summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2017-07-12 21:46:25 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2017-07-13 11:23:08 +0200
commit6a1f2ac0764cec5ceaeedc51bfe93ad6a81f0071 (patch)
tree6d4f17b078b10c5c11f07a83fd84311a03bc1ea8
parent598835b06fdd12a46253a44729eb602bc170b76b (diff)
downloadnextcloud-server-6a1f2ac0764cec5ceaeedc51bfe93ad6a81f0071.tar.gz
nextcloud-server-6a1f2ac0764cec5ceaeedc51bfe93ad6a81f0071.zip
Add bruteforce capabilities
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r--lib/private/Security/Bruteforce/Capabilities.php52
-rw-r--r--lib/private/Server.php3
-rw-r--r--tests/lib/Security/Bruteforce/CapabilitiesTest.php68
3 files changed, 123 insertions, 0 deletions
diff --git a/lib/private/Security/Bruteforce/Capabilities.php b/lib/private/Security/Bruteforce/Capabilities.php
new file mode 100644
index 00000000000..f366dbc2bb6
--- /dev/null
+++ b/lib/private/Security/Bruteforce/Capabilities.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Security\Bruteforce;
+
+use OCP\Capabilities\IPublicCapability;
+use OCP\IRequest;
+
+class Capabilities implements IPublicCapability {
+ /** @var IRequest */
+ private $request;
+
+ /** @var Throttler */
+ private $throttler;
+
+ /**
+ * Capabilities constructor.
+ *
+ * @param IRequest $request
+ * @param Throttler $throttler
+ */
+ public function __construct(IRequest $request,
+ Throttler $throttler) {
+ $this->request = $request;
+ $this->throttler = $throttler;
+ }
+
+ public function getCapabilities() {
+ return [
+ 'bruteforce' => [
+ 'delay' => $this->throttler->getDelay($this->request->getRemoteAddress())
+ ]
+ ];
+ }
+}
diff --git a/lib/private/Server.php b/lib/private/Server.php
index f8fd63a9d5d..be432c0cf28 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -836,6 +836,9 @@ class Server extends ServerContainer implements IServerContainer {
$manager->registerCapability(function () use ($c) {
return new \OC\OCS\CoreCapabilities($c->getConfig());
});
+ $manager->registerCapability(function () use ($c) {
+ return $c->query(\OC\Security\Bruteforce\Capabilities::class);
+ });
return $manager;
});
$this->registerAlias('CapabilitiesManager', \OC\CapabilitiesManager::class);
diff --git a/tests/lib/Security/Bruteforce/CapabilitiesTest.php b/tests/lib/Security/Bruteforce/CapabilitiesTest.php
new file mode 100644
index 00000000000..6ebaf79ddaf
--- /dev/null
+++ b/tests/lib/Security/Bruteforce/CapabilitiesTest.php
@@ -0,0 +1,68 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace Test\Security\Bruteforce;
+
+use OC\Security\Bruteforce\Capabilities;
+use OC\Security\Bruteforce\Throttler;
+use OCP\IRequest;
+use Test\TestCase;
+
+class CapabilitiesTest extends TestCase {
+ /** @var Capabilities */
+ private $capabilities;
+
+ /** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+ private $request;
+
+ /** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
+ private $throttler;
+
+ public function setUp() {
+ parent::setUp();
+
+ $this->request = $this->createMock(IRequest::class);
+ $this->request->method('getRemoteAddress')
+ ->willReturn('10.10.10.10');
+
+ $this->throttler = $this->createMock(Throttler::class);
+
+ $this->capabilities = new Capabilities(
+ $this->request,
+ $this->throttler
+ );
+ }
+
+ public function testGetCapabilities() {
+ $this->throttler->expects($this->atLeastOnce())
+ ->method('getDelay')
+ ->with('10.10.10.10')
+ ->willReturn(42);
+
+ $expected = [
+ 'bruteforce' => [
+ 'delay' => 42
+ ]
+ ];
+ $result = $this->capabilities->getCapabilities();
+
+ $this->assertEquals($expected, $result);
+ }
+}