diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-03-15 15:11:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-15 15:11:53 +0100 |
| commit | a30d7c51d361edd75c9b1d7f539f220a5a81be2e (patch) | |
| tree | 68959f116023ada6b26c08183adf99b3cad8a89e /lib/private/User | |
| parent | 95eefd38eb69a41aaa9e8e5800e0f88756df37f4 (diff) | |
| parent | 39c1b6f49ff8197ec1930d83831273f8be75cc31 (diff) | |
| download | nextcloud-server-a30d7c51d361edd75c9b1d7f539f220a5a81be2e.tar.gz nextcloud-server-a30d7c51d361edd75c9b1d7f539f220a5a81be2e.zip | |
Merge pull request #37227 from nextcloud/h1-dav-brute-force-protection
chore: use local variable for remote address
Diffstat (limited to 'lib/private/User')
| -rw-r--r-- | lib/private/User/Session.php | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index c7b11e22504..3e45ebeab2b 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -59,6 +59,7 @@ use OCP\ISession; use OCP\IUser; use OCP\IUserSession; use OCP\Lockdown\ILockdownManager; +use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ISecureRandom; use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\User\Events\PostLoginEvent; @@ -426,7 +427,8 @@ class Session implements IUserSession, Emitter { $password, IRequest $request, OC\Security\Bruteforce\Throttler $throttler) { - $currentDelay = $throttler->sleepDelay($request->getRemoteAddress(), 'login'); + $remoteAddress = $request->getRemoteAddress(); + $currentDelay = $throttler->sleepDelay($remoteAddress, 'login'); if ($this->manager instanceof PublicEmitter) { $this->manager->emit('\OC\User', 'preLogin', [$user, $password]); @@ -450,19 +452,12 @@ class Session implements IUserSession, Emitter { if (!$this->login($user, $password)) { // Failed, maybe the user used their email address if (!filter_var($user, FILTER_VALIDATE_EMAIL)) { + $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); return false; } $users = $this->manager->getByEmail($user); if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { - $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']); - - $throttler->registerAttempt('login', $request->getRemoteAddress(), ['user' => $user]); - - $this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user, $password)); - - if ($currentDelay === 0) { - $throttler->sleepDelay($request->getRemoteAddress(), 'login'); - } + $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); return false; } } @@ -477,6 +472,17 @@ class Session implements IUserSession, Emitter { return true; } + private function handleLoginFailed(IThrottler $throttler, int $currentDelay, string $remoteAddress, string $user, ?string $password) { + $this->logger->warning("Login failed: '" . $user . "' (Remote IP: '" . $remoteAddress . "')", ['app' => 'core']); + + $throttler->registerAttempt('login', $remoteAddress, ['user' => $user]); + $this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user, $password)); + + if ($currentDelay === 0) { + $throttler->sleepDelay($remoteAddress, 'login'); + } + } + protected function supportsCookies(IRequest $request) { if (!is_null($request->getCookie('cookie_test'))) { return true; |