Create the concept of a "failed authentication" as semantically

separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts

8 files changed, 40 insertions, 39 deletions

diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 1426f0d8..fa175ac8 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -65,7 +65,7 @@ class Login_Controller extends Controller {
         $form->login->inputs["name"]->add_error("invalid_login", 1);
         $name = $form->login->inputs["name"]->value;
         log::warning("user", t("Failed login for %name", array("name" => $name)));
-        module::event("user_login_failed", $name);
+        module::event("user_authenticate_failed", $name);
         $valid = false;
       }
     }
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 45561861..2c1e3f67 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -20,7 +20,7 @@
 class auth_Core {
   static function get_login_form($url) {
     $form = new Forge($url, "", "post", array("id" => "g-login-form"));
-    $form->set_attr('class', "g-narrow");
+    $form->set_attr("class", "g-narrow");
     $group = $form->group("login")->label(t("Login"));
     $group->input("name")->label(t("Username"))->id("g-username")->class(null)
       ->callback("auth::validate_too_many_failed_logins")
@@ -60,52 +60,51 @@ class auth_Core {
   }
 
   /**
-   * After there have been 5 failed login attempts, any failure leads to getting locked out for a
+   * After there have been 5 failed auth attempts, any failure leads to getting locked out for a
    * minute.
    */
-  static function too_many_failed_logins($name) {
-    $failed_login = ORM::factory("failed_login")
+  static function too_many_failures($name) {
+    $failed = ORM::factory("failed_auth")
       ->where("name", "=", $name)
       ->find();
-    return ($failed_login->loaded() &&
-            $failed_login->count > 5 &&
-            (time() - $failed_login->time < 60));
+    return ($failed->loaded() &&
+            $failed->count > 5 &&
+            (time() - $failed->time < 60));
   }
 
   static function validate_too_many_failed_logins($name_input) {
-    if (self::too_many_failed_logins($name_input->value)) {
+    if (self::too_many_failures($name_input->value)) {
       $name_input->add_error("too_many_failed_logins", 1);
     }
   }
 
   static function validate_too_many_failed_password_changes($password_input) {
-    if (self::too_many_failed_logins(identity::active_user()->name)) {
+    if (self::too_many_failures(identity::active_user()->name)) {
       $password_input->add_error("too_many_failed_password_changes", 1);
     }
   }
 
   /**
-   * Record a failed login for this user
+   * Record a failed authentication for this user
    */
-  static function record_failed_auth_attempts($name) {
-    $failed_login = ORM::factory("failed_login")
+  static function record_failed_attempt($name) {
+    $failed = ORM::factory("failed_auth")
       ->where("name", "=", $name)
       ->find();
-    if (!$failed_login->loaded()) {
-      $failed_login->name = $name;
+    if (!$failed->loaded()) {
+      $failed->name = $name;
     }
-    $failed_login->time = time();
-    $failed_login->count++;
-    $failed_login->save();
+    $failed->time = time();
+    $failed->count++;
+    $failed->save();
   }
 
   /**
    * Clear any failed logins for this user
    */
-  static function clear_failed_auth_attempts($user) {
-    db::build()
-      ->delete("failed_logins")
+  static function clear_failed_attempts($user) {
+    ORM::factory("failed_auth")
       ->where("name", "=", $user->name)
-      ->execute();
+      ->delete_all();
   }
 }
\ No newline at end of file
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 7b538c49..9ce30929 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -110,19 +110,15 @@ class gallery_event_Core {
       graphics::choose_default_toolkit();
       module::clear_var("gallery", "choose_default_tookit");
     }
-    auth::clear_failed_auth_attempts($user);
+    auth::clear_failed_attempts($user);
   }
 
-  static function user_login_failed($name) {
-    auth::record_failed_auth_attempts($name);
+  static function user_authenticate_failed($name) {
+    auth::record_failed_attempt($name);
   }
 
