Register failed login attempt

As a new feature, this is now for the 2.x branch.

Patch not applying on the latest tag/branch. In the Default branch (2.x) "Controller" does not exist. Cloned the repo and worked on tag 2.0.0-alpha1 to make the changes. Submitting the re-rolled patch requires reviews.

From a security perspective, wouldn't it be interesting to see if people are trying with credentials that maybe don't have existing accounts, for instance former editors or admin/root attacks?

Seeing this comment:
// Only register failed login attempts for existing accounts.

Rerolled patch vs 2.x fixed removed controller, and fixed additions from cleanup calls.

I messed up the patch of #6, sorry bout that, #7 should be fine

Rerolled patch #7 to resolve failures against the recent commits to the login_history.module file.

The previous patch created an issue where when a failed login attempt was recorded, it used the time of the last successful log rather than the time of the failed login attempt. Additionally, the source branch was a bit out of date.

This branch should include the most recent changes from the 2.x version of the login_history module, the changes from the patch RicardoPeters → previously provided in #7 ✨ Register failed login attempt Needs review / #9 ✨ Register failed login attempt Needs review , and the change to record the time of the failed login.

The attached patch was created from the merge request referenced in #10 ✨ Register failed login attempt Needs review .

I have rerolled the patch to resolve a conflict in the update hook number.
Kindly review the updated patch.

Another tweak to the patch - if a previous version of the patch had been run already, it will throw an error. Wrapping the schema update in a fieldExists() to prevent error.

Hi all, I've reviewed the patch attached in #14 and #13.

After applying the patch #14 the login history view is not working due to the missing/broken handler error as there is no changes in the views.view.login_history.yml file, so we can conclude that this patch is incompatible to provide the solutions for this feature request.

For the patch #13, it working fine for me, and the failed login are listed successfully for me. But there are some pointers I want to mention for this patch.

• I think it will be better if we can change the label of Event Type to "Login Type".
• If the users are trying to login with the correct email ID and failed to login due to the wrong password, then it's should be marked and
  listed as failed login but currently it's not happening as the logic is implemented just for the user name in case of failed login listing ( implemented in the function _login_history_form_user_login_validate() ).

Attached here the screenshot of the login history view page below.

I'm moving this issue to Needs Work state. Please share your thoughts as well on the pointers I mentioned for the patch #13.

Thanks !

Okay @rajdip_755,
Looking into this.

Hi @rajdip_755 and @manuel.adan
I've done the changes,
Now it is showing Failed attempt even if we enter email and incorrect password. Please have a look.

Please base it on the current state of 2.x

Hi @jcnventura,
I've rebased the branch, Please have a look.

Hii @arunsahijpal,

Everything works fine as mentioned. But the function "login_history_update_8004" in login_history.install file is declared twice.

Here is the error for reference.

PHP Fatal error:  Cannot redeclare login_history_update_8004() (previously declared in /app/web/modules/custom/login_history-3233477/login_history.install:111) in /app/web/modules/custom/login_history-3233477/login_history.install on line 154

Fatal error: Cannot redeclare login_history_update_8004() (previously declared in /app/web/modules/custom/login_history-3233477/login_history.install:111) in /app/web/modules/custom/login_history-3233477/login_history.install on line 154

Please have a look.

Thanks @anish.ir for reporting this error.
I've removed the unnecessary part of code, please check.