Closed shelleydoljack closed 1 year ago
I tested login.fail.attempts
on folio-dev with setting of 1 and it worked to block the user. I'm not sure where the EVENT_LOG configurations are logged. When I tail the mod-login log, I see the following when supplying the wrong password:
mod-login-54975f494b-lg62j mod-login 17:23:26 [556158/authn] [sul] [] [mod_login] ERROR LoginAttemptsHelper java.lang.ClassCastException: class java.lang.String cannot be cast to class java.lang.Number (java.lang.String and java.lang.Number are in module java.base of loader 'bootstrap')
mod-login-54975f494b-lg62j mod-login 17:23:26 [556158/authn] [sul] [] [mod_login] ERROR LoginAPI Password does not match for userid 07e8be0e-1cf5-5061-b5b3-4517d9a74d77
mod-login-54975f494b-lg62j mod-login 17:23:26 [556158/authn] [sul] [] [mod_login] INFO LogUtil 10.1.28.111:52516 POST /authn/login null HTTP_1_1 422 212 154 tid=sul Unprocessable Entity
When a login is successful, I see this in the logs (n.b. I didn't enable SUCCESSFUL_LOGIN_ATTEMPT
)
mod-login-54975f494b-lg62j mod-login 17:24:56 [383381/authn] [sul] [] [mod_login] INFO LogUtil 10.1.28.111:41768 POST /authn/login null HTTP_1_1 201 603 124 tid=sul Created
mod-login-54975f494b-lg62j mod-login 17:24:56 [] [] [] [] INFO ogStorageServiceImpl For event logging `SUCCESSFUL_LOGIN_ATTEMPT` is disabled
As a test, I deleted the FAILED_LOGIN_ATTEMPT
configuration and tried logging in with an incorrect password. The log shows that the configuration is disabled and it also shows the same info as when it is enabled:
mod-login-54975f494b-lg62j mod-login 17:25:51 [906645/authn] [sul] [] [mod_login] ERROR LoginAttemptsHelper java.lang.ClassCastException: class java.lang.String cannot be cast to class java.lang.Number (java.lang.String and java.lang.Number are in module java.base of loader 'bootstrap')
mod-login-54975f494b-lg62j mod-login 17:25:51 [] [] [] [] INFO ogStorageServiceImpl For event logging `FAILED_LOGIN_ATTEMPT` is disabled
mod-login-54975f494b-lg62j mod-login 17:25:51 [906645/authn] [sul] [] [mod_login] ERROR LoginAPI Password does not match for userid 3b8cd81e-2fe3-4854-ad6c-5e8d82c12994
mod-login-54975f494b-lg62j mod-login 17:25:51 [906645/authn] [sul] [] [mod_login] INFO LogUtil 10.1.28.111:41768 POST /authn/login null HTTP_1_1 422 211 104 tid=sul Unprocessable Entity
I'm not sure EVENT_LOG works or where it is logging. I will ask in FOLIO slack. It may not be useful after all and the only useful config is the login.fail.attempts
setting.
There's a table in sul_mod_login.event_logs
that is written to once these configurations are enabled. It can be queried with a GET to /authn/log/events?query=eventType=="FAILED_LOGIN_ATTEMPT"
or /authn/log/events?query=timestamp=="2023-04-12T*"
or even ip and userId. Example response:
{
"id": "43d25ae0-ab7f-43fd-b6aa-eb5098fe4bcd",
"eventType": "FAILED_LOGIN_ATTEMPT",
"tenant": "sul",
"userId": "07e8be0e-1cf5-5061-b5b3-4517d9a74d77",
"ip": "10.130.139.6",
"browserInformation": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
"timestamp": "2023-04-12T17:23:26.336+00:00"
}
This has been run on folio-test and folio-stage. @jgreben ready for review/merging.
Closes #195 Need to run in folio-test and -stage. login_configs.tsv uploaded to folio ops migration files.