From 4f974122f8ed9699466d98cbd49339b15230fa6e Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Fri, 28 Jun 2019 11:13:08 -0600
Subject: [PATCH] log password on failed login attempt

---
 MediaBrowser.Api/UserService.cs | 35 ++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
index 21a94a4e08..f08d070ca6 100644
--- a/MediaBrowser.Api/UserService.cs
+++ b/MediaBrowser.Api/UserService.cs
@@ -13,6 +13,7 @@ using MediaBrowser.Model.Configuration;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Services;
 using MediaBrowser.Model.Users;
+using Microsoft.Extensions.Logging;
 
 namespace MediaBrowser.Api
 {
@@ -247,8 +248,9 @@ namespace MediaBrowser.Api
         private readonly INetworkManager _networkManager;
         private readonly IDeviceManager _deviceManager;
         private readonly IAuthorizationContext _authContext;
+        private readonly ILogger _logger;
 
-        public UserService(IUserManager userManager, ISessionManager sessionMananger, IServerConfigurationManager config, INetworkManager networkManager, IDeviceManager deviceManager, IAuthorizationContext authContext)
+        public UserService(IUserManager userManager, ISessionManager sessionMananger, IServerConfigurationManager config, INetworkManager networkManager, IDeviceManager deviceManager, IAuthorizationContext authContext, ILoggerFactory loggerFactory)
         {
             _userManager = userManager;
             _sessionMananger = sessionMananger;
@@ -256,6 +258,7 @@ namespace MediaBrowser.Api
             _networkManager = networkManager;
             _deviceManager = deviceManager;
             _authContext = authContext;
+            _logger = loggerFactory.CreateLogger(nameof(UserService));
         }
 
         public object Get(GetPublicUsers request)
@@ -399,19 +402,27 @@ namespace MediaBrowser.Api
         {
             var auth = _authContext.GetAuthorizationInfo(Request);
 
-            var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
+            try
             {
-                App = auth.Client,
-                AppVersion = auth.Version,
-                DeviceId = auth.DeviceId,
-                DeviceName = auth.Device,
-                Password = request.Pw,
-                PasswordSha1 = request.Password,
-                RemoteEndPoint = Request.RemoteIp,
-                Username = request.Username
-            }).ConfigureAwait(false);
+                var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
+                {
+                    App = auth.Client,
+                    AppVersion = auth.Version,
+                    DeviceId = auth.DeviceId,
+                    DeviceName = auth.Device,
+                    Password = request.Pw,
+                    PasswordSha1 = request.Password,
+                    RemoteEndPoint = Request.RemoteIp,
+                    Username = request.Username
+                }).ConfigureAwait(false);
 
-            return ToOptimizedResult(result);
+                return ToOptimizedResult(result);
+            }
+            catch(SecurityException e)
+            {
+                // rethrow adding IP address to message
+                throw new SecurityException($"[{Request.RemoteIp}] {e.Message}");
+            }
         }
 
         /// <summary>