diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2014-04-01 11:45:33 +0100 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2014-04-01 11:45:33 +0100 |
commit | 9f19b06fb5d6787a54cf8136b3c1ab67d0014e16 (patch) | |
tree | 02ea2f7683c716d23ea2b3bdbe10a51bf70212b3 | |
parent | 5f64e60c02d50fc4c094356f2df480f0dea68422 (diff) | |
download | rabbitmq-server-9f19b06fb5d6787a54cf8136b3c1ab67d0014e16.tar.gz |
Events for login success / failure.
-rw-r--r-- | src/rabbit_access_control.erl | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index 0ff88cf7..b0a9c0d8 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -54,24 +54,29 @@ check_user_pass_login(Username, Password) -> check_user_login(Username, AuthProps) -> {ok, Modules} = application:get_env(rabbit, auth_backends), - lists:foldl( - fun ({ModN, ModZ}, {refused, _, _}) -> - %% Different modules for authN vs authZ. So authenticate - %% with authN module, then if that succeeds do - %% passwordless (i.e pre-authenticated) login with authZ - %% module, and use the #user{} the latter gives us. - case try_login(ModN, Username, AuthProps) of - {ok, _} -> try_login(ModZ, Username, []); - Else -> Else - end; - (Mod, {refused, _, _}) -> - %% Same module for authN and authZ. Just take the result - %% it gives us - try_login(Mod, Username, AuthProps); - (_, {ok, User}) -> - %% We've successfully authenticated. Skip to the end... - {ok, User} - end, {refused, "No modules checked '~s'", [Username]}, Modules). + R = lists:foldl( + fun ({ModN, ModZ}, {refused, _, _}) -> + %% Different modules for authN vs authZ. So authenticate + %% with authN module, then if that succeeds do + %% passwordless (i.e pre-authenticated) login with authZ + %% module, and use the #user{} the latter gives us. + case try_login(ModN, Username, AuthProps) of + {ok, _} -> try_login(ModZ, Username, []); + Else -> Else + end; + (Mod, {refused, _, _}) -> + %% Same module for authN and authZ. Just take the result + %% it gives us + try_login(Mod, Username, AuthProps); + (_, {ok, User}) -> + %% We've successfully authenticated. Skip to the end... + {ok, User} + end, {refused, "No modules checked '~s'", [Username]}, Modules), + rabbit_event:notify(case R of + {ok, _User} -> user_authentication_success; + _ -> user_authentication_failure + end, [{name, Username}]), + R. try_login(Module, Username, AuthProps) -> case Module:check_user_login(Username, AuthProps) of |