add action to existing brute force protection
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
0271ae3b46
commit
cdf01feba7
|
@ -205,8 +205,8 @@ class LoginController extends Controller {
|
|||
* @return RedirectResponse
|
||||
*/
|
||||
public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
|
||||
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress());
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress());
|
||||
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'login');
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
|
||||
|
||||
// If the user is already logged in and the CSRF check does not pass then
|
||||
// simply redirect the user to the correct page as required. This is the
|
||||
|
@ -230,7 +230,7 @@ class LoginController extends Controller {
|
|||
if ($loginResult === false) {
|
||||
$this->throttler->registerAttempt('login', $this->request->getRemoteAddress(), ['user' => $originalUser]);
|
||||
if($currentDelay === 0) {
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress());
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
|
||||
}
|
||||
$this->session->set('loginMessages', [
|
||||
['invalidpassword'], []
|
||||
|
@ -295,15 +295,15 @@ class LoginController extends Controller {
|
|||
* @return DataResponse
|
||||
*/
|
||||
public function confirmPassword($password) {
|
||||
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress());
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress());
|
||||
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'sudo');
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
|
||||
|
||||
$loginName = $this->userSession->getLoginName();
|
||||
$loginResult = $this->userManager->checkPassword($loginName, $password);
|
||||
if ($loginResult === false) {
|
||||
$this->throttler->registerAttempt('sudo', $this->request->getRemoteAddress(), ['user' => $loginName]);
|
||||
if ($currentDelay === 0) {
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress());
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
|
||||
}
|
||||
|
||||
return new DataResponse([], Http::STATUS_FORBIDDEN);
|
||||
|
|
|
@ -128,7 +128,7 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
|||
*/
|
||||
public function personCheck($login = '', $password = '') {
|
||||
if ($login !== '' && $password !== '') {
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress());
|
||||
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
|
||||
if ($this->userManager->checkPassword($login, $password)) {
|
||||
return new DataResponse([
|
||||
'person' => [
|
||||
|
|
|
@ -317,7 +317,7 @@ class Session implements IUserSession, Emitter {
|
|||
$password,
|
||||
IRequest $request,
|
||||
OC\Security\Bruteforce\Throttler $throttler) {
|
||||
$currentDelay = $throttler->sleepDelay($request->getRemoteAddress());
|
||||
$currentDelay = $throttler->sleepDelay($request->getRemoteAddress(), 'login');
|
||||
|
||||
$isTokenPassword = $this->isTokenPassword($password);
|
||||
if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
|
||||
|
@ -334,7 +334,7 @@ class Session implements IUserSession, Emitter {
|
|||
|
||||
$throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
|
||||
if($currentDelay === 0) {
|
||||
$throttler->sleepDelay($request->getRemoteAddress());
|
||||
$throttler->sleepDelay($request->getRemoteAddress(), 'login');
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue