Show HTTP auth username and IP address in logs, not the password (EJAB-1231)
authorBadlop <badlop@process-one.net>
Wed, 12 May 2010 08:27:47 +0000 (10:27 +0200)
committerBadlop <badlop@process-one.net>
Wed, 12 May 2010 08:27:47 +0000 (10:27 +0200)
src/web/ejabberd_web_admin.erl

index 490eb16d3a251047c8ef732efc5d55999900fa6a..3832736b96b8a587bb83e62f0d6a438faaeccb00 100644 (file)
@@ -188,8 +188,11 @@ process(["server", SHost | RPath] = Path, #request{auth = Auth, lang = Lang, hos
                     [{"WWW-Authenticate", "basic realm=\"ejabberd\""}],
                     ejabberd_web:make_xhtml([?XCT("h1", "Unauthorized")])};
                {unauthorized, Error} ->
-                   ?WARNING_MSG("Access ~p failed with error: ~p",
-                                [Auth, Error]),
+                   {BadUser, _BadPass} = Auth,
+                   {IPT, _Port} = Request#request.ip,
+                   IPS = inet_parse:ntoa(IPT),
+                   ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
+                                [BadUser, IPS, Error]),
                    {401,
                     [{"WWW-Authenticate",
                       "basic realm=\"auth error, retry login to ejabberd\""}],
@@ -211,8 +214,11 @@ process(RPath, #request{auth = Auth, lang = Lang, host = HostHTTP, method = Meth
             [{"WWW-Authenticate", "basic realm=\"ejabberd\""}],
             ejabberd_web:make_xhtml([?XCT("h1", "Unauthorized")])};
        {unauthorized, Error} ->
-           ?WARNING_MSG("Access ~p failed with error: ~p",
-                        [Auth, Error]),
+           {BadUser, _BadPass} = Auth,
+           {IPT, _Port} = Request#request.ip,
+           IPS = inet_parse:ntoa(IPT),
+           ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
+                        [BadUser, IPS, Error]),
            {401,
             [{"WWW-Authenticate",
               "basic realm=\"auth error, retry login to ejabberd\""}],