Reply
[ccdn user security bundle] error message.
Replies: 5   Views: 1373  Subscribers: 2

Posted by zorg · 09-12-2012 - 13:41

hi,
Great bundle !!.
how can i see in flash notification the number of try ?
i want to show to the user that he still have same try.

thank.­

Posted by reece · 09-12-2012 - 15:41

Hi Zorg.

You can use the login_failure_tracker service to get an array of attempts that are within the scope of the set time limit in the config.

You should be able to do something like:

­
// Get session and check if it has any entries of failed logins.
            $session = $request->getSession();

            $ipAddress = $request->getClientIp();

            // Get number of failed login attempts.
            $tracker = $this->container->get('ccdn_user_security.component.authentication.tracker.login_failure_tracker');

            $attempts = $tracker->getAttempts($session, $ipAddress);

            // Get limits from config.
            $attemptLimitRecoverAccount = $this->container->getParameter('ccdn_user_security.login_shield.limit_failed_login_attempts.before_recover_account');
            $attemptLimitReturnHttp500 = $this->container->getParameter('ccdn_user_security.login_shield.limit_failed_login_attempts.before_return_http_500');

            $attemptCount = count($attempts)

            // How many attempts remain until you are forwarded to account recovery page?
            $remainingBeforeAC = $attemptLimitRecoverAccount - $attemptCount;

            // How many until we assume abuse and return http 500?
            $remainingBeforeHttp500 = $attemptLimitReturnHttp500 - $attemptCount;­
This is similar to the code found in client login voter. You can make a service out of this if you like and tag it with something like: ­
{ name: kernel.event_listener, event: kernel.request, method: onKernelRequest }­
Good luck and let me know how it goes. ­[:SMILE:]­

Posted by zorg · 11-12-2012 - 08:09

thank very must.
i think that it will be more intersted to add extension strait to twig, i need just there.

Question : can it be includ in your code, resetting  old "log" in the base "cc_security_session" afert same time ?

Ps. sorry for my bad english.­

Posted by reece · 11-12-2012 - 13:07

I am not sure i follow your question this time.

Each failed attempt to login is logged in the session and in the db. (db regenerates session if scrupulous individuals drop the session as a work around).

When we need to get the attempts to count them, we only count the number of attempts that are within a certain time limit, any attempt older than the time limit is not included in the array we return and use to count.

Once a block has expired, all of the failed login attempts will be too old to be included in the check so we don't need to worry about them anymore and they shouldn't be included in the session upon the next successful login.­

Posted by zorg · 11-12-2012 - 14:40

A ok. it was just that i don't lake to have old "log" in the database but i can still do very easy but event MySql for exemple delete that log on the date more then on week old.

anyway thank.­

Posted by reece · 11-12-2012 - 14:53

Only the session is kept relevant. The database obviously will have old records you no longer need for failed login attempts. And yes you are right you could setup some kind of script to purge them.

Might i suggest you create a cron script. I believe you could write the script in SF2 if you like, perhaps as a console command, and then add it to crontrab monthly.

I have never written a console command for SF2 before so not sure i could be of much help but it probably should not be too difficult i would not of thought.

Good luck and let me know how it goes. ­[:smile:]­