use OCP\IURLGenerator;
use OCP\Lock\ILockingProvider;
use OCP\Notification\IManager;
+use OCP\Security\Bruteforce\IThrottler;
use OCP\Security\ISecureRandom;
use Psr\Log\LoggerInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
private $iniGetWrapper;
/** @var IDBConnection */
private $connection;
+ /** @var IThrottler */
+ private $throttler;
/** @var ITempManager */
private $tempManager;
/** @var IManager */
ISecureRandom $secureRandom,
IniGetWrapper $iniGetWrapper,
IDBConnection $connection,
+ IThrottler $throttler,
ITempManager $tempManager,
IManager $manager,
IAppManager $appManager,
$this->eventDispatcher = $eventDispatcher;
$this->dispatcher = $dispatcher;
$this->db = $db;
+ $this->throttler = $throttler;
$this->lockingProvider = $lockingProvider;
$this->dateTimeFormatter = $dateTimeFormatter;
$this->memoryInfo = $memoryInfo;
'cronInfo' => $this->getLastCronInfo(),
'cronErrors' => $this->getCronErrors(),
'isFairUseOfFreePushService' => $this->isFairUseOfFreePushService(),
+ 'isBruteforceThrottled' => $this->throttler->getAttempts($this->request->getRemoteAddress()) !== 0,
+ 'bruteforceRemoteAddress' => $this->request->getRemoteAddress(),
'serverHasInternetConnectionProblems' => $this->hasInternetConnectivityProblems(),
'isMemcacheConfigured' => $this->isMemcacheConfigured(),
'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
use OCP\IURLGenerator;
use OCP\Lock\ILockingProvider;
use OCP\Notification\IManager;
+use OCP\Security\Bruteforce\IThrottler;
use PHPUnit\Framework\MockObject\MockObject;
use Psr\Http\Message\ResponseInterface;
use Psr\Log\LoggerInterface;
$this->logger = $this->getMockBuilder(LoggerInterface::class)->getMock();
$this->db = $this->getMockBuilder(Connection::class)
->disableOriginalConstructor()->getMock();
+ $this->throttler = $this->createMock(IThrottler::class);
$this->lockingProvider = $this->getMockBuilder(ILockingProvider::class)->getMock();
$this->dateTimeFormatter = $this->getMockBuilder(IDateTimeFormatter::class)->getMock();
$this->memoryInfo = $this->getMockBuilder(MemoryInfo::class)
$this->secureRandom,
$this->iniGetWrapper,
$this->connection,
+ $this->throttler,
$this->tempManager,
$this->notificationManager,
$this->appManager,
'isFairUseOfFreePushService' => false,
'temporaryDirectoryWritable' => false,
\OCA\Settings\SetupChecks\LdapInvalidUuids::class => ['pass' => true, 'description' => 'Invalid UUIDs of LDAP users or groups have been found. Please review your "Override UUID detection" settings in the Expert part of the LDAP configuration and use "occ ldap:update-uuid" to update them.', 'severity' => 'warning'],
+ 'isBruteforceThrottled' => false,
+ 'bruteforceRemoteAddress' => '',
]
);
$this->assertEquals($expected, $this->checkSetupController->check());
$this->secureRandom,
$this->iniGetWrapper,
$this->connection,
+ $this->throttler,
$this->tempManager,
$this->notificationManager,
$this->appManager,
$this->secureRandom,
$this->iniGetWrapper,
$this->connection,
+ $this->throttler,
$this->tempManager,
$this->notificationManager,
$this->appManager,
$this->secureRandom,
$this->iniGetWrapper,
$this->connection,
+ $this->throttler,
$this->tempManager,
$this->notificationManager,
$this->appManager,
type: OC.SetupChecks.MESSAGE_TYPE_INFO
});
}
+ if (data.isBruteforceThrottled) {
+ messages.push({
+ msg: t('core', 'Your remote address was identified as "{remoteAddress}" and is bruteforce throttled at the moment slowing down the performance of various requests. If the remote address is not your address this can be an indication that a proxy is not configured correctly. Further information can be found in the {linkstart}documentation ↗{linkend}.', { remoteAddress: data.bruteforceRemoteAddress })
+ .replace('{linkstart}', '<a target="_blank" rel="noreferrer noopener" class="external" href="' + data.reverseProxyDocs + '">')
+ .replace('{linkend}', '</a>'),
+ type: OC.SetupChecks.MESSAGE_TYPE_ERROR
+ });
+ }
if(!data.hasWorkingFileLocking) {
messages.push({
msg: t('core', 'Transactional file locking is disabled, this might lead to issues with race conditions. Enable "filelocking.enabled" in config.php to avoid these problems. See the {linkstart}documentation ↗{linkend} for more information.')
});
});
+ it('should return an error if the admin IP is bruteforce throttled', function(done) {
+ var async = OC.SetupChecks.checkSetup();
+
+ suite.server.requests[0].respond(
+ 200,
+ {
+ 'Content-Type': 'application/json',
+ },
+ JSON.stringify({
+ hasFileinfoInstalled: true,
+ isGetenvServerWorking: true,
+ isReadOnlyConfig: false,
+ wasEmailTestSuccessful: true,
+ hasWorkingFileLocking: true,
+ hasDBFileLocking: false,
+ hasValidTransactionIsolationLevel: true,
+ suggestedOverwriteCliURL: '',
+ isRandomnessSecure: true,
+ isFairUseOfFreePushService: true,
+ isBruteforceThrottled: true,
+ bruteforceRemoteAddress: '::1',
+ serverHasInternetConnectionProblems: false,
+ isMemcacheConfigured: true,
+ forwardedForHeadersWorking: true,
+ reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html',
+ isCorrectMemcachedPHPModuleInstalled: true,
+ hasPassedCodeIntegrityCheck: true,
+ OpcacheSetupRecommendations: [],
+ isSettimelimitAvailable: true,
+ hasFreeTypeSupport: true,
+ missingIndexes: [],
+ missingPrimaryKeys: [],
+ missingColumns: [],
+ cronErrors: [],
+ cronInfo: {
+ diffInSeconds: 0
+ },
+ isMemoryLimitSufficient: true,
+ appDirsWithDifferentOwner: [],
+ isImagickEnabled: true,
+ areWebauthnExtensionsEnabled: true,
+ is64bit: true,
+ recommendedPHPModules: [],
+ pendingBigIntConversionColumns: [],
+ isMysqlUsedWithoutUTF8MB4: false,
+ isDefaultPhoneRegionSet: true,
+ isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
+ reverseProxyGeneratedURL: 'https://server',
+ temporaryDirectoryWritable: true,
+ })
+ );
+
+ async.done(function( data, s, x ){
+ expect(data).toEqual([{
+ msg: 'Your remote address was identified as "::1" and is bruteforce throttled at the moment slowing down the performance of various requests. If the remote address is not your address this can be an indication that a proxy is not configured correctly. Further information can be found in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.nextcloud.com/foo/bar.html">documentation ↗</a>.',
+ type: OC.SetupChecks.MESSAGE_TYPE_ERROR
+ }]);
+ done();
+ });
+ });
+
it('should return an error if set_time_limit is unavailable', function(done) {
var async = OC.SetupChecks.checkSetup();
projects / nextcloud-server.git / commitdiff