Hi all,
Me again. Looking at my /var/log/owncloud.log file, i can see that when I
try and login to owncloud (which is using PrivacyIDEA as the auth backend)
with invalid credentials, that the following messages are logged:
{“reqId”:“VpOv9H8AAQEAAD5A7yEAAAAg”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“Undefined
property: stdClass::$value at
/var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php#260”,“level”:3,“time”:“January
11, 2016 13:36:54”}
{“reqId”:“VpOzq38AAQEAAEKlQXYAAAAI”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“Undefined
property: stdClass::$value at
/var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php#260”,“level”:3,“time”:“January
11, 2016 13:52:46”}
{“reqId”:“VpO1EH8AAQEAAEKlQYAAAAAI”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“Undefined
property: stdClass::$value at
/var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php#260”,“level”:3,“time”:“January
11, 2016 13:58:41”}
Looking at line 260 in otp_privacyidea.php i can see the following
try-catch:
try {
$status = $body->result->status;
$value = $body->result->value;
$res = $value;
} catch (Exception $e) {
$res = FALSE;
}
return $res;
It appears the module doesnt contain a check (from my brief look) to handle
failed login attempts. Has anyone seen this or fixed this already?
It’d be great if the log entry was similar to:
{“reqId”:“VpO1EH8AAQEAAEKlQYAAAAAI”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“User:
“hacker” login failed, invalid credentials”,“level”:3,“time”:“January 11,
2016 13:58:41”}
Best,
Sam