Logging ERROR and recommendations #216
Description
-
When roundcube is set to do logging through SYSLOG, there is a problem with
$rcmail->config->get('log_dir');intwofactor_gauthenticator.phpline:544.
So my roundcube instance gets"Oops... something went wrong!"fatal internal error message.
Like in Incorrect 2FA code results in PHP Fatal Error #215 or in I don't actually know if this is an Issue, but looks a bit like a crash... #207 or as my comment. -
Roundcube has built-in logging functions, like:
program/include/rcmail.php:
public function log_login($user = null, $failed_login = false, $error_code = 0);
https://github.com/roundcube/roundcubemail/blob/fa1f3bd852ea45f67c66fc1954dcd73ced80e25e/program/include/rcmail.php#L1493
or program/lib/Roundcube/rcube.php:
public static function write_log($name, $line);
https://github.com/roundcube/roundcubemail/blob/fa1f3bd852ea45f67c66fc1954dcd73ced80e25e/program/lib/Roundcube/rcube.php#L1301
Why don't we use them? -
Roundcube can generate log message at successful logins, so it would be nice if is this plugin could too, like:
Successful 2FA completion for <user> (ID: <num>) from <ip> in session <session>
Where:<user>= User name;<num>= User ID;<ip>= IP address;<session>= First part of the session id;
Like the session log:
Jan 28 06:09:13 srv02 roundcube: <6292c68e> Successful login for Djoe (ID: 151) from 10.10.10.10 in session 6292c68e0bd5d116
or Only let roundcube to do the logging (successful or fail), only When the 2FA is also completed.
Environment:
Server: Debian 11.11, Linux kernel 5.10.226-1
Apache: 2.4.62
PHP: 7.4.33
Roundcube: 1.6.9
twofactor_gauthenticator: (latest) 057ee8e