Merge branch '3.0' into 3

silverstripe · Jan 31, 2024 · 6890b01 · 6890b01
2 parents 8c847f5 + e5f9e5c
commit 6890b01
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/code/AuditHook.php b/code/AuditHook.php
@@ -333,7 +333,7 @@ public function authenticationFailed($data)
         // LDAP authentication uses a "Login" POST field instead of Email.
         $login = isset($data['Login'])
             ? $data['Login']
-            : (isset($data[Email::class]) ? $data[Email::class] : '');
+            : (isset($data['Email']) ? $data['Email'] : '');
 
         if (empty($login)) {
             return $this->getAuditLogger()->warning(
@@ -345,6 +345,14 @@ public function authenticationFailed($data)
         $this->getAuditLogger()->info(sprintf('Failed login attempt using email "%s"', $login));
     }
 
+    /**
+     * Log failed login attempts when the email address doesn't map to an existing member record
+     */
+    public function authenticationFailedUnknownUser($data)
+    {
+        $this->authenticationFailed($data);
+    }
+
     /**
      * Log permission failures (where the status is set after init of page).
      */

diff --git a/tests/AuditHookTest.php b/tests/AuditHookTest.php
@@ -333,4 +333,31 @@ public function testRestoreToStage()
         $this->assertStringContainsString('deleted Page', $message);
         $this->assertStringContainsString('My page', $message);
     }
+
+    public function testFailedLogin()
+    {
+        $member = $this->createMemberWithPermission('ADMIN');
+        $this->get('Security/login');
+        $this->submitForm(
+            'MemberLoginForm_LoginForm',
+            null,
+            ['Email' => $member->Email, 'Password' => 'clearly wrong password']
+        );
+
+        $message = $this->writer->getLastMessage();
+        $this->assertStringContainsString('Failed login attempt using email "' . $member->Email . '"', $message);
+    }
+
+    public function testFailedLoginWithoutMember()
+    {
+        $this->get('Security/login');
+        $this->submitForm(
+            'MemberLoginForm_LoginForm',
+            null,
+            ['Email' => '__NO VALID USER__', 'Password' => 'clearly wrong password']
+        );
+
+        $message = $this->writer->getLastMessage();
+        $this->assertStringContainsString('Failed login attempt using email "__NO VALID USER__"', $message);
+    }
 }