feat(OCC): Add a command to get the bruteforce state of an IP

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2023-08-15 08:27:01 +0200
committer: Joas Schilling <coding@schilljs.com> 2023-08-21 16:36:05 +0200
commit: b2fd283a300d0c5b260d50bbf6ab7574b24dafe9 (patch)
tree: f33346182c213a756d33dbf33992aeff271a0ddb /core/Command/Security
parent: fd9b2d488e6083d6c1027551bb0190e5b7ee7a36 (diff)
download: nextcloud-server-b2fd283a300d0c5b260d50bbf6ab7574b24dafe9.tar.gz
nextcloud-server-b2fd283a300d0c5b260d50bbf6ab7574b24dafe9.zip
2 files changed, 94 insertions, 5 deletions
diff --git a/core/Command/Security/BruteforceAttempts.php b/core/Command/Security/BruteforceAttempts.php
new file mode 100644
index 00000000000..9cbf446958d
--- /dev/null
+++ b/core/Command/Security/BruteforceAttempts.php
@@ -0,0 +1,87 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2023 Joas Schilling <coding@schilljs.com>
+ *
+ * @author Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Core\Command\Security;
+
+use OC\Core\Command\Base;
+use OC\Security\Bruteforce\Throttler;
+use OCP\Security\Bruteforce\IThrottler;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class BruteforceAttempts extends Base {
+	/** @var Throttler */
+	protected IThrottler $throttler;
+
+	public function __construct(
+		IThrottler $throttler,
+	) {
+		parent::__construct();
+		$this->throttler = $throttler;
+	}
+
+	protected function configure(): void {
+		parent::configure();
+		$this
+			->setName('security:bruteforce:attempts')
+			->setDescription('resets bruteforce attempts for given IP address')
+			->addArgument(
+				'ipaddress',
+				InputArgument::REQUIRED,
+				'IP address for which the attempts are to be reset',
+			)
+			->addArgument(
+				'action',
+				InputArgument::OPTIONAL,
+				'Only count attempts for the given action',
+			)
+		;
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output): int {
+		$ip = $input->getArgument('ipaddress');
+
+		if (!filter_var($ip, FILTER_VALIDATE_IP)) {
+			$output->writeln('<error>"' . $ip . '" is not a valid IP address</error>');
+			return 1;
+		}
+
+		$data = [
+			'allow-listed' => $this->throttler->isIPWhitelisted($ip),
+			'attempts' => $this->throttler->getAttempts(
+				$ip,
+				(string) $input->getArgument('action'),
+			),
+			'delay' => $this->throttler->getDelay(
+				$ip,
+				(string) $input->getArgument('action'),
+			),
+		];
+
+		$this->writeArrayInOutputFormat($input, $output, $data);
+
+		return 0;
+	}
+}
diff --git a/core/Command/Security/ResetBruteforceAttempts.php b/core/Command/Security/BruteforceResetAttempts.php
index c0bc265c8f5..40d7c6848b2 100644
--- a/core/Command/Security/ResetBruteforceAttempts.php
+++ b/core/Command/Security/BruteforceResetAttempts.php
@@ -1,4 +1,6 @@
 <?php
+
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2020, Johannes Riedel (johannes@johannes-riedel.de)
  *
@@ -24,22 +26,22 @@
 namespace OC\Core\Command\Security;
 
 use OC\Core\Command\Base;
-use OC\Security\Bruteforce\Throttler;
+use OCP\Security\Bruteforce\IThrottler;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 
-class ResetBruteforceAttempts extends Base {
+class BruteforceResetAttempts extends Base {
 	public function __construct(
-		protected Throttler $throttler,
+		protected IThrottler $throttler,
 	) {
 		parent::__construct();
 	}
 
-	protected function configure() {
+	protected function configure(): void {
 		$this
 			->setName('security:bruteforce:reset')
-			->setDescription('resets bruteforce attemps for given IP address')
+			->setDescription('resets bruteforce attempts for given IP address')
 			->addArgument(
 				'ipaddress',
 				InputArgument::REQUIRED,
author	Joas Schilling <coding@schilljs.com>	2023-08-15 08:27:01 +0200
committer	Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:05 +0200
commit	b2fd283a300d0c5b260d50bbf6ab7574b24dafe9 (patch)
tree	f33346182c213a756d33dbf33992aeff271a0ddb /core/Command/Security
parent	fd9b2d488e6083d6c1027551bb0190e5b7ee7a36 (diff)
download	nextcloud-server-b2fd283a300d0c5b260d50bbf6ab7574b24dafe9.tar.gz nextcloud-server-b2fd283a300d0c5b260d50bbf6ab7574b24dafe9.zip