From 58df3ad9566061186e62110e7c1e4a4140ed02c2 Mon Sep 17 00:00:00 2001
From: benrubson <6764151+benrubson@users.noreply.github.com>
Date: Sun, 3 May 2020 16:20:02 +0200
Subject: [PATCH] Log failed accesses option

---
 .env.example.complete                         |  8 ++++++-
 app/Http/Controllers/Auth/LoginController.php | 21 ++++++++++++-------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/.env.example.complete b/.env.example.complete
index 04cd73b90..5b62b1a2a 100644
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -266,4 +266,10 @@ API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500
 
 # The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
\ No newline at end of file
+API_REQUESTS_PER_MIN=180
+
+# Failed access
+# message to log into webserver logs in case of failed access, for further processing by tools like Fail2Ban
+# Apache users should use : user "%u" authentication failure for "BookStack"
+# Nginx  users should use : user "%u" was not found in "BookStack"
+FAILED_ACCESS_MESSAGE=''
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 75ade74e7..c000af49e 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -169,15 +169,20 @@ class LoginController extends Controller
     }
 
     /**
-     * Log failed accesses, matching the default fail2ban nginx/apache auth rules.
-     */
-    protected function logFailedAccess(Request $request)
+     * Log failed accesses, for further processing by tools like Fail2Ban
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
+      */
+    protected function logFailedAccess($request)
     {
-        if (isset($_SERVER['SERVER_SOFTWARE']) && preg_match('/nginx/i', $_SERVER['SERVER_SOFTWARE'])) {
-             error_log('user "' . $request->get($this->username()) . '" was not found in "BookStack"', 4);
-         } else {
-             error_log('user "' . $request->get($this->username()) . '" authentication failure for "BookStack"', 4);
-         }
+        $log_msg = env('FAILED_ACCESS_MESSAGE', '');
+
+        if (!is_string($request->get($this->username())) || !is_string($log_msg) || strlen($log_msg)<1)
+            return;
+
+        $log_msg = str_replace("%u", $request->get($this->username()), $log_msg);
+        error_log($log_msg, 4);
     }
 
 }