diff options
author | Joas Schilling <coding@schilljs.com> | 2023-08-15 08:27:01 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2023-08-21 16:36:05 +0200 |
commit | b2fd283a300d0c5b260d50bbf6ab7574b24dafe9 (patch) | |
tree | f33346182c213a756d33dbf33992aeff271a0ddb /core | |
parent | fd9b2d488e6083d6c1027551bb0190e5b7ee7a36 (diff) | |
download | nextcloud-server-b2fd283a300d0c5b260d50bbf6ab7574b24dafe9.tar.gz nextcloud-server-b2fd283a300d0c5b260d50bbf6ab7574b24dafe9.zip |
feat(OCC): Add a command to get the bruteforce state of an IP
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'core')
-rw-r--r-- | core/Command/Security/BruteforceAttempts.php | 87 | ||||
-rw-r--r-- | core/Command/Security/BruteforceResetAttempts.php (renamed from core/Command/Security/ResetBruteforceAttempts.php) | 12 | ||||
-rw-r--r-- | core/register_command.php | 3 |
3 files changed, 96 insertions, 6 deletions
diff --git a/core/Command/Security/BruteforceAttempts.php b/core/Command/Security/BruteforceAttempts.php new file mode 100644 index 00000000000..9cbf446958d --- /dev/null +++ b/core/Command/Security/BruteforceAttempts.php @@ -0,0 +1,87 @@ +<?php + +declare(strict_types=1); +/** + * @copyright Copyright (c) 2023 Joas Schilling <coding@schilljs.com> + * + * @author Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OC\Core\Command\Security; + +use OC\Core\Command\Base; +use OC\Security\Bruteforce\Throttler; +use OCP\Security\Bruteforce\IThrottler; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class BruteforceAttempts extends Base { + /** @var Throttler */ + protected IThrottler $throttler; + + public function __construct( + IThrottler $throttler, + ) { + parent::__construct(); + $this->throttler = $throttler; + } + + protected function configure(): void { + parent::configure(); + $this + ->setName('security:bruteforce:attempts') + ->setDescription('resets bruteforce attempts for given IP address') + ->addArgument( + 'ipaddress', + InputArgument::REQUIRED, + 'IP address for which the attempts are to be reset', + ) + ->addArgument( + 'action', + InputArgument::OPTIONAL, + 'Only count attempts for the given action', + ) + ; + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $ip = $input->getArgument('ipaddress'); + + if (!filter_var($ip, FILTER_VALIDATE_IP)) { + $output->writeln('<error>"' . $ip . '" is not a valid IP address</error>'); + return 1; + } + + $data = [ + 'allow-listed' => $this->throttler->isIPWhitelisted($ip), + 'attempts' => $this->throttler->getAttempts( + $ip, + (string) $input->getArgument('action'), + ), + 'delay' => $this->throttler->getDelay( + $ip, + (string) $input->getArgument('action'), + ), + ]; + + $this->writeArrayInOutputFormat($input, $output, $data); + + return 0; + } +} diff --git a/core/Command/Security/ResetBruteforceAttempts.php b/core/Command/Security/BruteforceResetAttempts.php index c0bc265c8f5..40d7c6848b2 100644 --- a/core/Command/Security/ResetBruteforceAttempts.php +++ b/core/Command/Security/BruteforceResetAttempts.php @@ -1,4 +1,6 @@ <?php + +declare(strict_types=1); /** * @copyright Copyright (c) 2020, Johannes Riedel (johannes@johannes-riedel.de) * @@ -24,22 +26,22 @@ namespace OC\Core\Command\Security; use OC\Core\Command\Base; -use OC\Security\Bruteforce\Throttler; +use OCP\Security\Bruteforce\IThrottler; use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; -class ResetBruteforceAttempts extends Base { +class BruteforceResetAttempts extends Base { public function __construct( - protected Throttler $throttler, + protected IThrottler $throttler, ) { parent::__construct(); } - protected function configure() { + protected function configure(): void { $this ->setName('security:bruteforce:reset') - ->setDescription('resets bruteforce attemps for given IP address') + ->setDescription('resets bruteforce attempts for given IP address') ->addArgument( 'ipaddress', InputArgument::REQUIRED, diff --git a/core/register_command.php b/core/register_command.php index df39ad4484c..c9b6cc99901 100644 --- a/core/register_command.php +++ b/core/register_command.php @@ -209,7 +209,8 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) { $application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(), \OC::$server->getL10N('core'))); $application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager())); $application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager())); - $application->add(new OC\Core\Command\Security\ResetBruteforceAttempts(\OC::$server->getBruteForceThrottler())); + $application->add(\OC::$server->get(\OC\Core\Command\Security\BruteforceAttempts::class)); + $application->add(\OC::$server->get(\OC\Core\Command\Security\BruteforceResetAttempts::class)); } else { $application->add(\OC::$server->get(\OC\Core\Command\Maintenance\Install::class)); } |