summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-07-14 15:20:31 +0200
committerGitHub <noreply@github.com>2017-07-14 15:20:31 +0200
commita79447c6fdad379a1d254e2e379ac45b6acd0345 (patch)
tree199b09b3617c0142e7310ad87aa8c4725fb4ef35
parentf90f4db0cd364528543a8f28aa9df5ce1d83d1cc (diff)
parent23129aa5553d02ff72cc06bcd1cea3873f292325 (diff)
downloadnextcloud-server-a79447c6fdad379a1d254e2e379ac45b6acd0345.tar.gz
nextcloud-server-a79447c6fdad379a1d254e2e379ac45b6acd0345.zip
Merge pull request #5699 from nextcloud/bruteforce_capability
Add bruteforce capabilities
-rw-r--r--lib/composer/composer/autoload_classmap.php1
-rw-r--r--lib/composer/composer/autoload_static.php1
-rw-r--r--lib/private/Security/Bruteforce/Capabilities.php52
-rw-r--r--lib/private/Server.php3
-rw-r--r--tests/lib/Security/Bruteforce/CapabilitiesTest.php68
5 files changed, 125 insertions, 0 deletions
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 74bd83cd20d..5bfabba2e01 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -770,6 +770,7 @@ return array(
'OC\\Search\\Result\\File' => $baseDir . '/lib/private/Search/Result/File.php',
'OC\\Search\\Result\\Folder' => $baseDir . '/lib/private/Search/Result/Folder.php',
'OC\\Search\\Result\\Image' => $baseDir . '/lib/private/Search/Result/Image.php',
+ 'OC\\Security\\Bruteforce\\Capabilities' => $baseDir . '/lib/private/Security/Bruteforce/Capabilities.php',
'OC\\Security\\Bruteforce\\Throttler' => $baseDir . '/lib/private/Security/Bruteforce/Throttler.php',
'OC\\Security\\CSP\\ContentSecurityPolicy' => $baseDir . '/lib/private/Security/CSP/ContentSecurityPolicy.php',
'OC\\Security\\CSP\\ContentSecurityPolicyManager' => $baseDir . '/lib/private/Security/CSP/ContentSecurityPolicyManager.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 79b8214d843..2c7ffc420fd 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -800,6 +800,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Search\\Result\\File' => __DIR__ . '/../../..' . '/lib/private/Search/Result/File.php',
'OC\\Search\\Result\\Folder' => __DIR__ . '/../../..' . '/lib/private/Search/Result/Folder.php',
'OC\\Search\\Result\\Image' => __DIR__ . '/../../..' . '/lib/private/Search/Result/Image.php',
+ 'OC\\Security\\Bruteforce\\Capabilities' => __DIR__ . '/../../..' . '/lib/private/Security/Bruteforce/Capabilities.php',
'OC\\Security\\Bruteforce\\Throttler' => __DIR__ . '/../../..' . '/lib/private/Security/Bruteforce/Throttler.php',
'OC\\Security\\CSP\\ContentSecurityPolicy' => __DIR__ . '/../../..' . '/lib/private/Security/CSP/ContentSecurityPolicy.php',
'OC\\Security\\CSP\\ContentSecurityPolicyManager' => __DIR__ . '/../../..' . '/lib/private/Security/CSP/ContentSecurityPolicyManager.php',
diff --git a/lib/private/Security/Bruteforce/Capabilities.php b/lib/private/Security/Bruteforce/Capabilities.php
new file mode 100644
index 00000000000..f366dbc2bb6
--- /dev/null
+++ b/lib/private/Security/Bruteforce/Capabilities.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Security\Bruteforce;
+
+use OCP\Capabilities\IPublicCapability;
+use OCP\IRequest;
+
+class Capabilities implements IPublicCapability {
+ /** @var IRequest */
+ private $request;
+
+ /** @var Throttler */
+ private $throttler;
+
+ /**
+ * Capabilities constructor.
+ *
+ * @param IRequest $request
+ * @param Throttler $throttler
+ */
+ public function __construct(IRequest $request,
+ Throttler $throttler) {
+ $this->request = $request;
+ $this->throttler = $throttler;
+ }
+
+ public function getCapabilities() {
+ return [
+ 'bruteforce' => [
+ 'delay' => $this->throttler->getDelay($this->request->getRemoteAddress())
+ ]
+ ];
+ }
+}
diff --git a/lib/private/Server.php b/lib/private/Server.php
index f8fd63a9d5d..be432c0cf28 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -836,6 +836,9 @@ class Server extends ServerContainer implements IServerContainer {
$manager->registerCapability(function () use ($c) {
return new \OC\OCS\CoreCapabilities($c->getConfig());
});
+ $manager->registerCapability(function () use ($c) {
+ return $c->query(\OC\Security\Bruteforce\Capabilities::class);
+ });
return $manager;
});
$this->registerAlias('CapabilitiesManager', \OC\CapabilitiesManager::class);
diff --git a/tests/lib/Security/Bruteforce/CapabilitiesTest.php b/tests/lib/Security/Bruteforce/CapabilitiesTest.php
new file mode 100644
index 00000000000..6ebaf79ddaf
--- /dev/null
+++ b/tests/lib/Security/Bruteforce/CapabilitiesTest.php
@@ -0,0 +1,68 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace Test\Security\Bruteforce;
+
+use OC\Security\Bruteforce\Capabilities;
+use OC\Security\Bruteforce\Throttler;
+use OCP\IRequest;
+use Test\TestCase;
+
+class CapabilitiesTest extends TestCase {
+ /** @var Capabilities */
+ private $capabilities;
+
+ /** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+ private $request;
+
+ /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
+ private $throttler;
+
+ public function setUp() {
+ parent::setUp();
+
+ $this->request = $this->createMock(IRequest::class);
+ $this->request->method('getRemoteAddress')
+ ->willReturn('10.10.10.10');
+
+ $this->throttler = $this->createMock(Throttler::class);
+
+ $this->capabilities = new Capabilities(
+ $this->request,
+ $this->throttler
+ );
+ }
+
+ public function testGetCapabilities() {
+ $this->throttler->expects($this->atLeastOnce())
+ ->method('getDelay')
+ ->with('10.10.10.10')
+ ->willReturn(42);
+
+ $expected = [
+ 'bruteforce' => [
+ 'delay' => 42
+ ]
+ ];
+ $result = $this->capabilities->getCapabilities();
+
+ $this->assertEquals($expected, $result);
+ }
+}