Skip to content
Snippets Groups Projects
Unverified Commit ee4262f5 authored by Lukas Reschke's avatar Lukas Reschke Committed by GitHub
Browse files

Merge pull request #7263 from nextcloud/clean-bruteforce-attempt-on-success 

Reset bruteforce attempt table on successful login
parents 44adcad7 5a270c27
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/base.php
+ 12
4
View file @ ee4262f5
...@@ -730,7 +730,7 @@ class OC { ...@@ -730,7 +730,7 @@ class OC {
OC_User::setIncognitoMode(true); OC_User::setIncognitoMode(true);
} }
self::registerCacheHooks(); self::registerCleanupHooks();
self::registerFilesystemHooks(); self::registerFilesystemHooks();
self::registerShareHooks(); self::registerShareHooks();
self::registerEncryptionWrapper(); self::registerEncryptionWrapper();
...@@ -802,15 +802,23 @@ class OC { ...@@ -802,15 +802,23 @@ class OC {
} }
/** /**
* register hooks for the cache * register hooks for the cleanup of cache and bruteforce protection
*/ */
public static function registerCacheHooks() { public static function registerCleanupHooks() {
//don't try to do this before we are properly setup //don't try to do this before we are properly setup
if (\OC::$server->getSystemConfig()->getValue('installed', false) && !self::checkUpgrade(false)) { if (\OC::$server->getSystemConfig()->getValue('installed', false) && !self::checkUpgrade(false)) {
// NOTE: This will be replaced to use OCP // NOTE: This will be replaced to use OCP
$userSession = self::$server->getUserSession(); $userSession = self::$server->getUserSession();
$userSession->listen('\OC\User', 'postLogin', function () { $userSession->listen('\OC\User', 'postLogin', function () use ($userSession) {
if (!defined('PHPUNIT_RUN')) {
// reset brute force delay for this IP address and username
$uid = \OC::$server->getUserSession()->getUser()->getUID();
$request = \OC::$server->getRequest();
$throttler = \OC::$server->getBruteForceThrottler();
$throttler->resetDelay($request->getRemoteAddress(), 'login', ['user' => $uid]);
}
try { try {
$cache = new \OC\Cache\File(); $cache = new \OC\Cache\File();
$cache->gc(); $cache->gc();
......
lib/private/Security/Bruteforce/Throttler.php
+ 27
0
View file @ ee4262f5
...@@ -242,6 +242,33 @@ class Throttler { ...@@ -242,6 +242,33 @@ class Throttler {
return (int) \ceil($firstDelay * 1000); return (int) \ceil($firstDelay * 1000);
} }
/**
* Reset the throttling delay for an IP address, action and metadata
*
* @param string $ip
* @param string $action
* @param string $metadata
*/
public function resetDelay($ip, $action, $metadata) {
$ipAddress = new IpAddress($ip);
if ($this->isIPWhitelisted((string)$ipAddress)) {
return;
}
$cutoffTime = (new \DateTime())
->sub($this->getCutoff(43200))
->getTimestamp();
$qb = $this->db->getQueryBuilder();
$qb->delete('bruteforce_attempts')
->where($qb->expr()->gt('occurred', $qb->createNamedParameter($cutoffTime)))
->andWhere($qb->expr()->eq('subnet', $qb->createNamedParameter($ipAddress->getSubnet())))
->andWhere($qb->expr()->eq('action', $qb->createNamedParameter($action)))
->andWhere($qb->expr()->eq('metadata', $qb->createNamedParameter(json_encode($metadata))));
$qb->execute();
}
/** /**
* Will sleep for the defined amount of time * Will sleep for the defined amount of time
* *
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment