Comments (2)
jtojnar
commented on September 26, 2024
Thanks for reporting, could you describe your use case a bit more?
I would expect that for it to be useful for fail2ban, we would need to log more info (e.g. an IP address), so just raising the level would not help.
Maybe it would be better to match web server logs which should already contain the response code, something like:
127.0.0.1 - - [15/Aug/2023:22:00:30 +0200] "POST /selfoss/login HTTP/1.1" 400 52
Unfortunately, the login endpoint always returns 200 OK status, and we cannot change it without breaking backwards compatibility.
So there is currently no nice way to distinguish failures just from that log. (Technically, you could rely on the fact that responses containing wrong username/password have size 52 bytes, while ones without an error field are 16 bytes long. But there is no guarantee that the response sizes will remain the same.)
Ideally, we would create a new API endpoint for signing in that uses separate response codes but that will require more thought (e.g. which response code to use, should we support HTTP authentication…)
Or you could change the following line to jsonError risking clients potentially crashing when incorrect credentials are entered:
from selfoss.
heull001
commented on September 26, 2024
I would expect that for it to be useful for fail2ban, we would need to log more info (e.g. an IP address), so just raising the level would not help.
Ah yes, my fail, it would need the IP-adress too ...
from selfoss.
Related Issues (20)
- Twitter : You currently have access to a subset of Twitter API v2 endpoints [...] HOT 2
- Custom spout not displayed in drop down menu HOT 2
- Item's date as a future date HOT 4
- The auto_collapse option is ineffective HOT 3
- Mark as read behavior with unread filter HOT 1
- The More button sometimes appears by mistake HOT 1
- Rss feed HOT 1
- Add support for dark mode HOT 2
- Too big icons on mobile phones
- YouTube feed discovery broken HOT 1
- Filter on RSS Feed does not work HOT 2
- OPML import failed HOT 2
- Meta Graph API v12.0? HOT 1
- Mobile Website tries to load nonexistend path HOT 2
- question about "items_lifetime" HOT 4
- No support for encoding such as gzip or brotli? HOT 6
- Atom Over XMPP: XMPP (RFC 6120), PubSub (XEP-0060) and Atom (RFC 4287) HOT 7
- Up-to-date nginx config example using subfolder? HOT 1
- is digest authentication supposed to work? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from selfoss.