FailedLoginAttemptNotification uses LogDataTrait
Sends out an email for failed logins in TYPO3 Backend when a certain threshold of failed logins during a certain timeframe has happened.
Relevant settings: $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']
this class is not part of the TYPO3 Core API as this is a concrete event listener implementation
Table of Contents
Properties
- $failedLoginAttemptsThreshold : int
- $notificationRecipientEmailAddress : string
- $warningPeriod : int
Methods
- __construct() : mixed
- __invoke() : void
- Sends a warning email if there has been a certain amount of failed logins during a period.
- createPreparedQueryBuilder() : QueryBuilder
- formatLogDetails() : string
- Replaces a string with placeholders (%s or {myPlaceholder}) with its substitutes.
- formatLogDetailsStatic() : string
- Static version for ViewHelpers etc.
- getLoginFailures() : array<string|int, mixed>
- Retrieves all failed logins within a given timeframe until now.
- sendLoginAttemptEmail() : void
- Sends out an email if the number of attempts have exceeded a limit.
- unserializeLogData() : array<string|int, mixed>|null
- Useful for handling old serialized data, which might have been migrated to JSON encoded properties already.
Properties
$failedLoginAttemptsThreshold read-only
protected
int
$failedLoginAttemptsThreshold
= 3
$notificationRecipientEmailAddress
protected
string
$notificationRecipientEmailAddress
$warningPeriod read-only
protected
int
$warningPeriod
= 3600
Methods
__construct()
public
__construct([string|null $notificationRecipientEmailAddress = null ][, int $warningPeriod = 3600 ][, int $failedLoginAttemptsThreshold = 3 ]) : mixed
Parameters
- $notificationRecipientEmailAddress : string|null = null
-
The receiver of the notification
- $warningPeriod : int = 3600
-
Time span (in seconds) within the number of failed logins are collected. Number of sections back in time to check. This is a kind of limit for how many failures an hour.
- $failedLoginAttemptsThreshold : int = 3
-
The maximum accepted number of warnings before an email to $notificationRecipientEmailAddress is sent
__invoke()
Sends a warning email if there has been a certain amount of failed logins during a period.
public
__invoke(LoginAttemptFailedEvent|MfaVerificationFailedEvent $event) : void
If a login fails, this function is called. It will look up the sys_log to see if there have been more than $failedLoginAttemptsThreshold failed logins the last X seconds (default 3600, see $warningPeriod). If so, an email with a warning is sent. This also includes failed multi-factor authentication failures.
Parameters
Attributes
- #[AsEventListener]
- $identifier: 'typo3/cms-backend/failed-login-attempt-notification'
- $event: LoginAttemptFailedEvent::class
- #[AsEventListener]
- $identifier: 'typo3/cms-backend/failed-mfa-verification-notification'
- $event: MfaVerificationFailedEvent::class
createPreparedQueryBuilder()
protected
createPreparedQueryBuilder(int $earliestLogDate, int $loginAction) : QueryBuilder
Parameters
- $earliestLogDate : int
- $loginAction : int
Return values
QueryBuilderformatLogDetails()
Replaces a string with placeholders (%s or {myPlaceholder}) with its substitutes.
protected
formatLogDetails(string $detailString, mixed $substitutes) : string
Parameters
- $detailString : string
- $substitutes : mixed
Return values
stringformatLogDetailsStatic()
Static version for ViewHelpers etc.
protected
static formatLogDetailsStatic(string $detailString, array<string|int, mixed> $substitutes) : string
Replaces a string with placeholders (%s or {myPlaceholder}) with its substitutes.
Parameters
- $detailString : string
- $substitutes : array<string|int, mixed>
Return values
stringgetLoginFailures()
Retrieves all failed logins within a given timeframe until now.
protected
getLoginFailures(int $earliestTimeToCheckForFailures) : array<string|int, mixed>
Parameters
- $earliestTimeToCheckForFailures : int
-
A UNIX timestamp that acts as the "earliest" date to check within the logs
Return values
array<string|int, mixed> —a list of sys_log entries since the earliest, or empty if no entries have been logged
sendLoginAttemptEmail()
Sends out an email if the number of attempts have exceeded a limit.
protected
sendLoginAttemptEmail(array<string|int, mixed> $previousFailures, ServerRequestInterface $request) : void
Parameters
- $previousFailures : array<string|int, mixed>
-
sys_log entries that have been logged since the last time a notification was sent
- $request : ServerRequestInterface
unserializeLogData()
Useful for handling old serialized data, which might have been migrated to JSON encoded properties already.
protected
unserializeLogData(mixed $logData) : array<string|int, mixed>|null
Parameters
- $logData : mixed