diff options
| author | Badlop <badlop@process-one.net> | 2010-05-12 10:27:47 +0200 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2010-05-12 10:27:47 +0200 |
| commit | c32332898b1fcdc85479f371835c807d068c07b9 (patch) | |
| tree | 5a9ae2ca01ca9f935d8dfa06b2b7427e528d3c1b | |
| parent | Don't show HTTP request in logs, because reveals password (EJAB-1231) (diff) | |
Show HTTP auth username and IP address in logs, not the password (EJAB-1231)
| -rw-r--r-- | src/web/ejabberd_web_admin.erl | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/web/ejabberd_web_admin.erl b/src/web/ejabberd_web_admin.erl index 490eb16d3..3832736b9 100644 --- a/src/web/ejabberd_web_admin.erl +++ b/src/web/ejabberd_web_admin.erl @@ -188,8 +188,11 @@ process(["server", SHost | RPath] = Path, #request{auth = Auth, lang = Lang, hos [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], ejabberd_web:make_xhtml([?XCT("h1", "Unauthorized")])}; {unauthorized, Error} -> - ?WARNING_MSG("Access ~p failed with error: ~p", - [Auth, Error]), + {BadUser, _BadPass} = Auth, + {IPT, _Port} = Request#request.ip, + IPS = inet_parse:ntoa(IPT), + ?WARNING_MSG("Access of ~p from ~p failed with error: ~p", + [BadUser, IPS, Error]), {401, [{"WWW-Authenticate", "basic realm=\"auth error, retry login to ejabberd\""}], @@ -211,8 +214,11 @@ process(RPath, #request{auth = Auth, lang = Lang, host = HostHTTP, method = Meth [{"WWW-Authenticate", "basic realm=\"ejabberd\""}], ejabberd_web:make_xhtml([?XCT("h1", "Unauthorized")])}; {unauthorized, Error} -> - ?WARNING_MSG("Access ~p failed with error: ~p", - [Auth, Error]), + {BadUser, _BadPass} = Auth, + {IPT, _Port} = Request#request.ip, + IPS = inet_parse:ntoa(IPT), + ?WARNING_MSG("Access of ~p from ~p failed with error: ~p", + [BadUser, IPS, Error]), {401, [{"WWW-Authenticate", "basic realm=\"auth error, retry login to ejabberd\""}], |