Contrib.social

Confusing (incorrect?) message in Watchdog log

Open on Drupal.org β†’
Created on 24 September 2024, 4 months ago

Problem/Motivation

When there is a failed login attempt for an existing username, there end up being two messages logged to the Watchdog log:

- Login attempt failed for test.
- Flood control blocked login attempt for uid 2 from 172.1.1.1

The first one is correct and is what core does normally. That second one is, at best, confusing and is actually incorrect. Flood control isn't blocking anything at this point.

This appears to be new with Drupal 10.3, but I' not certain of that.

Steps to reproduce

I was able to recreate this on simplytest.me with only Flood Control added.

  1. Install and enable Flood Control.
  2. Create a user "test".
  3. Attempt to log in with the user "test" and an incorrect password.
  4. See the two messages above in the Watchdog log.

Proposed resolution

Flood Control should not log the "Flood control blocked login attempt..." when it didn't actually block anything.

Remaining tasks

  1. Find cause of problem
  2. Fix problem
  3. Add tests?
  4. Merge fix
πŸ› Bug report
Status

Active

Version

2.3

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States jrb Raleigh-Durham Area, NC, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jrb
  • Comment 4 months ago β†’
    πŸ‡―πŸ‡΅Japan ptmkenny

    Please file bug reports against dev, not a stable version, since the bug may already have been fixed in dev.

    I tried to reproduce this according to your instructions on SimplyTest.me. It seems that this only occurs if the user account is blocked (SimplyTest has auth user accounts blocked by default, requiring admin approval). When I unblocked the test account and attempted to log in with an incorrect password, I did not get an error. I did get an error when the account was blocked.

    Please confirm whether this occurs for you even if the account is not blocked.

  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrb Raleigh-Durham Area, NC, USA
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrb Raleigh-Durham Area, NC, USA

    I just recreated on simplytest.me with the dev version. If you're quick, you can see it here:

    https://master-ku0ikjwma4sz1vunwkfcmv7o3hvqcjrt.tugboatqa.com/

    The "test" user is active. The two log messages only seem to occur after the first failed login, not with the first (I updated the steps above).

  • Comment 4 months ago β†’
    πŸ‡³πŸ‡±Netherlands batigolix Utrecht
  • Comment 3 months ago β†’
    πŸ‡³πŸ‡±Netherlands batigolix Utrecht

    The contrib module flood_control does not do this kind of logging.

    Can you disable the contrib module flood_control and repeat the tests?

    This may have its origin in the Drupal Core user flood functionality web/core/modules/user/src/EventSubscriber/UserFloodSubscriber.php

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024