Menu
▾
▴
[Gemstracker-svn] SF.net SVN: gemstracker:[232] trunk/library
|
From: <gem...@li...> - 2011-11-18 09:11:19
|
Revision: 232
http://gemstracker.svn.sourceforge.net/gemstracker/?rev=232&view=rev
Author: mennodekker
Date: 2011-11-18 09:11:12 +0000 (Fri, 18 Nov 2011)
Log Message:
-----------
Fixed #42 - Failed logins should be logged
Added extra info to the LogViewer in the detailed (show) action
Modified Paths:
--------------
trunk/library/classes/Gems/AccessLog.php
trunk/library/classes/Gems/Default/IndexAction.php
trunk/library/classes/Gems/Default/LogAction.php
trunk/library/configs/db/patches.sql
Modified: trunk/library/classes/Gems/AccessLog.php
===================================================================
--- trunk/library/classes/Gems/AccessLog.php 2011-11-17 17:19:37 UTC (rev 231)
+++ trunk/library/classes/Gems/AccessLog.php 2011-11-18 09:11:12 UTC (rev 232)
@@ -1,39 +1,39 @@
<?php
-
-/**
- * Copyright (c) 2011, Erasmus MC
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of Erasmus MC nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
+
+/**
+ * Copyright (c) 2011, Erasmus MC
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of Erasmus MC nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
* @version $Id$
* @package Gems
* @subpackage AccessLog
* @copyright Copyright (c) 2011 Erasmus MC
* @license New BSD License
*/
-
+
/**
* Logging class to log access to certaint controller/actions
*
@@ -177,7 +177,7 @@
try {
//When project escort doesn't implement the log interface, we disable logging
if (!(GemsEscort::getInstance() instanceof Gems_Project_Log_LogRespondentAccessInterface)
- || ! isset($this->_userInfo->user_id)) {
+ || (!isset($this->_userInfo->user_id) && $force === false ) ) {
return $this;
}
@@ -191,12 +191,12 @@
$values['glua_to'] = $respondentId;
$values['glua_message'] = $message;
- $values['glua_by'] = $this->_userInfo->user_id;
- $values['glua_organization'] = $this->_userInfo->user_organization_id;
+ $values['glua_by'] = $this->_userInfo->user_id ? $this->_userInfo->user_id : 0;
+ $values['glua_organization'] = $this->_userInfo->user_organization_id ? $this->_userInfo->user_organization_id : 0;
$values['glua_action'] = $this->getActionId($action);
$values['glua_role'] = $this->_userInfo->user_role;
$values['glua_created'] = new Zend_Db_Expr('CURRENT_TIMESTAMP');
-
+
if ($request instanceof Zend_Controller_Request_Http) {
$values['glua_remote_ip'] = $request->getClientIp();
} else {
Modified: trunk/library/classes/Gems/Default/IndexAction.php
===================================================================
--- trunk/library/classes/Gems/Default/IndexAction.php 2011-11-17 17:19:37 UTC (rev 231)
+++ trunk/library/classes/Gems/Default/IndexAction.php 2011-11-18 09:11:12 UTC (rev 232)
@@ -317,8 +317,15 @@
}
return;
} else {
+ //Now present the user with an error message
$errors = $authResult->getMessages();
- $this->addMessage($errors);
+ $this->addMessage($errors);
+
+ //Also log the error to the log table
+ //when the project has logging enabled
+ $logErrors = join(' - ', $errors);
+ $log = Gems_AccessLog::getLog();
+ $log->log('loginFail', $this->getRequest(), sprintf('Failed login for : %s (%s) - %s', $formValues['userlogin'], $formValues['organization'], $logErrors), null, true);
}
}
}
Modified: trunk/library/classes/Gems/Default/LogAction.php
===================================================================
--- trunk/library/classes/Gems/Default/LogAction.php 2011-11-17 17:19:37 UTC (rev 231)
+++ trunk/library/classes/Gems/Default/LogAction.php 2011-11-18 09:11:12 UTC (rev 232)
@@ -166,6 +166,11 @@
$model->set('staff_name', 'label', $this->_('Staff'));
$model->set('respondent_name', 'label', $this->_('Respondent'));
+ if ($detailed) {
+ $model->set('glua_role', 'label', $this->_('Role'));
+ $model->set('glua_remote_ip', 'label', $this->_('IP address'));
+ }
+
return $model;
}
Modified: trunk/library/configs/db/patches.sql
===================================================================
--- trunk/library/configs/db/patches.sql 2011-11-17 17:19:37 UTC (rev 231)
+++ trunk/library/configs/db/patches.sql 2011-11-18 09:11:12 UTC (rev 232)
@@ -319,3 +319,7 @@
ALTER TABLE `gems__organizations` ADD gor_accessible_by text CHARACTER SET 'utf8' COLLATE 'utf8_general_ci' null AFTER gor_task,
ADD gor_has_patients boolean not null default 1 AFTER gor_iso_lang,
ADD gor_add_patients boolean not null default 1 AFTER gor_has_patients;
+
+-- PATCH: Log failed logins
+INSERT INTO `zsd`.`gems__log_actions` (`glac_id_action`, `glac_name`, `glac_change`, `glac_log`, `glac_created`)
+ VALUES (NULL , 'loginFail', '0', '1', CURRENT_TIMESTAMP);
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
