Merge pull request #380 in ZP/z-push from...

Merge pull request #380 in ZP/z-push from ~C0D3Z3R0/z-push:feature/ZP-1058-autodisc-failed-auth-ip to develop * commit '81c868b5': ZP-1058 autodiscover: Fix mistake: always send response ZP-1058 autodiscover: Rework exception handling to match z-push core. ZP-1058 autodiscover: Print IP to log on failed authentication for usage with e.g. fail2ban

Merge pull request #380 in ZP/z-push from...
Merge pull request #380 in ZP/z-push from ~C0D3Z3R0/z-push:feature/ZP-1058-autodisc-failed-auth-ip to develop * commit '81c868b5': ZP-1058 autodiscover: Fix mistake: always send response ZP-1058 autodiscover: Rework exception handling to match z-push core. ZP-1058 autodiscover: Print IP to log on failed authentication for usage with e.g. fail2ban
85b7b810 · Sebastian Kummer · ccba713f · 81c868b5 · 85b7b810
Commit 85b7b810 authored Oct 20, 2016 by Sebastian Kummer
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 14 deletions

autodiscover.php src/autodiscover/autodiscover.php +31 -14

No files found.
--- a/src/autodiscover/autodiscover.php
+++ b/src/autodiscover/autodiscover.php
@@ -104,25 +104,42 @@ class ZPushAutodiscover {
            }
        }
-        catch (AuthenticationRequiredException $ex) {
+        catch (Exception $ex) {
-            if (isset($incomingXml)) {
+            // Extract any previous exception message for logging purpose.
-                ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover because login failed for user with email '%s'", $incomingXml->Request->EMailAddress));
+            $exclass = get_class($ex);
+            $exception_message = $ex->getMessage();
+            if($ex->getPrevious()){
+                do {
+                    $current_exception = $ex->getPrevious();
+                    $exception_message .= ' -> ' . $current_exception->getMessage();
+                } while($current_exception->getPrevious());
            }
-            else {
-                ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover incorrect request: '%s'", $ex->getMessage()));
+            ZLog::Write(LOGLEVEL_FATAL, sprintf('Exception: (%s) - %s', $exclass, $exception_message));
+            if ($ex instanceof AuthenticationRequiredException) {
+                if (isset($incomingXml)) {
+                    // log the failed login attemt e.g. for fail2ban
+                    if (defined('LOGAUTHFAIL') && LOGAUTHFAIL != false)
+                        ZLog::Write(LOGLEVEL_WARN, sprintf("Unable to complete autodiscover because login failed for user with email '%s' from IP %s.", $incomingXml->Request->EMailAddress, $_SERVER["REMOTE_ADDR"]));
+                }
+                else {
+                    ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover incorrect request: '%s'", $ex->getMessage()));
+                }
+                http_response_code(401);
+                header('WWW-Authenticate: Basic realm="ZPush"');
            }
-            http_response_code(401);
+            else if ($ex instanceof ZPushException) {
-            header('WWW-Authenticate: Basic realm="ZPush"');
+                ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover because of ZPushException. Error: %s", $ex->getMessage()));
-        }
+                if(!headers_sent()) {
-        catch (ZPushException $ex) {
+                    header('HTTP/1.1 '. $ex->getHTTPCodeString());
-            ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover because of ZPushException. Error: %s", $ex->getMessage()));
+                    foreach ($ex->getHTTPHeaders() as $h) {
-            if(!headers_sent()) {
+                        header($h);
-                header('HTTP/1.1 '. $ex->getHTTPCodeString());
+                    }
-                foreach ($ex->getHTTPHeaders() as $h) {
-                    header($h);
                }
            }
        }
        $this->sendResponse($response);
    }