问题描述
当有人无法登录我的应用程序时,我需要写一个日志(以跟踪暴力尝试).我还决定记录成功的身份验证.所以我创建了一个 SessionsController <Devise::SessionsController 并尝试像这样覆盖 session#create 方法:https://gist.github.com/3884693
I need to write a log when somebody failes to log in to my app (to track bruteforce attempts). Also I decided to log successful authentications.So I created a SessionsController < Devise::SessionsController and tried to override the sessions#create method like that: https://gist.github.com/3884693
第一部分工作正常,但是当身份验证失败时,rails 会抛出某种异常并且永远不会到达 if 语句.所以我不知道该怎么办.
The first part works perfectly, but when the auth failes rails throws some kind of an exception and never reaches the if statement. So I don't know what to do.
推荐答案
这是对上一个 SO 问题的回答 - 设计:注册登录尝试有答案.
设计控制器中的创建操作调用warden.authenticate!,它尝试使用提供的参数对用户进行身份验证.如果身份验证失败,则进行身份验证!将调用设计失败应用程序,然后运行 SessionsController#new 操作.请注意,如果身份验证失败,您为创建操作设置的任何过滤器都不会运行.
因此,解决方案是在新操作之后添加一个过滤器,该过滤器检查 env[warden.options"] 的内容并采取适当的操作.
So the solution is to add a filter after the new action which checks the contents of env["warden.options"] and takes the appropriate action.
我尝试了这个建议,并且能够记录成功的 &登录尝试失败.这是相关的控制器代码:
I tried out the suggestion, and was able to log both the successful & failed login attempts. Here is the relevant controller code:
class SessionsController < Devise::SessionsController
after_filter :log_failed_login, :only => :new
def create
super
::Rails.logger.info "
***
Successful login with email_id : #{request.filtered_parameters["user"]}
***
"
end
private
def log_failed_login
::Rails.logger.info "
***
Failed login with email_id : #{request.filtered_parameters["user"]}
***
" if failed_login?
end
def failed_login?
(options = env["warden.options"]) && options[:action] == "unauthenticated"
end
end
日志中有以下条目:
Started POST "/users/sign_in"
...
...
***
Successful login with email_id : {"email"=>...
***
...
...
Completed 302 Found
登录失败
Started POST "/users/sign_in"
...
...
Completed 401 Unauthorized
Processing by SessionsController#new as HTML
...
...
***
Failed login with email_id : {"email"=>...
***
...
...
Completed 302 Found
这篇关于身份验证失败后设计日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!