diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-08-15 08:04:32 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-08-23 06:44:07 +0200 |
| commit | b55359b23c92bab55fadfcf7cd0148ba56faa79b (patch) | |
| tree | a7dd0ef0aa6c88761f31313902832513e6a4b7de /lib | |
| parent | 5c0789197f2f8f6d4ca088d28f4aae2fc4b8e351 (diff) | |
| download | nextcloud-server-b55359b23c92bab55fadfcf7cd0148ba56faa79b.tar.gz nextcloud-server-b55359b23c92bab55fadfcf7cd0148ba56faa79b.zip | |
feat: Expose if the own IP is allowed to bypass bruteforce protection
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Security/Bruteforce/Capabilities.php | 32 | ||||
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 2 |
2 files changed, 12 insertions, 22 deletions
diff --git a/lib/private/Security/Bruteforce/Capabilities.php b/lib/private/Security/Bruteforce/Capabilities.php index 60cf3086f2d..4eada3d05f5 100644 --- a/lib/private/Security/Bruteforce/Capabilities.php +++ b/lib/private/Security/Bruteforce/Capabilities.php @@ -3,9 +3,11 @@ declare(strict_types=1); /** + * @copyright Copyright (c) 2023 Joas Schilling <coding@schilljs.com> * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl> * * @author J0WI <J0WI@users.noreply.github.com> + * @author Joas Schilling <coding@schilljs.com> * @author Julius Härtl <jus@bitgrid.net> * @author Roeland Jago Douma <roeland@famdouma.nl> * @@ -32,33 +34,21 @@ use OCP\Capabilities\IInitialStateExcludedCapability; use OCP\IRequest; class Capabilities implements IPublicCapability, IInitialStateExcludedCapability { - /** @var IRequest */ - private $request; - - /** @var Throttler */ - private $throttler; + public function __construct( + private IRequest $request, + private Throttler $throttler, + ) { + } /** - * Capabilities constructor. - * - * @param IRequest $request - * @param Throttler $throttler + * @return array{bruteforce: array{delay: int, allow-listed: bool}} */ - public function __construct(IRequest $request, - Throttler $throttler) { - $this->request = $request; - $this->throttler = $throttler; - } - public function getCapabilities(): array { - if (version_compare(\OC::$server->getConfig()->getSystemValueString('version', '0.0.0.0'), '12.0.0.0', '<')) { - return []; - } - return [ 'bruteforce' => [ - 'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()) - ] + 'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()), + 'allow-listed' => $this->throttler->isIPWhitelisted($this->request->getRemoteAddress()), + ], ]; } } diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 01032c415ff..ce70d091f7c 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -110,7 +110,7 @@ class Throttler implements IThrottler { * @param string $ip * @return bool */ - private function isIPWhitelisted(string $ip): bool { + public function isIPWhitelisted(string $ip): bool { if (isset($this->ipIsWhitelisted[$ip])) { return $this->ipIsWhitelisted[$ip]; } |