Issue Summary

We are looking for a feature to capture IP address of the host and user ID mapping in case of a login failure.

The login failure can be from various scenarios few examples below

1. Login failure from browser.
2. Curl REST api call with incorrect credentials.

In default configuration , Bamboo will print only the IP address in the access logs when the login failure is there , see example below

10.10.0.1 [27/Jan/2022:15:11:11 +0000] "GET /rest/api/latest/permissions/global/groups HTTP/1.1" 401 752 8 "-" "curl/7.77.0"

We enabled com.atlassian.bamboo.user.authentication.BambooElevatedSecurityGuard to Trace and we were able to get the below Information in the atlassian-bamboo.logs files.

2022-01-27 15:15:23,477 TRACE [http-nio-8085-exec-22] [BambooElevatedSecurityGuard] Failed login attempt, 
userName=admin, IP=10.10.0.1

The Problem is that in case of reverse Proxy setup , It will not print the IP address of the original host making the call.
 

Suggestion

• One solution would be add extra logging on the access logs to directly capture the source IP Address ( Irrespective of proxy in place) and Userid in case of login failures.

• Can Audit_log table in Bamboo be modified to capture the above details in the DB ?

Other Notes

• This request have been created from a case where the Bamboo Admins have a shared user used for automation that has invalid password and triggers captcha which breaks all the rest of the automations , so the Admins would like to know from where the Invalid request are made.

• This feature is currently available in Bitbucket under Audit logs , one sample from the screen below.

  Jan 27, 2022, 07:15:39 PM GMT+5:30	
  skumar14
  Auditing	Audit Log search performed	
  IP address:
  10.10.0.1
  Node ID:
  a764bfc3-d182-499e-b504-1a1b61475199
  Method:
  Browser
  ID Range:
  6455 - 6573
  Query:
  Results returned:
  100
  Timestamp Range:
  2022-01-21T18:40:49.652Z - 2022-01-24T06:48:23.633Z