feat: Expose if the own IP is allowed to bypass bruteforce protection

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2023-08-15 08:04:32 +0200
committer: Joas Schilling <coding@schilljs.com> 2023-08-21 16:36:04 +0200
commit: fd9b2d488e6083d6c1027551bb0190e5b7ee7a36 (patch)
tree: 4781506486a1950b19c28b2c8ff036e836e2bf03 /lib
parent: 2f06f2355d1f8a2963590c811c534a71dd7f0c7c (diff)
download: nextcloud-server-fd9b2d488e6083d6c1027551bb0190e5b7ee7a36.tar.gz
nextcloud-server-fd9b2d488e6083d6c1027551bb0190e5b7ee7a36.zip
2 files changed, 12 insertions, 22 deletions
diff --git a/lib/private/Security/Bruteforce/Capabilities.php b/lib/private/Security/Bruteforce/Capabilities.php
index 60cf3086f2d..4eada3d05f5 100644
--- a/lib/private/Security/Bruteforce/Capabilities.php
+++ b/lib/private/Security/Bruteforce/Capabilities.php
@@ -3,9 +3,11 @@
 declare(strict_types=1);
 
 /**
+ * @copyright Copyright (c) 2023 Joas Schilling <coding@schilljs.com>
  * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
  *
  * @author J0WI <J0WI@users.noreply.github.com>
+ * @author Joas Schilling <coding@schilljs.com>
  * @author Julius Härtl <jus@bitgrid.net>
  * @author Roeland Jago Douma <roeland@famdouma.nl>
  *
@@ -32,33 +34,21 @@ use OCP\Capabilities\IInitialStateExcludedCapability;
 use OCP\IRequest;
 
 class Capabilities implements IPublicCapability, IInitialStateExcludedCapability {
-	/** @var IRequest */
-	private $request;
-
-	/** @var Throttler */
-	private $throttler;
+	public function __construct(
+		private IRequest $request,
+		private Throttler $throttler,
+	) {
+	}
 
 	/**
-	 * Capabilities constructor.
-	 *
-	 * @param IRequest $request
-	 * @param Throttler $throttler
+	 * @return array{bruteforce: array{delay: int, allow-listed: bool}}
 	 */
-	public function __construct(IRequest $request,
-								Throttler $throttler) {
-		$this->request = $request;
-		$this->throttler = $throttler;
-	}
-
 	public function getCapabilities(): array {
-		if (version_compare(\OC::$server->getConfig()->getSystemValueString('version', '0.0.0.0'), '12.0.0.0', '<')) {
-			return [];
-		}
-
 		return [
 			'bruteforce' => [
-				'delay' => $this->throttler->getDelay($this->request->getRemoteAddress())
-			]
+				'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()),
+				'allow-listed' => $this->throttler->isIPWhitelisted($this->request->getRemoteAddress()),
+			],
 		];
 	}
 }
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 2ee4c23cd1e..5c4f4d320b1 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -110,7 +110,7 @@ class Throttler implements IThrottler {
 	 * @param string $ip
 	 * @return bool
 	 */
-	private function isIPWhitelisted(string $ip): bool {
+	public function isIPWhitelisted(string $ip): bool {
 		if (isset($this->ipIsWhitelisted[$ip])) {
 			return $this->ipIsWhitelisted[$ip];
 		}
author	Joas Schilling <coding@schilljs.com>	2023-08-15 08:04:32 +0200
committer	Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:04 +0200
commit	fd9b2d488e6083d6c1027551bb0190e5b7ee7a36 (patch)
tree	4781506486a1950b19c28b2c8ff036e836e2bf03 /lib
parent	2f06f2355d1f8a2963590c811c534a71dd7f0c7c (diff)
download	nextcloud-server-fd9b2d488e6083d6c1027551bb0190e5b7ee7a36.tar.gz nextcloud-server-fd9b2d488e6083d6c1027551bb0190e5b7ee7a36.zip