diff options
Diffstat (limited to 'core/Command/Security')
| -rw-r--r-- | core/Command/Security/BruteforceAttempts.php | 65 | ||||
| -rw-r--r-- | core/Command/Security/BruteforceResetAttempts.php | 45 | ||||
| -rw-r--r-- | core/Command/Security/ExportCertificates.php | 35 | ||||
| -rw-r--r-- | core/Command/Security/ImportCertificate.php | 31 | ||||
| -rw-r--r-- | core/Command/Security/ListCertificates.php | 33 | ||||
| -rw-r--r-- | core/Command/Security/RemoveCertificate.php | 31 | ||||
| -rw-r--r-- | core/Command/Security/ResetBruteforceAttempts.php | 62 |
7 files changed, 169 insertions, 133 deletions
diff --git a/core/Command/Security/BruteforceAttempts.php b/core/Command/Security/BruteforceAttempts.php new file mode 100644 index 00000000000..d5fa0a284fd --- /dev/null +++ b/core/Command/Security/BruteforceAttempts.php @@ -0,0 +1,65 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Core\Command\Security; + +use OC\Core\Command\Base; +use OCP\Security\Bruteforce\IThrottler; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class BruteforceAttempts extends Base { + public function __construct( + protected IThrottler $throttler, + ) { + parent::__construct(); + } + + protected function configure(): void { + parent::configure(); + $this + ->setName('security:bruteforce:attempts') + ->setDescription('Show bruteforce attempts status for a given IP address') + ->addArgument( + 'ipaddress', + InputArgument::REQUIRED, + 'IP address for which the attempts status is to be shown', + ) + ->addArgument( + 'action', + InputArgument::OPTIONAL, + 'Only count attempts for the given action', + ) + ; + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $ip = $input->getArgument('ipaddress'); + + if (!filter_var($ip, FILTER_VALIDATE_IP)) { + $output->writeln('<error>"' . $ip . '" is not a valid IP address</error>'); + return 1; + } + + $data = [ + 'bypass-listed' => $this->throttler->isBypassListed($ip), + 'attempts' => $this->throttler->getAttempts( + $ip, + (string)$input->getArgument('action'), + ), + 'delay' => $this->throttler->getDelay( + $ip, + (string)$input->getArgument('action'), + ), + ]; + + $this->writeArrayInOutputFormat($input, $output, $data); + + return 0; + } +} diff --git a/core/Command/Security/BruteforceResetAttempts.php b/core/Command/Security/BruteforceResetAttempts.php new file mode 100644 index 00000000000..6987c0ef682 --- /dev/null +++ b/core/Command/Security/BruteforceResetAttempts.php @@ -0,0 +1,45 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Core\Command\Security; + +use OC\Core\Command\Base; +use OCP\Security\Bruteforce\IThrottler; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class BruteforceResetAttempts extends Base { + public function __construct( + protected IThrottler $throttler, + ) { + parent::__construct(); + } + + protected function configure(): void { + $this + ->setName('security:bruteforce:reset') + ->setDescription('resets bruteforce attempts for given IP address') + ->addArgument( + 'ipaddress', + InputArgument::REQUIRED, + 'IP address for which the attempts are to be reset' + ); + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $ip = $input->getArgument('ipaddress'); + + if (!filter_var($ip, FILTER_VALIDATE_IP)) { + $output->writeln('<error>"' . $ip . '" is not a valid IP address</error>'); + return 1; + } + + $this->throttler->resetDelayForIP($ip); + return 0; + } +} diff --git a/core/Command/Security/ExportCertificates.php b/core/Command/Security/ExportCertificates.php new file mode 100644 index 00000000000..dcf34d4bce4 --- /dev/null +++ b/core/Command/Security/ExportCertificates.php @@ -0,0 +1,35 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ +declare(strict_types=1); + +namespace OC\Core\Command\Security; + +use OC\Core\Command\Base; +use OCP\ICertificateManager; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class ExportCertificates extends Base { + public function __construct( + protected ICertificateManager $certificateManager, + ) { + parent::__construct(); + } + + protected function configure(): void { + $this + ->setName('security:certificates:export') + ->setDescription('export the certificate bundle'); + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $bundlePath = $this->certificateManager->getAbsoluteBundlePath(); + $bundle = file_get_contents($bundlePath); + $output->writeln($bundle); + return 0; + } +} diff --git a/core/Command/Security/ImportCertificate.php