From 7cab7feb38b0456ac923869e7dad5976d2ab874a Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma
Date: Sat, 13 Jan 2018 21:12:22 +0100
Subject: [PATCH 1/3] Display message when connection is throttled on logi page
Signed-off-by: Roeland Jago Douma
---
core/Controller/LoginController.php | 16 ++++++++++++----
core/templates/login.php | 6 ++++++
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index e53095a7de..d3659a1c48 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -34,6 +34,7 @@
namespace OC\Core\Controller;
use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OC_App;
use OC_Util;
@@ -72,6 +73,8 @@ class LoginController extends Controller {
private $twoFactorManager;
/** @var Defaults */
private $defaults;
+ /** @var Throttler */
+ private $throttler;
/**
* @param string $appName
@@ -84,6 +87,7 @@ class LoginController extends Controller {
* @param ILogger $logger
* @param Manager $twoFactorManager
* @param Defaults $defaults
+ * @param Throttler $throttler
*/
public function __construct($appName,
IRequest $request,
@@ -94,7 +98,8 @@ class LoginController extends Controller {
IURLGenerator $urlGenerator,
ILogger $logger,
Manager $twoFactorManager,
- Defaults $defaults) {
+ Defaults $defaults,
+ Throttler $throttler) {
parent::__construct($appName, $request);
$this->userManager = $userManager;
$this->config = $config;
@@ -104,6 +109,7 @@ class LoginController extends Controller {
$this->logger = $logger;
$this->twoFactorManager = $twoFactorManager;
$this->defaults = $defaults;
+ $this->throttler = $throttler;
}
/**
@@ -153,7 +159,7 @@ class LoginController extends Controller {
}
$parameters['messages'] = $messages;
- if (!is_null($user) && $user !== '') {
+ if ($user !== null && $user !== '') {
$parameters['loginName'] = $user;
$parameters['user_autofocus'] = false;
} else {
@@ -167,7 +173,7 @@ class LoginController extends Controller {
$parameters['canResetPassword'] = true;
$parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
if (!$parameters['resetPasswordLink']) {
- if (!is_null($user) && $user !== '') {
+ if ($user !== null && $user !== '') {
$userObj = $this->userManager->get($user);
if ($userObj instanceof IUser) {
$parameters['canResetPassword'] = $userObj->canChangePassword();
@@ -181,7 +187,7 @@ class LoginController extends Controller {
$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
$parameters['hideRemeberLoginState'] = !empty($redirect_url) && $this->session->exists('client.flow.state.token');
- if (!is_null($user) && $user !== '') {
+ if ($user !== null && $user !== '') {
$parameters['loginName'] = $user;
$parameters['user_autofocus'] = false;
} else {
@@ -189,6 +195,8 @@ class LoginController extends Controller {
$parameters['user_autofocus'] = true;
}
+ $parameters['throttle_delay'] = $this->throttler->getDelay($this->request->getRemoteAddress());
+
// OpenGraph Support: http://ogp.me/
Util::addHeader('meta', ['property' => 'og:title', 'content' => Util::sanitizeHTML($this->defaults->getName())]);
Util::addHeader('meta', ['property' => 'og:description', 'content' => Util::sanitizeHTML($this->defaults->getSlogan())]);
diff --git a/core/templates/login.php b/core/templates/login.php
index de991e08d9..3452622907 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -62,6 +62,12 @@ script('core', 'merged-login');
+ 5000) { ?>
+
+ t('We have detected multiple invalid login attempts from your ip. Because of this we throttle your connection. Login can take up to 30 seconds.')); ?>
+
+
+
From b1d808470058f655fde6f29d04b542574a7a3e38 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma
Date: Sat, 13 Jan 2018 21:18:05 +0100
Subject: [PATCH 2/3] Fix tests
Signed-off-by: Roeland Jago Douma
---
tests/Core/Controller/LoginControllerTest.php | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index ddf7a865d6..c0de180abb 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -23,6 +23,7 @@ namespace Tests\Core\Controller;
use OC\Authentication\TwoFactorAuth\Manager;
use OC\Core\Controller\LoginController;
+use OC\Security\Bruteforce\Throttler;
use OC\User\Session;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
@@ -57,6 +58,8 @@ class LoginControllerTest extends TestCase {
private $twoFactorManager;
/** @var Defaults|\PHPUnit_Framework_MockObject_MockObject */
private $defaults;
+ /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
+ private $throttler;
public function setUp() {
parent::setUp();
@@ -69,6 +72,15 @@ class LoginControllerTest extends TestCase {
$this->logger = $this->createMock(ILogger::class);
$this->twoFactorManager = $this->createMock(Manager::class);
$this->defaults = $this->createMock(Defaults::class);
+ $this->throttler = $this->createMock(Throttler::class);
+
+ $this->request->method('getRemoteAddress')
+ ->willReturn('1.2.3.4');
+ $this->throttler->method('getDelay')
+ ->with(
+ $this->equalTo('1.2.3.4'),
+ $this->equalTo('')
+ )->willReturn(1000);
$this->loginController = new LoginController(
'core',
@@ -80,7 +92,8 @@ class LoginControllerTest extends TestCase {
$this->urlGenerator,
$this->logger,
$this->twoFactorManager,
- $this->defaults
+ $this->defaults,
+ $this->throttler
);
}
@@ -183,6 +196,7 @@ class LoginControllerTest extends TestCase {
'rememberLoginState' => 0,
'resetPasswordLink' => null,
'hideRemeberLoginState' => false,
+ 'throttle_delay' => 1000,
],
'guest'
);
@@ -213,6 +227,7 @@ class LoginControllerTest extends TestCase {
'rememberLoginState' => 0,
'resetPasswordLink' => null,
'hideRemeberLoginState' => true,
+ 'throttle_delay' => 1000,
],
'guest'
);
@@ -272,6 +287,7 @@ class LoginControllerTest extends TestCase {
'rememberLoginState' => 0,
'resetPasswordLink' => false,
'hideRemeberLoginState' => false,
+ 'throttle_delay' => 1000,
],
'guest'
);
@@ -311,6 +327,7 @@ class LoginControllerTest extends TestCase {
'rememberLoginState' => 0,
'resetPasswordLink' => false,
'hideRemeberLoginState' => false,
+ 'throttle_delay' => 1000,
],
'guest'
);
From a607d737c67d10bfd79b96345f2e9a400b1f600c Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma
Date: Mon, 15 Jan 2018 21:44:03 +0100
Subject: [PATCH 3/3] Fix wording
Signed-off-by: Roeland Jago Douma
---
core/templates/login.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/templates/login.php b/core/templates/login.php
index 3452622907..82594481d8 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -64,7 +64,7 @@ script('core', 'merged-login');
5000) { ?>
- t('We have detected multiple invalid login attempts from your ip. Because of this we throttle your connection. Login can take up to 30 seconds.')); ?>
+ t('We have detected multiple invalid login attempts from your IP. Therefore your next login is throttled up to 30 seconds.')); ?>