Feature: #100278 - PSR-14 Event after failed logins in backend or frontend users¶
See forge#100278
Description¶
A new PSR-14 event \TYPO3\CMS\Core\Authentication\Event\LoginAttemptFailedEvent
has been introduced. The event allows to notify remote systems about failed logins.
The event features the following methods:
isFrontendAttempt()
: Whether this was a login attempt from a frontend login formisBackendAttempt()
: Whether this was a login attempt in the backendgetUser()
: Returns the\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
derivative in questiongetRequest()
: Returns the current PSR-7 request objectgetLoginData()
: The attempted login data without sensitive information
Registration of the event in your extension's Services.yaml
:
MyVendor\MyExtension\Authentication\EventListener\MyEventListener:
tags:
- name: event.listener
identifier: 'my-extension/login-attempt-failed'
Copied!
The corresponding event listener class:
namespace MyVendor\MyExtension\Authentication\EventListener;
use TYPO3\CMS\Core\Authentication\Event\LoginAttemptFailedEvent;
final class MyEventListener
{
public function __invoke(LoginAttemptFailedEvent $event): void
{
if ($event->getRequest()->getAttribute('normalizedParams')->getRemoteAddress() !== '198.51.100.42') {
// send an email because an external user login attempt failed
}
}
}
Copied!
Impact¶
It is now possible to notify external loggers about failed login attempts while having the full request.