Merge pull request #4630 from nextcloud/mark-ip-as-whitelisted-if-bruteforce-protection-is-disabled
Mark IP as whitelisted if brute force protection is disabled
This commit is contained in:
Morris Jobke
GitHub
commit
af6f5e8fad
|
|
@ -133,6 +133,10 @@ class Throttler {
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
private function isIPWhitelisted($ip) {
|
private function isIPWhitelisted($ip) {
|
||||||
|
if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
$keys = $this->config->getAppKeys('bruteForce');
|
$keys = $this->config->getAppKeys('bruteForce');
|
||||||
$keys = array_filter($keys, function($key) {
|
$keys = array_filter($keys, function($key) {
|
||||||
$regex = '/^whitelist_/S';
|
$regex = '/^whitelist_/S';
|
||||||
|
|
|
||||||
|
|
@ -54,19 +54,19 @@ class ThrottlerTest extends TestCase {
|
||||||
$this->logger,
|
$this->logger,
|
||||||
$this->config
|
$this->config
|
||||||
);
|
);
|
||||||
return parent::setUp();
|
parent::setUp();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testCutoff() {
|
public function testCutoff() {
|
||||||
// precisely 31 second shy of 12 hours
|
// precisely 31 second shy of 12 hours
|
||||||
$cutoff = $this->invokePrivate($this->throttler, 'getCutoff', [43169]);
|
$cutoff = self::invokePrivate($this->throttler, 'getCutoff', [43169]);
|
||||||
$this->assertSame(0, $cutoff->y);
|
$this->assertSame(0, $cutoff->y);
|
||||||
$this->assertSame(0, $cutoff->m);
|
$this->assertSame(0, $cutoff->m);
|
||||||
$this->assertSame(0, $cutoff->d);
|
$this->assertSame(0, $cutoff->d);
|
||||||
$this->assertSame(11, $cutoff->h);
|
$this->assertSame(11, $cutoff->h);
|
||||||
$this->assertSame(59, $cutoff->i);
|
$this->assertSame(59, $cutoff->i);
|
||||||
$this->assertSame(29, $cutoff->s);
|
$this->assertSame(29, $cutoff->s);
|
||||||
$cutoff = $this->invokePrivate($this->throttler, 'getCutoff', [86401]);
|
$cutoff = self::invokePrivate($this->throttler, 'getCutoff', [86401]);
|
||||||
$this->assertSame(0, $cutoff->y);
|
$this->assertSame(0, $cutoff->y);
|
||||||
$this->assertSame(0, $cutoff->m);
|
$this->assertSame(0, $cutoff->m);
|
||||||
$this->assertSame(1, $cutoff->d);
|
$this->assertSame(1, $cutoff->d);
|
||||||
|
|
@ -136,16 +136,23 @@ class ThrottlerTest extends TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider dataIsIPWhitelisted
|
|
||||||
*
|
|
||||||
* @param string $ip
|
* @param string $ip
|
||||||
* @param string[] $whitelists
|
* @param string[] $whitelists
|
||||||
* @param bool $isWhiteListed
|
* @param bool $isWhiteListed
|
||||||
|
* @param bool $enabled
|
||||||
*/
|
*/
|
||||||
public function testIsIPWhitelisted($ip, $whitelists, $isWhiteListed) {
|
private function isIpWhiteListedHelper($ip,
|
||||||
|
$whitelists,
|
||||||
|
$isWhiteListed,
|
||||||
|
$enabled) {
|
||||||
$this->config->method('getAppKeys')
|
$this->config->method('getAppKeys')
|
||||||
->with($this->equalTo('bruteForce'))
|
->with($this->equalTo('bruteForce'))
|
||||||
->willReturn(array_keys($whitelists));
|
->willReturn(array_keys($whitelists));
|
||||||
|
$this->config
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getSystemValue')
|
||||||
|
->with('auth.bruteforce.protection.enabled', true)
|
||||||
|
->willReturn($enabled);
|
||||||
|
|
||||||
$this->config->method('getAppValue')
|
$this->config->method('getAppValue')
|
||||||
->will($this->returnCallback(function($app, $key, $default) use ($whitelists) {
|
->will($this->returnCallback(function($app, $key, $default) use ($whitelists) {
|
||||||
|
|
@ -159,8 +166,44 @@ class ThrottlerTest extends TestCase {
|
||||||
}));
|
}));
|
||||||
|
|
||||||
$this->assertSame(
|
$this->assertSame(
|
||||||
|
($enabled === false) ? true : $isWhiteListed,
|
||||||
|
self::invokePrivate($this->throttler, 'isIPWhitelisted', [$ip])
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider dataIsIPWhitelisted
|
||||||
|
*
|
||||||
|
* @param string $ip
|
||||||
|
* @param string[] $whitelists
|
||||||
|
* @param bool $isWhiteListed
|
||||||
|
*/
|
||||||
|
public function testIsIpWhiteListedWithEnabledProtection($ip,
|
||||||
|
$whitelists,
|
||||||
|
$isWhiteListed) {
|
||||||
|
$this->isIpWhiteListedHelper(
|
||||||
|
$ip,
|
||||||
|
$whitelists,
|
||||||
$isWhiteListed,
|
$isWhiteListed,
|
||||||
$this->invokePrivate($this->throttler, 'isIPWhitelisted', [$ip])
|
true
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider dataIsIPWhitelisted
|
||||||
|
*
|
||||||
|
* @param string $ip
|
||||||
|
* @param string[] $whitelists
|
||||||
|
* @param bool $isWhiteListed
|
||||||
|
*/
|
||||||
|
public function testIsIpWhiteListedWithDisabledProtection($ip,
|
||||||
|
$whitelists,
|
||||||
|
$isWhiteListed) {
|
||||||
|
$this->isIpWhiteListedHelper(
|
||||||
|
$ip,
|
||||||
|
$whitelists,
|
||||||
|
$isWhiteListed,
|
||||||
|
false
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue