制定日志身份验证失败后 [英] Devise log after auth failure

问题描述

我要当有人failes登录到我的应用程序写入日志（追踪暴力破解尝试）。此外，我决定记录成功的身份验证。
所以，我创建了一个 SessionsController＆LT;设计:: SessionsController 并试图覆盖会话＃创建这样的方法： https://gist.github.com/3884693

I need to write a log when somebody failes to log in to my app (to track bruteforce attempts). Also I decided to log successful authentications. So I created a SessionsController < Devise::SessionsController and tried to override the sessions#create method like that: https://gist.github.com/3884693

第一部分作品完美，但是当AUTH failes轨抛出某种异常，并且永远不会到达if语句。所以我不知道该怎么办。

The first part works perfectly, but when the auth failes rails throws some kind of an exception and never reaches the if statement. So I don't know what to do.

推荐答案

这个答案到previous SO问题 - 设计：在尝试有了答案注册日志。

This answer to a previous SO question - Devise: Registering log in attempts has the answer.

在色器件控制器调用的创建操作warden.authenticate！它试图在用户与提供PARAMS验证。如果验证失败，那么验证！将调用失败色器件的应用程序，然后运行SessionsController＃新动作。请注意，您有创建行动，如果验证失败，将无法运行。任何​​过滤器

The create action in the devise controller calls warden.authenticate!, which attempts to authenticate the user with the supplied params. If authentication fails then authenticate! will call the devise failure app, which then runs the SessionsController#new action. Note, any filters you have for the create action will not run if authentication fails.

所以，解决的办法是新的动作，它检查ENV内容[warden.options]，并采取适当的行动后添加一个过滤器。

So the solution is to add a filter after the new action which checks the contents of env["warden.options"] and takes the appropriate action.

我尝试了建议，并能够同时记录成功和放大器;失败的登录尝试。下面是相关的控制器code：

I tried out the suggestion, and was able to log both the successful & failed login attempts. Here is the relevant controller code:

class SessionsController < Devise::SessionsController
  after_filter :log_failed_login, :only => :new

  def create
    super
    ::Rails.logger.info "\n***\nSuccessful login with email_id : #{request.filtered_parameters["user"]}\n***\n"
  end

  private
  def log_failed_login
    ::Rails.logger.info "\n***\nFailed login with email_id : #{request.filtered_parameters["user"]}\n***\n" if failed_login?
  end 

  def failed_login?
    (options = env["warden.options"]) && options[:action] == "unauthenticated"
  end 
end

日志有如下条目：

The log has the following entries:

Started POST "/users/sign_in"
...
...
***
Successful login with email_id : {"email"=>...
***
...
...
Completed 302 Found

对于失败的登录

Started POST "/users/sign_in"
...
...
Completed 401 Unauthorized 
Processing by SessionsController#new as HTML
...
...
***
Failed login with email_id : {"email"=>...
***
...
...
Completed 302 Found

这篇关于制定日志身份验证失败后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！