b/core/Command/Security/ImportCertificate.php index 9db7889e307..b23612baeb1 100644 --- a/core/Command/Security/ImportCertificate.php +++ b/core/Command/Security/ImportCertificate.php @@ -1,25 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Joas Schilling <coding@schilljs.com> - * @author Robin Appelman <robin@icewind.nl> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Security; @@ -30,10 +14,9 @@ use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class ImportCertificate extends Base { - protected ICertificateManager $certificateManager; - - public function __construct(ICertificateManager $certificateManager) { - $this->certificateManager = $certificateManager; + public function __construct( + protected ICertificateManager $certificateManager, + ) { parent::__construct(); } diff --git a/core/Command/Security/ListCertificates.php b/core/Command/Security/ListCertificates.php index 15dd1812077..cf1874a09d3 100644 --- a/core/Command/Security/ListCertificates.php +++ b/core/Command/Security/ListCertificates.php @@ -1,24 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Joas Schilling <coding@schilljs.com> - * @author Robin Appelman <robin@icewind.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Security; @@ -26,18 +11,20 @@ use OC\Core\Command\Base; use OCP\ICertificate; use OCP\ICertificateManager; use OCP\IL10N; +use OCP\L10N\IFactory as IL10NFactory; use Symfony\Component\Console\Helper\Table; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class ListCertificates extends Base { - protected ICertificateManager $certificateManager; protected IL10N $l; - public function __construct(ICertificateManager $certificateManager, IL10N $l) { - $this->certificateManager = $certificateManager; - $this->l = $l; + public function __construct( + protected ICertificateManager $certificateManager, + IL10NFactory $l10nFactory, + ) { parent::__construct(); + $this->l = $l10nFactory->get('core'); } protected function configure() { diff --git a/core/Command/Security/RemoveCertificate.php b/core/Command/Security/RemoveCertificate.php index 2f9c6ff978a..48062724d52 100644 --- a/core/Command/Security/RemoveCertificate.php +++ b/core/Command/Security/RemoveCertificate.php @@ -1,25 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Carla Schroder <carla@owncloud.com> - * @author Joas Schilling <coding@schilljs.com> - * @author Robin Appelman <robin@icewind.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Security; @@ -30,10 +14,9 @@ use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class RemoveCertificate extends Base { - protected ICertificateManager $certificateManager; - - public function __construct(ICertificateManager $certificateManager) { - $this->certificateManager = $certificateManager; + public function __construct( + protected ICertificateManager $certificateManager, + ) { parent::__construct(); } diff --git a/core/Command/Security/ResetBruteforceAttempts.php b/core/Command/Security/ResetBruteforceAttempts.php deleted file mode 100644 index 8def0873bdf..00000000000 --- a/core/Command/Security/ResetBruteforceAttempts.php +++ /dev/null @@ -1,62 +0,0 @@ -<?php -/** - * @copyright Copyright (c) 2020, Johannes Riedel (johannes@johannes-riedel.de) - * - * @author Joas Schilling <coding@schilljs.com> - * @author Johannes Riedel <joeried@users.noreply.github.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - */ -namespace OC\Core\Command\Security; - -use OC\Core\Command\Base; -use OC\Security\Bruteforce\Throttler; -use Symfony\Component\Console\Input\InputArgument; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; - -class ResetBruteforceAttempts extends Base { - protected Throttler $throttler; - - public function __construct(Throttler $throttler) { - $this->throttler = $throttler; - parent::__construct(); - } - - protected function configure() { - $this - ->setName('security:bruteforce:reset') - ->setDescription('resets bruteforce attemps for given IP address') - ->addArgument( - 'ipaddress', - InputArgument::REQUIRED, - 'IP address for which the attempts are to be reset' - ); - } - - protected function execute(InputInterface $input, OutputInterface $output): int { - $ip = $input->getArgument('ipaddress'); - - if (!filter_var($ip, FILTER_VALIDATE_IP)) { - $output->writeln('<error>"' . $ip . '" is not a valid IP address</error>'); - return 1; - } - - $this->throttler->resetDelayForIP($ip); - return 0; - } -} |