Merge pull request #51107 from nextcloud/stable30-admin-audit-listen-failed-login

[stable30] feat(admin_audit): write admin audit log for login failed

apps/admin_audit/lib/Actions/Auth.php

@@ -42,4 +42,15 @@ class Auth extends Action {
 			[]
 		);
 	}
+
+	public function loginFailed(array $params): void {
+		$this->log(
+			'Login failed: "%s"',
+			$params,
+			[
+				'uid',
+			],
+			true
+		);
+	}
 }

apps/admin_audit/lib/AppInfo/Application.php

@@ -145,6 +145,7 @@ class Application extends App implements IBootstrap {
 		Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
 		Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
 		Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+		Util::connectHook('OC_User', 'login_failed', $authActions, 'loginFailed');
 	}
 
 	private function appHooks(IAuditLogger $logger,

lib/private/Authentication/Listeners/LoginFailedListener.php

@@ -40,6 +40,7 @@ class LoginFailedListener implements IEventListener {
 		$this->dispatcher->dispatchTyped(new AnyLoginFailedEvent($event->getLoginName(), $event->getPassword()));
 
 		$uid = $event->getLoginName();
+		\OC_Hook::emit('OC_User', 'login_failed', ['run' => true, 'uid' => $uid]);
 		Util::emitHook(
 			'\OCA\Files_Sharing\API\Server2Server',
 			'preLoginNameUsedAsUserName',