-  static function user_password_changed($user) {
-    auth::clear_failed_auth_attempts($user);
-  }
-
-  static function user_password_change_failed($name) {
-    auth::record_failed_auth_attempts($name);
+  static function user_authenticate($user) {
+    auth::clear_failed_attempts($user);
   }
 
   static function item_index_data($item, $data) {
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index 761843b0..05354f81 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -42,7 +42,7 @@ class gallery_installer {
                 KEY (`tags`))
                 DEFAULT CHARSET=utf8;");
 
-    $db->query("CREATE TABLE {failed_logins} (
+    $db->query("CREATE TABLE {failed_auth} (
                 `id` int(9) NOT NULL auto_increment,
                 `count` int(9) NOT NULL,
                 `name` varchar(255) NOT NULL,
@@ -526,6 +526,11 @@ class gallery_installer {
         ->execute();
       module::set_version("gallery", $version = 26);
     }
+
+    if ($version == 26) {
+      $db->query("RENAME TABLE {failed_logins} TO {failed_auths}");
+      module::set_version("gallery", $version = 27);
+    }
   }
 
   static function uninstall() {
@@ -534,7 +539,7 @@ class gallery_installer {
     $db->query("DROP TABLE IF EXISTS {access_intents}");
     $db->query("DROP TABLE IF EXISTS {graphics_rules}");
     $db->query("DROP TABLE IF EXISTS {incoming_translations}");
-    $db->query("DROP TABLE IF EXISTS {failed_logins}");
+    $db->query("DROP TABLE IF EXISTS {failed_auths}");
     $db->query("DROP TABLE IF EXISTS {items}");
     $db->query("DROP TABLE IF EXISTS {logs}");
     $db->query("DROP TABLE IF EXISTS {modules}");
diff --git a/modules/gallery/models/failed_login.php b/modules/gallery/models/failed_auth.php
index 0b84c295..3c25f9d8 100644
--- a/modules/gallery/models/failed_login.php
+++ b/modules/gallery/models/failed_auth.php
@@ -17,4 +17,4 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
-class Failed_Login_Model extends ORM {}
+class Failed_Auth_Model extends ORM {}
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index fd241066..dac9e6ed 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
 name = "Gallery 3"
 description = "Gallery core application"
-version = 26
+version = 27
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index 374ae0d2..7cdd97c9 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -22,7 +22,7 @@ class Rest_Controller extends Controller {
     $username = Input::instance()->post("user");
     $password = Input::instance()->post("password");
 
-    if (empty($username) || auth::too_many_failed_logins($username)) {
+    if (empty($username) || auth::too_many_failures($username)) {
       throw new Rest_Exception("Forbidden", 403);
     }
 
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 83adc354..2675d918 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -84,6 +84,7 @@ class Users_Controller extends Controller {
       $user->save();
       module::event("user_change_password_form_completed", $user, $form);
       message::success(t("Password changed"));
+      module::event("user_authenticate", $user);
       module::event("user_password_change", $user);
       print json_encode(
         array("result" => "success",
@@ -91,7 +92,7 @@ class Users_Controller extends Controller {
     } else {
       log::warning("user", t("Failed password change for %name", array("name" => $user->name)));
       $name = $user->name;
-      module::event("user_password_change_failed", $name);
+      module::event("user_authenticate_failed", $name);
       print json_encode(array("result" => "error", "form" => (string) $form));
     }
   }
@@ -119,14 +120,14 @@ class Users_Controller extends Controller {
       $user->save();
       module::event("user_change_email_form_completed", $user, $form);
       message::success(t("Email address changed"));
-      module::event("user_login", $user);  // since there's no user_authenticated event
+      module::event("user_authenticate", $user);
       print json_encode(
         array("result" => "success",
               "resource" => url::site("users/{$user->id}")));
     } else {
       log::warning("user", t("Failed email change for %name", array("name" => $user->name)));
       $name = $user->name;
-      module::event("user_login_failed", $name);
+      module::event("user_authenticate_failed", $name);
       print json_encode(array("result" => "error", "form" => (string) $form));
     }
   }