Option to log login failures to file

auth.py

@@ -11,6 +11,7 @@ import hashlib
 import binascii
 import os
 import secrets
+import datetime
 from utils import isSystemAccount
 from utils import hasUsersPath
 
@@ -206,7 +207,9 @@ def createPassword(length=10):
     return ''.join((secrets.choice(validChars) for i in range(length)))
 
 
-def recordLoginFailure(ipAddress: str, countDict: {}, failTime: int) -> None:
+def recordLoginFailure(baseDir: str, ipAddress: str,
+                       countDict: {}, failTime: int,
+                       logToFile: bool) -> None:
     """Keeps ip addresses and the number of times login failures
     occured for them in a dict
     """
@@ -226,8 +229,23 @@ def recordLoginFailure(ipAddress: str, countDict: {}, failTime: int) -> None:
         }
     else:
         countDict[ipAddress]['count'] += 1
+        countDict[ipAddress]['time'] = failTime
         failCount = countDict[ipAddress]['count']
         if failCount > 4:
             print('WARN: ' + str(ipAddress) + ' failed to log in ' +
                   str(failCount) + ' times')
-        countDict[ipAddress]['time'] = failTime
+
+    if not logToFile:
+        return
+
+    failureLog = baseDir + '/accounts/loginfailures.log'
+    writeType = 'a+'
+    if not os.path.isfile(failureLog):
+        writeType = 'w+'
+    currTime = datetime.datetime.utcnow()
+    try:
+        with open(failureLog, writeType) as fp:
+            fp.write(currTime.strftime("%Y-%m-%d %H:%M:%SZ") +
+                     ' ' + ipAddress + '\n')
+    except BaseException:
+        pass

daemon.py

@@ -1443,6 +1443,7 @@ class PubServer(BaseHTTPRequestHandler):
                 ipAddress = self.headers['X-Forwarded-For']
             else:
                 ipAddress = self.client_address[0]
+            if not domain.endswith('.onion'):
                 if not isLocalNetworkAddress(ipAddress):
                     print('Login attempt from IP: ' + str(ipAddress))
             if not authorizeBasic(baseDir, '/users/' +
@@ -1452,10 +1453,12 @@ class PubServer(BaseHTTPRequestHandler):
                 self._clearLoginDetails(loginNickname, callingDomain)
                 failTime = int(time.time())
                 self.server.lastLoginFailure = failTime
+                if not domain.endswith('.onion'):
                     if not isLocalNetworkAddress(ipAddress):
-                    recordLoginFailure(ipAddress,
+                        recordLoginFailure(baseDir, ipAddress,
                                            self.server.loginFailureCount,
-                                       failTime)
+                                           failTime,
+                                           self.server.logLoginFailures)
                 self.server.POSTbusy = False
                 return
             else:
@@ -14844,7 +14847,8 @@ def loadTokens(baseDir: str, tokensDict: {}, tokensLookup: {}) -> None:
         break
 
 
-def runDaemon(city: str,
+def runDaemon(logLoginFailures: bool,
+              city: str,
               showNodeInfoAccounts: bool,
               showNodeInfoVersion: bool,
               brochMode: bool,
@@ -15113,6 +15117,7 @@ def runDaemon(city: str,
     httpd.lastLoginTime = 0
     httpd.lastLoginFailure = 0
     httpd.loginFailureCount = {}
+    httpd.logLoginFailures = logLoginFailures
     httpd.maxReplies = maxReplies
     httpd.tokens = {}
     httpd.tokensLookup = {}

epicyon.py

@@ -291,6 +291,11 @@ parser.add_argument("--iconsAsButtons",
                     type=str2bool, nargs='?',
                     const=True, default=False,
                     help="Show header icons as buttons")
+parser.add_argument("--logLoginFailures",
+                    dest='logLoginFailures',
+                    type=str2bool, nargs='?',
+                    const=True, default=False,
+                    help="Whether to log longin failures")
 parser.add_argument("--rssIconAtTop",
                     dest='rssIconAtTop',
                     type=str2bool, nargs='?',
@@ -2510,6 +2515,11 @@ brochMode = \
 if brochMode is not None:
     args.brochMode = bool(brochMode)
 
+logLoginFailures = \
+    getConfigParam(baseDir, 'logLoginFailures')
+if logLoginFailures is not None:
+    args.logLoginFailures = bool(logLoginFailures)
+
 showNodeInfoAccounts = \
     getConfigParam(baseDir, 'showNodeInfoAccounts')
 if showNodeInfoAccounts is not None:
@@ -2539,7 +2549,8 @@ if setTheme(baseDir, themeName, domain,
     print('Theme set to ' + themeName)
 
 if __name__ == "__main__":
-    runDaemon(args.city,
+    runDaemon(args.logLoginFailures,
+              args.city,
               args.showNodeInfoAccounts,
               args.showNodeInfoVersion,
               args.brochMode,

tests.py

@@ -518,8 +518,9 @@ def createServerAlice(path: str, domain: str, port: int,
     showNodeInfoAccounts = True
     showNodeInfoVersion = True
     city = 'London, England'
+    logLoginFailures = False
     print('Server running: Alice')
-    runDaemon(city,
+    runDaemon(logLoginFailures, city,
               showNodeInfoAccounts,
               showNodeInfoVersion,
               brochMode,
@@ -620,8 +621,9 @@ def createServerBob(path: str, domain: str, port: int,
     showNodeInfoAccounts = True
     showNodeInfoVersion = True
     city = 'London, England'
+    logLoginFailures = False
     print('Server running: Bob')
-    runDaemon(city,
+    runDaemon(logLoginFailures, city,
               showNodeInfoAccounts,
               showNodeInfoVersion,
               brochMode,
@@ -677,8 +679,9 @@ def createServerEve(path: str, domain: str, port: int, federationList: [],
     showNodeInfoAccounts = True
     showNodeInfoVersion = True
     city = 'London, England'
+    logLoginFailures = False
     print('Server running: Eve')
-    runDaemon(city,
+    runDaemon(logLoginFailures, city,
               showNodeInfoAccounts,
               showNodeInfoVersion,
               brochMode,