Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log or alert on failed 2FA codes #459

Open
jeffpaul opened this issue Sep 20, 2022 · 2 comments · May be fixed by #462
Open

Log or alert on failed 2FA codes #459

jeffpaul opened this issue Sep 20, 2022 · 2 comments · May be fixed by #462
Assignees
@Lucisu
Labels
Enhancement
Milestone
0.10.0

Comments

@jeffpaul
Copy link
Member

Logging a placeholder issue from insight shared from @georgestephanis after finding a related tweet on this topic... We should fire off a log or alert to site admins on any failed 2FA code. Or an error_log or something. So if someone has a password but is trying to brute force a code it can get caught.
@jeffpaul jeffpaul added this to the 0.9.0 milestone Sep 20, 2022
@Lucisu Lucisu linked a pull request Oct 4, 2022 that will close this issue
Open
@Lucisu
Copy link

Lucisu commented Oct 4, 2022

I extended the Two_Factor_Provider class adding the function to log the failure:

two-factor/providers/class-two-factor-provider.php

Lines 75 to 106 in 3b69449

/**
* Logs the failed authentication.
*
* @param WP_User $user WP_User object of the user trying to login.
* @param string|false $code The code used to authenticate, if available.
*
* @return void
*/
public function log_failure( $user, $code = false ) {
/**
* This action is triggered when a Two Factor validation fails.
*
* @param WP_User $user WP_User object of the user trying to login.
* @param string|false $code The code used to authenticate, if available.
*/
do_action( 'two_factor_user_login_failed', $user, $code );
/* translators: %1$d: the user's ID %2$s: the code used to authenticate */
$log_message = sprintf( esc_html__( 'The user with ID %1$d failed to login using the code "%2$s"', 'two-factor' ), $user->ID, esc_html( $code ) );
/**
* This action is triggered when a Two Factor validation fails.
*
* @param boolean $should_log Whether or not the authentication failure should be logged.
* @param WP_User $user WP_User object of the user trying to login.
* @param string|false $code The code used to authenticate, if available.
* @param string $log_message The generated log message.
*/
if ( apply_filters( 'two_factor_log_failure', true, $user, $code, $log_message ) ) {
error_log( $log_message );
}
}

And added it to TOTP:

two-factor/providers/class-two-factor-totp.php

Lines 290 to 304 in 3b69449

public function validate_authentication( $user ) {
$success = false;
if ( ! empty( $_REQUEST['authcode'] ) ) {
$success = $this->is_valid_authcode(
$this->get_user_totp_key( $user->ID ),
sanitize_text_field( $_REQUEST['authcode'] )
);
}
if ( ! $success ) {
$this->log_failure( $user, ! empty( $_REQUEST['authcode'] ) ? sanitize_text_field( $_REQUEST['authcode'] ) : false );
}
return $success;
}

Now, other providers can use it.

I guess it's not the better way to use error_log, though.

@jeffpaul jeffpaul linked a pull request Oct 4, 2022 that will close this issue
Add logging function when failed to authenticate #462
Open
@iandunn
Copy link
Member

iandunn commented Oct 19, 2022
edited
Loading

Related: #476 would be a good follow-up to this IMO

@iandunn iandunn mentioned this issue Nov 3, 2022
Closed
20 tasks
@iandunn iandunn mentioned this issue Dec 8, 2022
Closed
This was referenced Feb 17, 2023
Open
Draft
@iandunn iandunn mentioned this issue Sep 13, 2023
Open
7 tasks
@iandunn iandunn mentioned this issue Jan 30, 2024
Closed
@jeffpaul jeffpaul modified the milestones: 0.9.0, 0.10.0 May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Lucisu Lucisu

Labels
Enhancement
Projects
None yet
Milestone
0.10.0
Development

Successfully merging a pull request may close this issue.

Add logging function when failed to authenticate Lucisu/two-factor
3 participants
@iandunn @jeffpaul @Lucisu