feat(auth): log login failures (#699)

close #697
tchiotludo · May 15, 2021 · f691db0 · f691db0
1 parent 2cbfe17
commit f691db0
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 10 deletions.
diff --git a/src/main/java/org/akhq/modules/BasicAuthAuthenticationProvider.java b/src/main/java/org/akhq/modules/BasicAuthAuthenticationProvider.java
@@ -28,18 +28,20 @@ public class BasicAuthAuthenticationProvider implements AuthenticationProvider {
 
     @Override
     public Publisher<AuthenticationResponse> authenticate(@Nullable HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
-        for(BasicAuth auth : securityProperties.getBasicAuth()) {
-            if (authenticationRequest.getIdentity().equals(auth.getUsername()) &&
-                auth.isValidPassword((String) authenticationRequest.getSecret())) {
-
-                UserDetails userDetails = new UserDetails(auth.getUsername(),
-                        userGroupUtils.getUserRoles(auth.getGroups()),
-                        userGroupUtils.getUserAttributes(auth.getGroups()));
-
-                return Flowable.just(userDetails);
+        String username = String.valueOf(authenticationRequest.getIdentity());
+        for (BasicAuth auth : securityProperties.getBasicAuth()) {
+            if (!username.equals(auth.getUsername())) {
+                continue;
+            }
+            if (!auth.isValidPassword((String) authenticationRequest.getSecret())) {
+                return Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH));
             }
+            UserDetails userDetails = new UserDetails(username,
+                    userGroupUtils.getUserRoles(auth.getGroups()),
+                    userGroupUtils.getUserAttributes(auth.getGroups()));
+            return Flowable.just(userDetails);
         }
 
-        return Flowable.just(new AuthenticationFailed());
+        return Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.USER_NOT_FOUND));
     }
 }
diff --git a/src/main/java/org/akhq/utils/LoginFailedEventListener.java b/src/main/java/org/akhq/utils/LoginFailedEventListener.java
@@ -0,0 +1,30 @@
+package org.akhq.utils;
+
+import io.micronaut.context.event.ApplicationEventListener;
+import io.micronaut.security.authentication.AuthenticationFailed;
+import io.micronaut.security.authentication.UserDetails;
+import io.micronaut.security.event.LoginFailedEvent;
+import lombok.extern.slf4j.Slf4j;
+
+import javax.inject.Singleton;
+
+@Singleton
+@Slf4j
+public class LoginFailedEventListener implements ApplicationEventListener<LoginFailedEvent> {
+    @Override
+    public void onApplicationEvent(LoginFailedEvent event) {
+        if (event.getSource() instanceof AuthenticationFailed) {
+            AuthenticationFailed authenticationFailed = (AuthenticationFailed) event.getSource();
+            log.warn("Login failed reason {}, username {}, message {}",
+                    authenticationFailed.getReason(),
+                    authenticationFailed.getUserDetails().map(UserDetails::getUsername).orElse("unknown"),
+                    authenticationFailed.getMessage().orElse("none")
+            );
+        }
+    }
+
+    @Override
+    public boolean supports(LoginFailedEvent event) {
+        return true;
+    }
+}