Add logging of ips that failed authentication

EventListener/AuthenticationStatsListener.php

@@ -58,8 +58,13 @@ class AuthenticationStatsListener implements EventSubscriberInterface
     {
         return [
             StatsEvent::class => [
-                'getAuthStats',
-                -1
+                [
+                    'getAuthStats',
+                    -1
+                ],
+                [
+                    'getAuthFailureIps'
+                ]
             ],
             AuthenticationEvents::AUTHENTICATION_SUCCESS => 'onAuthSuccess',
             AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthFailure',
@@ -151,4 +156,35 @@ class AuthenticationStatsListener implements EventSubscriberInterface
 
         $event->addStatistics($stats);
     }
+
+    public function getAuthFailureIps(StatsEvent $event)
+    {
+        if (!$event->isEnabled('login_fail_ips'))
+            return;
+        $queryBuilder = $this->registry->getRepository(AuthenticationEntry::class)->createQueryBuilder('e');
+        /* @var $queryBuilder \Doctrine\ORM\QueryBuilder */
+        $queryBuilder->select('count(e) AS c', 'e.ip')
+            ->groupBy('e.ip')
+            ->where('e.success = false AND e.timeStamp > :time')
+            ->setParameter('time', new \DateTime('-1 day'))
+            ->orderBy('c', 'DESC')
+            ->setMaxResults(20);
+        $rawStats = $queryBuilder->getQuery()->getArrayResult();
+
+        $config = [
+            'graph_title' => 'Authserver authentication failures',
+            'graph_vlabel' => 'Failures/day',
+            'graph_category' => 'authserver'
+        ];
+        foreach ($rawStats as $rawStat) {
+            $ipHash = md5($rawStat['ip']);
+            $config += [
+                'auth_fail_' . $ipHash . '.label' => $rawStat['ip']
+            ];
+
+            $event->addStatistic('login_fail_ips.auth_fail_' . $ipHash, $rawStat['c']);
+        }
+
+        $event->setMuninConfig('login_fail_ips', $config);
+    }
 }