401, {
|
return ('Unauthorized', 401, {
|
||||||
'WWW-Authenticate': 'Basic realm="Login Required"'
|
'WWW-Authenticate': 'Basic realm="Login Required"'
|
||||||
})
|
})
|
||||||
elif settings.auth.type == 'form':
|
elif settings.auth.type == 'form':
|
||||||
if 'logged_in' not in session:
|
if 'logged_in' not in session or not session['logged_in']:
|
||||||
auth = False
|
auth = False
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
|
|
@ -10,10 +10,17 @@ from bs4 import UnicodeDammit
|
||||||
from app.config import settings
|
from app.config import settings
|
||||||
|
|
||||||
|
|
||||||
def check_credentials(user, pw):
|
def check_credentials(user, pw, request, log_success=True):
|
||||||
|
ip_addr = request.environ.get('HTTP_X_FORWARDED_FOR', request.remote_addr)
|
||||||
username = settings.auth.username
|
username = settings.auth.username
|
||||||
password = settings.auth.password
|
password = settings.auth.password
|
||||||
return hashlib.md5(pw.encode('utf-8')).hexdigest() == password and user == username
|
if hashlib.md5(pw.encode('utf-8')).hexdigest() == password and user == username:
|
||||||
|
if log_success:
|
||||||
|
logging.info(f'Successful authentication from {ip_addr} for user {user}')
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
logging.info(f'Failed authentication from {ip_addr} for user {user}')
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
def get_subtitle_destination_folder():
|
def get_subtitle_destination_folder():
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue