BruteForceProtection plugin disable by default

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -19,7 +19,6 @@ sub defaultValues {
         'authentication'              => 'Demo',
         'available2F'                 => 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey',
         'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
-        'bruteForceProtection'        => 1,
         'bruteForceProtectionMaxAge'  => 300,
         'bruteForceProtectionTempo'   => 30,
         'captcha_mail_enabled'        => 1,

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -608,7 +608,7 @@ sub attributes {
             'type'    => 'text'
         },
         'bruteForceProtection' => {
-            'default' => 1,
+            'default' => 0,
             'type'    => 'bool'
         },
         'bruteForceProtectionMaxAge' => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -574,7 +574,7 @@ sub attributes {
                 'Maximun interval in seconds since last authentifcation to force reauthentication',
         },
         bruteForceProtection => {
-            default       => 1,
+            default       => 0,
             type          => 'bool',
             documentation => 'Enable brute force attack protection',
         },

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm

@@ -16,16 +16,17 @@ sub displayInit {
     my ($self) = @_;
     $self->skinRules( [] );
     if ( $self->conf->{portalSkinRules} ) {
-        foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
+        foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } )
+        {
             my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
             if ($sub) {
                 push @{ $self->skinRules },
-                  [ $self->conf->{portalSkinRules}->{$skinRule}, $sub ];
+                    [ $self->conf->{portalSkinRules}->{$skinRule}, $sub ];
             }
             else {
                 $self->logger->error(
                     qq(Skin rule "$skinRule" returns an error: )
-                      . HANDLER->tsv->{jail}->error );
+                        . HANDLER->tsv->{jail}->error );
             }
         }
     }
@@ -54,8 +55,7 @@ sub display {
             AUTH_URL        => $req->{data}->{_url},
             CHOICE_PARAM    => $self->conf->{authChoiceParam},
             CHOICE_VALUE    => $req->data->{_authChoice},
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -79,12 +79,11 @@ sub display {
             CHOICE_PARAM    => $self->conf->{authChoiceParam},
             CHOICE_VALUE    => $req->data->{_authChoice},
             CHECK_LOGINS    => $self->conf->{portalCheckLogins}
-              && $req->data->{login},
+                && $req->data->{login},
             ASK_LOGINS => $req->param('checkLogins') || 0,
             CONFIRMKEY => $self->stamp(),
             REMEMBER   => $req->data->{confirmRemember},
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -107,13 +106,12 @@ sub display {
             CHOICE_PARAM    => $self->conf->{authChoiceParam},
             CHOICE_VALUE    => $req->data->{_authChoice},
             CHECK_LOGINS    => $self->conf->{portalCheckLogins}
-              && $req->data->{login},
+                && $req->data->{login},
             ASK_LOGINS => $req->param('checkLogins') || 0,
             CONFIRMKEY => $self->stamp(),
-            LIST       => $req->data->{list} || [],
+            LIST       => $req->data->{list}         || [],
             REMEMBER   => $req->data->{confirmRemember},
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -123,7 +121,8 @@ sub display {
     # 1.3 There is a message to display
     elsif ( my $info = $req->info ) {
         $self->logger->debug('Display: info detected');
-        $self->logger->debug('Hidden values -> '. Dumper( $req->{portalHiddenFormValues}));
+        $self->logger->debug(
+            'Hidden values -> ' . Dumper( $req->{portalHiddenFormValues} ) );
         $skinfile       = 'info';
         %templateParams = (
             MAIN_LOGO       => $self->conf->{portalMainLogo},
@@ -136,8 +135,7 @@ sub display {
             FORM_METHOD     => $self->conf->{infoFormMethod},
             CHOICE_PARAM    => $self->conf->{authChoiceParam},
             CHOICE_VALUE    => $req->data->{_authChoice},
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -152,15 +150,14 @@ sub display {
         my $p = $self->conf->{portal} . $self->conf->{issuerDBOpenIDPath};
         $p =~ s#(?<!:)/?\^?/#/#g;
         my $id = $req->{sessionInfo}
-          ->{ $self->conf->{openIdAttr} || $self->conf->{whatToTrace} };
+            ->{ $self->conf->{openIdAttr} || $self->conf->{whatToTrace} };
         %templateParams = (
             MAIN_LOGO       => $self->conf->{portalMainLogo},
             AUTH_ERROR      => $self->error,
             AUTH_ERROR_TYPE => $req->error_type,
             PROVIDERURI     => $p,
             MSG             => $req->info(),
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -177,8 +174,7 @@ sub display {
             URL           => $req->{urldc},
             HIDDEN_INPUTS => $self->buildHiddenForm($req),
             FORM_METHOD   => $req->data->{redirectFormMethod} || 'get',
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -191,17 +187,17 @@ sub display {
 
         #utf8::decode($auth_user);
         %templateParams = (
-            MAIN_LOGO           => $self->conf->{portalMainLogo},
-            AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
-            NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
+            MAIN_LOGO => $self->conf->{portalMainLogo},
+            AUTH_USER =>
+                $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
+            NEWWINDOW           => $self->conf->{portalOpenLinkInNewWindow},
             LOGOUT_URL          => $self->conf->{portal} . "?logout=1",
             APPSLIST_ORDER      => $req->{sessionInfo}->{'_appsListOrder'},
             PING                => $self->conf->{portalPingInterval},
             REQUIRE_OLDPASSWORD => $self->conf->{portalRequireOldPassword},
             HIDE_OLDPASSWORD    => 0,
             $self->menu->params($req),
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -216,8 +212,7 @@ sub display {
             CONFIRMKEY => $self->stamp,
             PORTAL     => $self->conf->{portal},
             URL        => $req->data->{_url},
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -232,8 +227,7 @@ sub display {
             CONFIRMKEY => $self->stamp,
             PORTAL     => $self->conf->{portal},
             URL        => $req->data->{_url},
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -246,15 +240,14 @@ sub display {
         or (    not $req->data->{noerror}
             and $req->userData
             and %{ $req->userData } )
-      )
+        )
     {
         $skinfile       = 'error';
         %templateParams = (
-            MAIN_LOGO             => $self->conf->{portalMainLogo},
+            MAIN_LOGO       => $self->conf->{portalMainLogo},
             AUTH_ERROR      => $req->error,
             AUTH_ERROR_TYPE => $req->error_type,
-            (
-                $req->data->{customScript}
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -267,21 +260,21 @@ sub display {
         my $login = $self->userId($req);
         $login = '' if ( $login eq 'anonymous' );
         %templateParams = (
-            MAIN_LOGO             => $self->conf->{portalMainLogo},
-            AUTH_ERROR            => $req->error,
-            AUTH_ERROR_TYPE       => $req->error_type,
-            AUTH_URL              => $req->{data}->{_url},
-            LOGIN                 => $login,
-            CHECK_LOGINS          => $self->conf->{portalCheckLogins},
-            ASK_LOGINS            => $req->param('checkLogins') || 0,
-            DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword},
-            DISPLAY_REGISTER      => $self->conf->{portalDisplayRegister},
-            MAIL_URL              => $self->conf->{mailUrl},
-            REGISTER_URL          => $self->conf->{registerUrl},
-            HIDDEN_INPUTS         => $self->buildHiddenForm($req),
-            STAYCONNECTED         => $self->conf->{stayConnected},
-            (
-                $req->data->{customScript}
+            MAIN_LOGO       => $self->conf->{portalMainLogo},
+            AUTH_ERROR      => $req->error,
+            AUTH_ERROR_TYPE => $req->error_type,
+            AUTH_URL        => $req->{data}->{_url},
+            LOGIN           => $login,
+            CHECK_LOGINS    => $self->conf->{portalCheckLogins},
+            ASK_LOGINS      => $req->param('checkLogins') || 0,
+            DISPLAY_RESETPASSWORD =>
+                $self->conf->{portalDisplayResetPassword},
+            DISPLAY_REGISTER => $self->conf->{portalDisplayRegister},
+            MAIL_URL         => $self->conf->{mailUrl},
+            REGISTER_URL     => $self->conf->{registerUrl},
+            HIDDEN_INPUTS    => $self->buildHiddenForm($req),
+            STAYCONNECTED    => $self->conf->{stayConnected},
+            (   $req->data->{customScript}
                 ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                 : ()
             ),
@@ -313,12 +306,12 @@ sub display {
             or $req->{error} == PE_PASSWORDFORMEMPTY
             or (    $req->{error} == PE_PP_PASSWORD_EXPIRED
                 and $self->conf->{ldapAllowResetExpiredPassword} )
-          )
+            )
         {
             %templateParams = (
                 %templateParams,
                 REQUIRE_OLDPASSWORD =>
-                  1,    # Old password is required to check user credentials
+                    1,    # Old password is required to check user credentials
                 DISPLAY_FORM          => 0,
                 DISPLAY_OPENID_FORM   => 0,
                 DISPLAY_YUBIKEY_FORM  => 0,
@@ -375,15 +368,17 @@ sub display {
             # Choose what form to display if not in a loop
             else {
 
-                my $displayType =
-                  eval { $self->_authentication->getDisplayType($req) };
+                my $displayType
+                    = eval { $self->_authentication->getDisplayType($req) };
 
                 $self->logger->debug("Display type $displayType ");
 
