diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2020-05-25 14:04:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-25 14:04:18 +0200 |
| commit | e57bca31adc9a2591357825fa7042596fcb51f7d (patch) | |
| tree | e7880a8fa58482fcfb07c104a5bf85de96b9cb8a /core | |
| parent | cbde1d102c06f44d9b4f84cb3d72f9fbf0a3beb5 (diff) | |
| parent | bd997a105cc582180bb36dad3ca8ffce25fc9e34 (diff) | |
| download | nextcloud-server-e57bca31adc9a2591357825fa7042596fcb51f7d.tar.gz nextcloud-server-e57bca31adc9a2591357825fa7042596fcb51f7d.zip | |
Merge pull request #20005 from joeried/occ-remove-bruteforce-attempts-by-ip
Implement occ command to reset bruteforce attemps from a given IP address
Diffstat (limited to 'core')
| -rw-r--r-- | core/Command/Security/ResetBruteforceAttempts.php | 62 | ||||
| -rw-r--r-- | core/register_command.php | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/core/Command/Security/ResetBruteforceAttempts.php b/core/Command/Security/ResetBruteforceAttempts.php new file mode 100644 index 00000000000..dcb827f8ddb --- /dev/null +++ b/core/Command/Security/ResetBruteforceAttempts.php @@ -0,0 +1,62 @@ +<?php +/** + * @copyright Copyright (c) 2020, Johannes Riedel (johannes@johannes-riedel.de) + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +namespace OC\Core\Command\Security; + +use OC\Core\Command\Base; +use OC\Security\Bruteforce\Throttler; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class ResetBruteforceAttempts extends Base { + + /** @var Throttler */ + protected $throttler; + + public function __construct(Throttler $throttler) { + $this->throttler = $throttler; + parent::__construct(); + } + + protected function configure() { + $this + ->setName('security:bruteforce:reset') + ->setDescription('resets bruteforce attemps for given IP address') + ->addArgument( + 'ipaddress', + InputArgument::REQUIRED, + 'IP address for which the attempts are to be reset' + ); + } + + protected function execute(InputInterface $input, OutputInterface $output) { + $ip = $input->getArgument('ipaddress'); + + if (!filter_var($ip, FILTER_VALIDATE_IP)) { + $output->writeln('<error>"' . $ip . '" is not a valid IP address</error>'); + return 1; + } + + $this->throttler->resetDelayForIP($ip); + } +} diff --git a/core/register_command.php b/core/register_command.php index e355d1429c1..d818423d1ab 100644 --- a/core/register_command.php +++ b/core/register_command.php @@ -175,6 +175,7 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) { $application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(null), \OC::$server->getL10N('core'))); $application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager(null))); $application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager(null))); + $application->add(new OC\Core\Command\Security\ResetBruteforceAttempts(\OC::$server->getBruteForceThrottler())); } else { $application->add(new OC\Core\Command\Maintenance\Install(\OC::$server->getSystemConfig())); } |