Merge pull request #5699 from nextcloud/bruteforce_capability

Add bruteforce capabilities

lib/composer/composer/autoload_classmap.php

@@ -770,6 +770,7 @@ return array(
     'OC\\Search\\Result\\File' => $baseDir . '/lib/private/Search/Result/File.php',
     'OC\\Search\\Result\\Folder' => $baseDir . '/lib/private/Search/Result/Folder.php',
     'OC\\Search\\Result\\Image' => $baseDir . '/lib/private/Search/Result/Image.php',
+    'OC\\Security\\Bruteforce\\Capabilities' => $baseDir . '/lib/private/Security/Bruteforce/Capabilities.php',
     'OC\\Security\\Bruteforce\\Throttler' => $baseDir . '/lib/private/Security/Bruteforce/Throttler.php',
     'OC\\Security\\CSP\\ContentSecurityPolicy' => $baseDir . '/lib/private/Security/CSP/ContentSecurityPolicy.php',
     'OC\\Security\\CSP\\ContentSecurityPolicyManager' => $baseDir . '/lib/private/Security/CSP/ContentSecurityPolicyManager.php',

lib/composer/composer/autoload_static.php

@@ -800,6 +800,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Search\\Result\\File' => __DIR__ . '/../../..' . '/lib/private/Search/Result/File.php',
         'OC\\Search\\Result\\Folder' => __DIR__ . '/../../..' . '/lib/private/Search/Result/Folder.php',
         'OC\\Search\\Result\\Image' => __DIR__ . '/../../..' . '/lib/private/Search/Result/Image.php',
+        'OC\\Security\\Bruteforce\\Capabilities' => __DIR__ . '/../../..' . '/lib/private/Security/Bruteforce/Capabilities.php',
         'OC\\Security\\Bruteforce\\Throttler' => __DIR__ . '/../../..' . '/lib/private/Security/Bruteforce/Throttler.php',
         'OC\\Security\\CSP\\ContentSecurityPolicy' => __DIR__ . '/../../..' . '/lib/private/Security/CSP/ContentSecurityPolicy.php',
         'OC\\Security\\CSP\\ContentSecurityPolicyManager' => __DIR__ . '/../../..' . '/lib/private/Security/CSP/ContentSecurityPolicyManager.php',

lib/private/Security/Bruteforce/Capabilities.php

+<?php
+/**
+ * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Security\Bruteforce;
+
+use OCP\Capabilities\IPublicCapability;
+use OCP\IRequest;
+
+class Capabilities implements IPublicCapability {
+	/** @var IRequest */
+	private $request;
+
+	/** @var Throttler */
+	private $throttler;
+
+	/**
+	 * Capabilities constructor.
+	 *
+	 * @param IRequest $request
+	 * @param Throttler $throttler
+	 */
+	public function __construct(IRequest $request,
+								Throttler $throttler) {
+		$this->request = $request;
+		$this->throttler = $throttler;
+	}
+
+	public function getCapabilities() {
+		return [
+			'bruteforce' => [
+				'delay' => $this->throttler->getDelay($this->request->getRemoteAddress())
+			]
+		];
+	}
+}

lib/private/Server.php

@@ -836,6 +836,9 @@ class Server extends ServerContainer implements IServerContainer {
 			$manager->registerCapability(function () use ($c) {
 				return new \OC\OCS\CoreCapabilities($c->getConfig());
 			});
+			$manager->registerCapability(function () use ($c) {
+				return $c->query(\OC\Security\Bruteforce\Capabilities::class);
+			});
 			return $manager;
 		});
 		$this->registerAlias('CapabilitiesManager', \OC\CapabilitiesManager::class);

tests/lib/Security/Bruteforce/CapabilitiesTest.php

+<?php
+/**
+ * @copyright Copyright (c) 2017 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace Test\Security\Bruteforce;
+
+use OC\Security\Bruteforce\Capabilities;
+use OC\Security\Bruteforce\Throttler;
+use OCP\IRequest;
+use Test\TestCase;
+
+class CapabilitiesTest extends TestCase {
+	/** @var Capabilities */
+	private $capabilities;
+
+	/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
+	private $request;
+
+	/** @var Throttler|\PHPUnit_Framework_MockObject_MockObject */
+	private $throttler;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->request = $this->createMock(IRequest::class);
+		$this->request->method('getRemoteAddress')
+			->willReturn('10.10.10.10');
+
+		$this->throttler = $this->createMock(Throttler::class);
+
+		$this->capabilities = new Capabilities(
+			$this->request,
+			$this->throttler
+		);
+	}
+
+	public function testGetCapabilities() {
+		$this->throttler->expects($this->atLeastOnce())
+			->method('getDelay')
+			->with('10.10.10.10')
+			->willReturn(42);
+
+		$expected = [
+			'bruteforce' => [
+				'delay' => 42
+			]
+		];
+		$result = $this->capabilities->getCapabilities();
+
+		$this->assertEquals($expected, $result);
+	}
+}