Owncloud/PrivacyIDEA - Failed logins

Hi all,

Me again. Looking at my /var/log/owncloud.log file, i can see that when I
try and login to owncloud (which is using PrivacyIDEA as the auth backend)
with invalid credentials, that the following messages are logged:

{“reqId”:“VpOv9H8AAQEAAD5A7yEAAAAg”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“Undefined
property: stdClass::$value at
/var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php#260”,“level”:3,“time”:“January
11, 2016 13:36:54”}
{“reqId”:“VpOzq38AAQEAAEKlQXYAAAAI”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“Undefined
property: stdClass::$value at
/var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php#260”,“level”:3,“time”:“January
11, 2016 13:52:46”}
{“reqId”:“VpO1EH8AAQEAAEKlQYAAAAAI”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“Undefined
property: stdClass::$value at
/var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php#260”,“level”:3,“time”:“January
11, 2016 13:58:41”}

Looking at line 260 in otp_privacyidea.php i can see the following
try-catch:

    try {
        $status = $body->result->status;
        $value = $body->result->value;
        $res = $value;
    } catch (Exception $e) {
        $res = FALSE;
    }
    return $res;

It appears the module doesnt contain a check (from my brief look) to handle
failed login attempts. Has anyone seen this or fixed this already?

It’d be great if the log entry was similar to:

{“reqId”:“VpO1EH8AAQEAAEKlQYAAAAAI”,“remoteAddr”:“134.225.22.22”,“app”:“PHP”,“message”:“User:
“hacker” login failed, invalid credentials”,“level”:3,“time”:“January 11,
2016 13:58:41”}

Best,
Sam