|
|
|
|
@ -58,9 +58,14 @@ class AuthenticationStatsListener implements EventSubscriberInterface |
|
|
|
|
{ |
|
|
|
|
return [ |
|
|
|
|
StatsEvent::class => [ |
|
|
|
|
[ |
|
|
|
|
'getAuthStats', |
|
|
|
|
-1 |
|
|
|
|
], |
|
|
|
|
[ |
|
|
|
|
'getAuthFailureIps' |
|
|
|
|
] |
|
|
|
|
], |
|
|
|
|
AuthenticationEvents::AUTHENTICATION_SUCCESS => 'onAuthSuccess', |
|
|
|
|
AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthFailure', |
|
|
|
|
SecurityEvents::INTERACTIVE_LOGIN => 'onInteractiveLogin' |
|
|
|
|
@ -151,4 +156,35 @@ class AuthenticationStatsListener implements EventSubscriberInterface |
|
|
|
|
|
|
|
|
|
$event->addStatistics($stats); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public function getAuthFailureIps(StatsEvent $event) |
|
|
|
|
{ |
|
|
|
|
if (!$event->isEnabled('login_fail_ips')) |
|
|
|
|
return; |
|
|
|
|
$queryBuilder = $this->registry->getRepository(AuthenticationEntry::class)->createQueryBuilder('e'); |
|
|
|
|
/* @var $queryBuilder \Doctrine\ORM\QueryBuilder */ |
|
|
|
|
$queryBuilder->select('count(e) AS c', 'e.ip') |
|
|
|
|
->groupBy('e.ip') |
|
|
|
|
->where('e.success = false AND e.timeStamp > :time') |
|
|
|
|
->setParameter('time', new \DateTime('-1 day')) |
|
|
|
|
->orderBy('c', 'DESC') |
|
|
|
|
->setMaxResults(20); |
|
|
|
|
$rawStats = $queryBuilder->getQuery()->getArrayResult(); |
|
|
|
|
|
|
|
|
|
$config = [ |
|
|
|
|
'graph_title' => 'Authserver authentication failures', |
|
|
|
|
'graph_vlabel' => 'Failures/day', |
|
|
|
|
'graph_category' => 'authserver' |
|
|
|
|
]; |
|
|
|
|
foreach ($rawStats as $rawStat) { |
|
|
|
|
$ipHash = md5($rawStat['ip']); |
|
|
|
|
$config += [ |
|
|
|
|
'auth_fail_' . $ipHash . '.label' => $rawStat['ip'] |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
$event->addStatistic('login_fail_ips.auth_fail_' . $ipHash, $rawStat['c']); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$event->setMuninConfig('login_fail_ips', $config); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
