diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-07-20 18:36:15 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-07-20 22:08:56 +0200 |
| commit | ba4f12baa02dfb55ec8822687896d643261440c4 (patch) | |
| tree | 5dc95ab54a2ae169951693a43ba7aa6920d6f36a /tests/lib/User | |
| parent | 7cdf6402ff9a0e07866ca8bcfcffd0e0897b646a (diff) | |
| download | nextcloud-server-ba4f12baa02dfb55ec8822687896d643261440c4.tar.gz nextcloud-server-ba4f12baa02dfb55ec8822687896d643261440c4.zip | |
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
Diffstat (limited to 'tests/lib/User')
| -rw-r--r-- | tests/lib/User/SessionTest.php | 46 |
1 files changed, 35 insertions, 11 deletions
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 9bde2c664b6..33930a50ce5 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -9,6 +9,7 @@ namespace Test\User; +use OC\Security\Bruteforce\Throttler; use OC\Session\Memory; use OC\User\User; @@ -17,15 +18,14 @@ use OC\User\User; * @package Test\User */ class SessionTest extends \Test\TestCase { - /** @var \OCP\AppFramework\Utility\ITimeFactory */ private $timeFactory; - /** @var \OC\Authentication\Token\DefaultTokenProvider */ protected $tokenProvider; - /** @var \OCP\IConfig */ private $config; + /** @var Throttler */ + private $throttler; protected function setUp() { parent::setUp(); @@ -36,6 +36,8 @@ class SessionTest extends \Test\TestCase { ->will($this->returnValue(10000)); $this->tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider'); $this->config = $this->getMock('\OCP\IConfig'); + $this->throttler = $this->getMockBuilder('\OC\Security\Bruteforce\Throttler') + ->disableOriginalConstructor()->getMock(); } public function testGetUser() { @@ -353,7 +355,6 @@ class SessionTest extends \Test\TestCase { ->getMock(); $session = $this->getMock('\OCP\ISession'); $request = $this->getMock('\OCP\IRequest'); - $user = $this->getMock('\OCP\IUser'); /** @var \OC\User\Session $userSession */ $userSession = $this->getMockBuilder('\OC\User\Session') @@ -369,8 +370,16 @@ class SessionTest extends \Test\TestCase { ->method('getSystemValue') ->with('token_auth_enforced', false) ->will($this->returnValue(true)); - - $userSession->logClientIn('john', 'doe', $request); + $request + ->expects($this->once()) + ->method('getRemoteAddress') + ->willReturn('192.168.0.1'); + $this->throttler + ->expects($this->once()) + ->method('sleepDelay') + ->with('192.168.0.1'); + + $userSession->logClientIn('john', 'doe', $request, $this->throttler); } public function testLogClientInWithTokenPassword() { @@ -379,7 +388,6 @@ class SessionTest extends \Test\TestCase { ->getMock(); $session = $this->getMock('\OCP\ISession'); $request = $this->getMock('\OCP\IRequest'); - $user = $this->getMock('\OCP\IUser'); /** @var \OC\User\Session $userSession */ $userSession = $this->getMockBuilder('\OC\User\Session') @@ -398,8 +406,16 @@ class SessionTest extends \Test\TestCase { $session->expects($this->once()) ->method('set') ->with('app_password', 'I-AM-AN-APP-PASSWORD'); - - $this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request)); + $request + ->expects($this->once()) + ->method('getRemoteAddress') + ->willReturn('192.168.0.1'); + $this->throttler + ->expects($this->once()) + ->method('sleepDelay') + ->with('192.168.0.1'); + + $this->assertTrue($userSession->logClientIn('john', 'I-AM-AN-APP-PASSWORD', $request, $this->throttler)); } /** @@ -410,7 +426,6 @@ class SessionTest extends \Test\TestCase { ->disableOriginalConstructor() ->getMock(); $session = $this->getMock('\OCP\ISession'); - $user = $this->getMock('\OCP\IUser'); $request = $this->getMock('\OCP\IRequest'); /** @var \OC\User\Session $userSession */ @@ -433,7 +448,16 @@ class SessionTest extends \Test\TestCase { ->with('john') ->will($this->returnValue(true)); - $userSession->logClientIn('john', 'doe', $request); + $request + ->expects($this->once()) + ->method('getRemoteAddress') + ->willReturn('192.168.0.1'); + $this->throttler + ->expects($this->once()) + ->method('sleepDelay') + ->with('192.168.0.1'); + + $userSession->logClientIn('john', 'doe', $request, $this->throttler); } public function testRememberLoginValidToken() { |