Implement logging to a .log file of all failed authentication attempts

[quamok]

Right now, there is no log of users authenticating to Paperless-ng. We cannot implement IP blocking or monitoring of failed login attempts when exposing it to the internet behind a reverse proxy.

It would be nice to create a log of all authentication, or only failed authentication attempts, to the web page.

I'd like to implement fail2ban on this new log to prevent brute forcing and account enumeration attacks.

Example of log for Bitwarden_rs
[2021-04-27 22:11:45.635][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.20.1. Username: [email protected]

Example of log for Home-Assistant
2021-04-29 16:47:14 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 193.40.29.67 (193.40.29.67). (Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4429.93 Safari/536.36)

Thank you for considering and keep up the good work :)

[thijselblaso]

I want this too!

[upuldi]

Yes. Need this. It is very important to secure documents exposed to outside.