diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-11-24 15:53:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-24 15:53:08 +0100 |
| commit | ee4262f5673af221af6c141196468c260e1fc25c (patch) | |
| tree | 7772e8fcf62c5b298c3faf6cf7efa74a5f885128 /lib | |
| parent | 44adcad757cc76a3352440b7645acbaae4a0682c (diff) | |
| parent | 5a270c271567d3c6ef9d0f1f78814b5b249ca2fe (diff) | |
| download | nextcloud-server-ee4262f5673af221af6c141196468c260e1fc25c.tar.gz nextcloud-server-ee4262f5673af221af6c141196468c260e1fc25c.zip | |
Merge pull request #7263 from nextcloud/clean-bruteforce-attempt-on-success
Reset bruteforce attempt table on successful login
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 16 | ||||
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 27 |
2 files changed, 39 insertions, 4 deletions
diff --git a/lib/base.php b/lib/base.php index dc09d0f533d..6193b591ab5 100644 --- a/lib/base.php +++ b/lib/base.php @@ -730,7 +730,7 @@ class OC { OC_User::setIncognitoMode(true); } - self::registerCacheHooks(); + self::registerCleanupHooks(); self::registerFilesystemHooks(); self::registerShareHooks(); self::registerEncryptionWrapper(); @@ -802,15 +802,23 @@ class OC { } /** - * register hooks for the cache + * register hooks for the cleanup of cache and bruteforce protection */ - public static function registerCacheHooks() { + public static function registerCleanupHooks() { //don't try to do this before we are properly setup if (\OC::$server->getSystemConfig()->getValue('installed', false) && !self::checkUpgrade(false)) { // NOTE: This will be replaced to use OCP $userSession = self::$server->getUserSession(); - $userSession->listen('\OC\User', 'postLogin', function () { + $userSession->listen('\OC\User', 'postLogin', function () use ($userSession) { + if (!defined('PHPUNIT_RUN')) { + // reset brute force delay for this IP address and username + $uid = \OC::$server->getUserSession()->getUser()->getUID(); + $request = \OC::$server->getRequest(); + $throttler = \OC::$server->getBruteForceThrottler(); + $throttler->resetDelay($request->getRemoteAddress(), 'login', ['user' => $uid]); + } + try { $cache = new \OC\Cache\File(); $cache->gc(); diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 1626cee8cb3..f08b721d143 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -243,6 +243,33 @@ class Throttler { } /** + * Reset the throttling delay for an IP address, action and metadata + * + * @param string $ip + * @param string $action + * @param string $metadata + */ + public function resetDelay($ip, $action, $metadata) { + $ipAddress = new IpAddress($ip); + if ($this->isIPWhitelisted((string)$ipAddress)) { + return; + } + + $cutoffTime = (new \DateTime()) + ->sub($this->getCutoff(43200)) + ->getTimestamp(); + + $qb = $this->db->getQueryBuilder(); + $qb->delete('bruteforce_attempts') + ->where($qb->expr()->gt('occurred', $qb->createNamedParameter($cutoffTime))) + ->andWhere($qb->expr()->eq('subnet', $qb->createNamedParameter($ipAddress->getSubnet()))) + ->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action))) + ->andWhere($qb->expr()->eq('metadata', $qb->createNamedParameter(json_encode($metadata)))); + + $qb->execute(); + } + + /** * Will sleep for the defined amount of time * * @param string $ip |