身份验证失败后设计日志 [英] Devise log after auth failure

问题描述

当有人无法登录我的应用程序时，我需要写一个日志(以跟踪暴力尝试).我还决定记录成功的身份验证.所以我创建了一个 SessionsController <Devise::SessionsController 并尝试像这样覆盖 session#create 方法:https://gist.github.com/3884693

I need to write a log when somebody failes to log in to my app (to track bruteforce attempts). Also I decided to log successful authentications. So I created a SessionsController < Devise::SessionsController and tried to override the sessions#create method like that: https://gist.github.com/3884693

第一部分工作正常，但是当身份验证失败时，rails 会抛出某种异常并且永远不会到达 if 语句.所以我不知道该怎么办.

The first part works perfectly, but when the auth failes rails throws some kind of an exception and never reaches the if statement. So I don't know what to do.

推荐答案

这是对上一个 SO 问题的回答 - 设计:注册登录尝试有答案.

设计控制器中的创建操作调用warden.authenticate!，它尝试使用提供的参数对用户进行身份验证.如果身份验证失败，则进行身份验证！将调用设计失败应用程序，然后运行 ​​SessionsController#new 操作.请注意，如果身份验证失败，您为创建操作设置的任何过滤器都不会运行.

The create action in the devise controller calls warden.authenticate!, which attempts to authenticate the user with the supplied params. If authentication fails then authenticate! will call the devise failure app, which then runs the SessionsController#new action. Note, any filters you have for the create action will not run if authentication fails.

因此，解决方案是在新操作之后添加一个过滤器，该过滤器检查 env[warden.options"] 的内容并采取适当的操作.

So the solution is to add a filter after the new action which checks the contents of env["warden.options"] and takes the appropriate action.

我尝试了这个建议，并且能够记录成功的 &登录尝试失败.这是相关的控制器代码:

I tried out the suggestion, and was able to log both the successful & failed login attempts. Here is the relevant controller code:

class SessionsController < Devise::SessionsController
  after_filter :log_failed_login, :only => :new

  def create
    super
    ::Rails.logger.info "
***
Successful login with email_id : #{request.filtered_parameters["user"]}
***
"
  end

  private
  def log_failed_login
    ::Rails.logger.info "
***
Failed login with email_id : #{request.filtered_parameters["user"]}
***
" if failed_login?
  end 

  def failed_login?
    (options = env["warden.options"]) && options[:action] == "unauthenticated"
  end 
end

日志中有以下条目:

Started POST "/users/sign_in"
...
...
***
Successful login with email_id : {"email"=>...
***
...
...
Completed 302 Found

登录失败

Started POST "/users/sign_in"
...
...
Completed 401 Unauthorized 
Processing by SessionsController#new as HTML
...
...
***
Failed login with email_id : {"email"=>...
***
...
...
Completed 302 Found

这篇关于身份验证失败后设计日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！