Feature: #100278 - PSR-14 Event after failed logins in backend or frontend users
See forge#100278
Description
A new PSR-14 event \TYPO3\
has been introduced. The event allows to notify remote systems about failed logins.
The event features the following methods:
is
: Whether this was a login attempt from a frontend login formFrontend Attempt () is
: Whether this was a login attempt in the backendBackend Attempt () get
: Returns theUser () \TYPO3\
derivative in questionCMS\ Core\ Authentication\ Abstract User Authentication get
: Returns the current PSR-7 request objectRequest () get
: The attempted login data without sensitive informationLogin Data ()
Registration of the event in your extension's Services.
:
MyVendor\MyExtension\Authentication\EventListener\MyEventListener:
tags:
- name: event.listener
identifier: 'my-extension/login-attempt-failed'
Copied!
The corresponding event listener class:
namespace MyVendor\MyExtension\Authentication\EventListener;
use TYPO3\CMS\Core\Authentication\Event\LoginAttemptFailedEvent;
final class MyEventListener
{
public function __invoke(LoginAttemptFailedEvent $event): void
{
if ($event->getRequest()->getAttribute('normalizedParams')->getRemoteAddress() !== '198.51.100.42') {
// send an email because an external user login attempt failed
}
}
}
Copied!
Impact
It is now possible to notify external loggers about failed login attempts while having the full request.