Merge pull request #380 in ZP/z-push from...

Merge pull request #380 in ZP/z-push from ~C0D3Z3R0/z-push:feature/ZP-1058-autodisc-failed-auth-ip to develop * commit '81c868b5': ZP-1058 autodiscover: Fix mistake: always send response ZP-1058 autodiscover: Rework exception handling to match z-push core. ZP-1058 autodiscover: Print IP to log on failed authentication for usage with e.g. fail2ban

Merge pull request #380 in ZP/z-push from...
Merge pull request #380 in ZP/z-push from ~C0D3Z3R0/z-push:feature/ZP-1058-autodisc-failed-auth-ip to develop * commit '81c868b5': ZP-1058 autodiscover: Fix mistake: always send response ZP-1058 autodiscover: Rework exception handling to match z-push core. ZP-1058 autodiscover: Print IP to log on failed authentication for usage with e.g. fail2ban
85b7b810 · Sebastian Kummer · ccba713f · 81c868b5 · 85b7b810
Commit 85b7b810 authored Oct 20, 2016 by Sebastian Kummer
Show whitespace changes
Inline Side-by-side

Showing with 31 additions and 14 deletions

autodiscover.php src/autodiscover/autodiscover.php +31 -14

No files found.
--- a/src/autodiscover/autodiscover.php
+++ b/src/autodiscover/autodiscover.php
@@ -104,9 +104,24 @@ class ZPushAutodiscover {
            }
        }
-        catch (AuthenticationRequiredException $ex) {
+        catch (Exception $ex) {
+            // Extract any previous exception message for logging purpose.
+            $exclass = get_class($ex);
+            $exception_message = $ex->getMessage();
+            if($ex->getPrevious()){
+                do {
+                    $current_exception = $ex->getPrevious();
+                    $exception_message .= ' -> ' . $current_exception->getMessage();
+                } while($current_exception->getPrevious());
+            }
+            ZLog::Write(LOGLEVEL_FATAL, sprintf('Exception: (%s) - %s', $exclass, $exception_message));
+            if ($ex instanceof AuthenticationRequiredException) {
                if (isset($incomingXml)) {
-                ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover because login failed for user with email '%s'", $incomingXml->Request->EMailAddress));
+                    // log the failed login attemt e.g. for fail2ban
+                    if (defined('LOGAUTHFAIL') && LOGAUTHFAIL != false)
+                        ZLog::Write(LOGLEVEL_WARN, sprintf("Unable to complete autodiscover because login failed for user with email '%s' from IP %s.", $incomingXml->Request->EMailAddress, $_SERVER["REMOTE_ADDR"]));
                }
                else {
                    ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover incorrect request: '%s'", $ex->getMessage()));
@@ -114,7 +129,7 @@ class ZPushAutodiscover {
                http_response_code(401);
                header('WWW-Authenticate: Basic realm="ZPush"');
            }
-        catch (ZPushException $ex) {
+            else if ($ex instanceof ZPushException) {
                ZLog::Write(LOGLEVEL_ERROR, sprintf("Unable to complete autodiscover because of ZPushException. Error: %s", $ex->getMessage()));
                if(!headers_sent()) {
                    header('HTTP/1.1 '. $ex->getHTTPCodeString());
@@ -123,6 +138,8 @@ class ZPushAutodiscover {
                    }
                }
            }
+        }
        $this->sendResponse($response);
    }