                 %templateParams = (
                     %templateParams,
-                    DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1 : 0,
-                    DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/ ? 1
+                    DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1
+                    : 0,
+                    DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/
+                    ? 1
                     : 0,
                     DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/
                     ? 1
@@ -393,9 +388,10 @@ sub display {
                     module            => $displayType eq "logo"
                     ? $self->getModule( $req, 'auth' )
                     : "",
-                    AUTH_LOOP => [],
-                    PORTAL_URL =>
-                      ( $displayType eq "logo" ? $self->conf->{portal} : 0 ),
+                    AUTH_LOOP  => [],
+                    PORTAL_URL => (
+                        $displayType eq "logo" ? $self->conf->{portal} : 0
+                    ),
                     MSG => $req->info(),
                 );
 
@@ -406,7 +402,8 @@ sub display {
     }
 
     # Additional $req param
-    %templateParams = ( %templateParams, %{ $req->{customParameters} // {} }, );
+    %templateParams
+        = ( %templateParams, %{ $req->{customParameters} // {} }, );
 
     $self->logger->debug("Skin returned: $skinfile");
     return ( $skinfile, \%templateParams );
@@ -422,15 +419,16 @@ sub staticFile {
     require Plack::Util;
     require Cwd;
     require HTTP::Date;
-    open my $fh, '<:raw', $self->conf->{templatesDir} . "/$file"
-      or return $self->sendError( $req,
+    open my $fh, '<:raw',
+        $self->conf->{templatesDir}
+        . "/$file"
+        or return $self->sendError( $req,
         $self->conf->{templatesDir} . "/$file: $!", 403 );
     my @stat = stat $file;
     Plack::Util::set_io_path( $fh, Cwd::realpath($file) );
     return [
         200,
-        [
-            'Content-Type'   => $type,
+        [   'Content-Type'   => $type,
             'Content-Length' => $stat[7],
             'Last-Modified'  => HTTP::Date::time2str( $stat[9] )
         ],
@@ -447,11 +445,12 @@ sub buildHiddenForm {
 
         # Check XSS attacks
         next
-          if $self->checkXSSAttack( $_, $req->{portalHiddenFormValues}->{$_} );
+            if $self->checkXSSAttack( $_,
+            $req->{portalHiddenFormValues}->{$_} );
 
         # Build hidden input HTML code
         $val .= qq{<input type="hidden" name="$_" id="$_" value="}
-          . $req->{portalHiddenFormValues}->{$_} . '" />';
+            . $req->{portalHiddenFormValues}->{$_} . '" />';
     }
 
     return $val;
@@ -522,13 +521,12 @@ sub mkSessionArray {
             displayError => $displayError,
             fields       => [
                 map { { name => $self->conf->{sessionDataToRemember}->{$_} } }
-                  @fields
+                    @fields
             ],
             sessions => [
                 map {
                     my $session = $_;
-                    {
-                        user   => $session->{user},
+                    {   user   => $session->{user},
                         utime  => $session->{_utime},
                         ip     => $session->{ipAddr},
                         values => [ map { { v => $session->{$_} } } @fields ],
@@ -547,10 +545,10 @@ sub mkOidcConsent {
         and ref( $self->conf->{oidcRPMetaDataOptions} ) )
     {
 
-    	# Set default RP displayname
+        # Set default RP displayname
         foreach my $oidc ( keys %{ $self->conf->{oidcRPMetaDataOptions} } ) {
             $self->conf->{oidcRPMetaDataOptions}->{$oidc}
-              ->{oidcRPMetaDataOptionsDisplayName} ||= $oidc;
+                ->{oidcRPMetaDataOptionsDisplayName} ||= $oidc;
         }
     }
 
@@ -576,9 +574,9 @@ sub mkOidcConsent {
             $self->logger->debug("RP { $rp } Consent found");
             $consents->{$rp}->{epoch} = $_->{epoch};
             $consents->{$rp}->{scope} = $_->{scope};
-            $consents->{$rp}->{displayName} =
-              $self->conf->{oidcRPMetaDataOptions}->{$rp}
-              ->{oidcRPMetaDataOptionsDisplayName};
+            $consents->{$rp}->{displayName}
+                = $self->conf->{oidcRPMetaDataOptions}->{$rp}
+                ->{oidcRPMetaDataOptionsDisplayName};
         }
     }
 
@@ -588,8 +586,7 @@ sub mkOidcConsent {
         params => {
             partners => [
                 map {
-                    {
-                        name        => $_,
+                    {   name        => $_,
                         epoch       => $consents->{$_}->{epoch},
                         scope       => $consents->{$_}->{scope},
                         displayName => $consents->{$_}->{displayName}

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm

@@ -15,9 +15,9 @@ use constant afterData => 'run';
 sub init {
     my ($self) = @_;
     unless ( $self->conf->{loginHistoryEnabled} ) {
-        $self->logger->warn(
+        $self->logger->error(
             '"History" plugin is required for "BruteForceProtection" plugin');
-        #return 0;
+        return 0;
     }
     return 1;
 }