summaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/AppFramework')
-rw-r--r--lib/private/AppFramework/DependencyInjection/DIContainer.php21
-rw-r--r--lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php14
2 files changed, 27 insertions, 8 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index ac42960f54d..57499f3ffe8 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -43,8 +43,10 @@ use OC\AppFramework\Middleware\OCSMiddleware;
use OC\AppFramework\Middleware\Security\SecurityMiddleware;
use OC\AppFramework\Middleware\SessionMiddleware;
use OC\AppFramework\Utility\SimpleContainer;
+use OC\AppFramework\Utility\TimeFactory;
use OC\Core\Middleware\TwoFactorMiddleware;
use OC\RichObjectStrings\Validator;
+use OC\Security\Bruteforce\Throttler;
use OCP\AppFramework\IApi;
use OCP\AppFramework\IAppContainer;
use OCP\Files\IAppData;
@@ -376,20 +378,25 @@ class DIContainer extends SimpleContainer implements IAppContainer {
*/
$app = $this;
$this->registerService('SecurityMiddleware', function($c) use ($app){
+ /** @var \OC\Server $server */
+ $server = $app->getServer();
+
return new SecurityMiddleware(
$c['Request'],
$c['ControllerMethodReflector'],
- $app->getServer()->getNavigationManager(),
- $app->getServer()->getURLGenerator(),
- $app->getServer()->getLogger(),
- $app->getServer()->getSession(),
+ $server->getNavigationManager(),
+ $server->getURLGenerator(),
+ $server->getLogger(),
+ $server->getSession(),
$c['AppName'],
$app->isLoggedIn(),
$app->isAdminUser(),
- $app->getServer()->getContentSecurityPolicyManager(),
- $app->getServer()->getCsrfTokenManager(),
- $app->getServer()->getContentSecurityPolicyNonceManager()
+ $server->getContentSecurityPolicyManager(),
+ $server->getCsrfTokenManager(),
+ $server->getContentSecurityPolicyNonceManager(),
+ $server->getBruteForceThrottler()
);
+
});
$this->registerService('CORSMiddleware', function($c) {
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index d60d5749d57..dcfab3544b8 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -36,6 +36,7 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException;
use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException;
use OC\AppFramework\Utility\ControllerMethodReflector;
+use OC\Security\Bruteforce\Throttler;
use OC\Security\CSP\ContentSecurityPolicyManager;
use OC\Security\CSP\ContentSecurityPolicyNonceManager;
use OC\Security\CSRF\CsrfTokenManager;
@@ -87,6 +88,8 @@ class SecurityMiddleware extends Middleware {
private $csrfTokenManager;
/** @var ContentSecurityPolicyNonceManager */
private $cspNonceManager;
+ /** @var Throttler */
+ private $throttler;
/**
* @param IRequest $request
@@ -101,6 +104,7 @@ class SecurityMiddleware extends Middleware {
* @param ContentSecurityPolicyManager $contentSecurityPolicyManager
* @param CSRFTokenManager $csrfTokenManager
* @param ContentSecurityPolicyNonceManager $cspNonceManager
+ * @param Throttler $throttler
*/
public function __construct(IRequest $request,
ControllerMethodReflector $reflector,
@@ -113,7 +117,8 @@ class SecurityMiddleware extends Middleware {
$isAdminUser,
ContentSecurityPolicyManager $contentSecurityPolicyManager,
CsrfTokenManager $csrfTokenManager,
- ContentSecurityPolicyNonceManager $cspNonceManager) {
+ ContentSecurityPolicyNonceManager $cspNonceManager,
+ Throttler $throttler) {
$this->navigationManager = $navigationManager;
$this->request = $request;
$this->reflector = $reflector;
@@ -126,6 +131,7 @@ class SecurityMiddleware extends Middleware {
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
$this->csrfTokenManager = $csrfTokenManager;
$this->cspNonceManager = $cspNonceManager;
+ $this->throttler = $throttler;
}
@@ -185,6 +191,12 @@ class SecurityMiddleware extends Middleware {
}
}
+ if($this->reflector->hasAnnotation('BruteForceProtection')) {
+ $action = $this->request->getRequestUri();
+ $this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
+ $this->throttler->registerAttempt($action, $this->request->getRemoteAddress());
+ }
+
/**
* FIXME: Use DI once available
* Checks if app is enabled (also includes a check whether user is allowed to access the resource)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 09:47:56 +0000