[Bug]: Login failed event missing from admin audit log #50223

claucambra · 2025-01-17T08:39:31Z

⚠️ This issue respects the following points: ⚠️

This is a bug, not a question or a configuration/webserver/proxy issue.
This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
I agree to follow Nextcloud's Code of Conduct.

Bug description

Login failure events do not appear in audit log (instead, in the normal log). Affects server versions 28 up through to master

Steps to reproduce

Enable admin_audit
Try a login failed
Check audit log

Expected behavior

Login failure event should appear in audit log

Nextcloud Server version

28

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

Default user-backend (database)
LDAP/ Active Directory
SSO - SAML
Other

Configuration report

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

Additional info

No response

solracsf · 2025-01-17T11:13:23Z

It is logged on my instance (v30.0.5), yes nothing indicates a failure (just and attempt):

{
  "reqId": "7RZNGanCu0UMJiB4lPNn",
  "level": 1,
  "time": "2025-01-17T12:09:27+01:00",
  "remoteAddr": "51.1.8.18",
  "user": "--",
  "app": "admin_audit",
  "method": "POST",
  "url": "/login",
  "message": "Login attempt: \"user.name\"",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36",
  "version": "30.0.5.1",
  "data": {
    "app": "admin_audit"
  }
}

A successful login logs that line, folowed by another one:

{
  "reqId": "cMIGRDfRCun79NZal56I",
  "level": 1,
  "time": "2025-01-17T12:11:58+01:00",
  "remoteAddr": "51.1.8.18",
  "user": "user.name",
  "app": "admin_audit",
  "method": "POST",
  "url": "/login",
  "message": "Login successful: \"user.name\"",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36",
  "version": "30.0.5.1",
  "data": {
    "app": "admin_audit"
  }
}

claucambra added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Jan 17, 2025

szaimen added the 28-feedback label Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: Login failed event missing from admin audit log #50223

[Bug]: Login failed event missing from admin audit log #50223

claucambra commented Jan 17, 2025

solracsf commented Jan 17, 2025

[Bug]: Login failed event missing from admin audit log #50223

[Bug]: Login failed event missing from admin audit log #50223

Comments

claucambra commented Jan 17, 2025

⚠️ This issue respects the following points: ⚠️

Bug description

Steps to reproduce

Expected behavior

Nextcloud Server version

Operating system

PHP engine version

Web server

Database engine version

Is this bug present after an update or on a fresh install?

Are you using the Nextcloud Server Encryption module?

What user-backends are you using?

Configuration report

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

Additional info

solracsf commented Jan 17, 2025