From beec0c0d47d542c6d5b7aa1d32f49cd6fec326cc Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Mon, 23 Apr 2018 10:29:10 +1200 Subject: [PATCH] [SS-2018-010] Fix regression of SS-2017-002 --- src/Security/MemberAuthenticator/MemberAuthenticator.php | 9 ++++++++- tests/php/Security/MemberAuthenticatorTest.php | 2 -- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Security/MemberAuthenticator/MemberAuthenticator.php b/src/Security/MemberAuthenticator/MemberAuthenticator.php index 91dbd50a9..c51cecfd3 100644 --- a/src/Security/MemberAuthenticator/MemberAuthenticator.php +++ b/src/Security/MemberAuthenticator/MemberAuthenticator.php @@ -91,6 +91,11 @@ class MemberAuthenticator implements Authenticator // Validate against member if possible if ($member && !$asDefaultAdmin) { $this->checkPassword($member, $data['Password'], $result); + } elseif (!$asDefaultAdmin) { + // spoof a login attempt + $tempMember = Member::create(); + $tempMember->{Member::config()->get('unique_identifier_field')} = $email; + $tempMember->validateCanLogin($result); } // Emit failure to member and form (if available) @@ -164,7 +169,9 @@ class MemberAuthenticator implements Authenticator */ protected function recordLoginAttempt($data, HTTPRequest $request, $member, $success) { - if (!Security::config()->get('login_recording')) { + if (!Security::config()->get('login_recording') + && !Member::config()->get('lock_out_after_incorrect_logins') + ) { return; } diff --git a/tests/php/Security/MemberAuthenticatorTest.php b/tests/php/Security/MemberAuthenticatorTest.php index 3aa4e1d0e..4314cf558 100644 --- a/tests/php/Security/MemberAuthenticatorTest.php +++ b/tests/php/Security/MemberAuthenticatorTest.php @@ -243,7 +243,6 @@ class MemberAuthenticatorTest extends SapphireTest public function testNonExistantMemberGetsLoginAttemptRecorded() { - Security::config()->set('login_recording', true); Member::config() ->set('lock_out_after_incorrect_logins', 1) ->set('lock_out_delay_mins', 10); @@ -272,7 +271,6 @@ class MemberAuthenticatorTest extends SapphireTest public function testNonExistantMemberGetsLockedOut() { - Security::config()->set('login_recording', true); Member::config() ->set('lock_out_after_incorrect_logins', 1) ->set('lock_out_delay_mins', 10);