add action to existing brute force protection

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2017-01-17 17:21:27 +01:00
parent 0271ae3b46
commit cdf01feba7
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
3 changed files with 10 additions and 10 deletions

View File

@ -205,8 +205,8 @@ class LoginController extends Controller {
* @return RedirectResponse
*/
public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress());
$this->throttler->sleepDelay($this->request->getRemoteAddress());
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'login');
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
// If the user is already logged in and the CSRF check does not pass then
// simply redirect the user to the correct page as required. This is the
@ -230,7 +230,7 @@ class LoginController extends Controller {
if ($loginResult === false) {
$this->throttler->registerAttempt('login', $this->request->getRemoteAddress(), ['user' => $originalUser]);
if($currentDelay === 0) {
$this->throttler->sleepDelay($this->request->getRemoteAddress());
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
}
$this->session->set('loginMessages', [
['invalidpassword'], []
@ -295,15 +295,15 @@ class LoginController extends Controller {
* @return DataResponse
*/
public function confirmPassword($password) {
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress());
$this->throttler->sleepDelay($this->request->getRemoteAddress());
$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'sudo');
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
$loginName = $this->userSession->getLoginName();
$loginResult = $this->userManager->checkPassword($loginName, $password);
if ($loginResult === false) {
$this->throttler->registerAttempt('sudo', $this->request->getRemoteAddress(), ['user' => $loginName]);
if ($currentDelay === 0) {
$this->throttler->sleepDelay($this->request->getRemoteAddress());
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
}
return new DataResponse([], Http::STATUS_FORBIDDEN);

View File

@ -128,7 +128,7 @@ class OCSController extends \OCP\AppFramework\OCSController {
*/
public function personCheck($login = '', $password = '') {
if ($login !== '' && $password !== '') {
$this->throttler->sleepDelay($this->request->getRemoteAddress());
$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
if ($this->userManager->checkPassword($login, $password)) {
return new DataResponse([
'person' => [

View File

@ -317,7 +317,7 @@ class Session implements IUserSession, Emitter {
$password,
IRequest $request,
OC\Security\Bruteforce\Throttler $throttler) {
$currentDelay = $throttler->sleepDelay($request->getRemoteAddress());
$currentDelay = $throttler->sleepDelay($request->getRemoteAddress(), 'login');
$isTokenPassword = $this->isTokenPassword($password);
if (!$isTokenPassword && $this->isTokenAuthEnforced()) {
@ -334,7 +334,7 @@ class Session implements IUserSession, Emitter {
$throttler->registerAttempt('login', $request->getRemoteAddress(), ['uid' => $user]);
if($currentDelay === 0) {
$throttler->sleepDelay($request->getRemoteAddress());
$throttler->sleepDelay($request->getRemoteAddress(), 'login');
}
return false;
}