worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

BruteForceProtection plugin disable by default

Browse Source
environments/ppa-mbqj77/deployments/386
Christophe Maudoux 7 years ago
parent d06a6fc9ff
commit c2da030b95
6 changed files with 76 additions and 80 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
  2. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
  3. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
  4. 2
      lemonldap-ng-manager/site/htdocs/static/struct.json
  5. 83
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
  6. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm

1
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
Unescape View File

@ -19,7 +19,6 @@ sub defaultValues {
'authentication' => 'Demo', 'authentication' => 'Demo',
'available2F' => 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey', 'available2F' => 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey',
'available2FSelfRegistration' => 'TOTP,U2F,Yubikey', 'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
'bruteForceProtection' => 1,
'bruteForceProtectionMaxAge' => 300, 'bruteForceProtectionMaxAge' => 300,
'bruteForceProtectionTempo' => 30, 'bruteForceProtectionTempo' => 30,
'captcha_mail_enabled' => 1, 'captcha_mail_enabled' => 1,

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
Unescape View File

@ -608,7 +608,7 @@ sub attributes {
'type' => 'text' 'type' => 'text'
}, },
'bruteForceProtection' => { 'bruteForceProtection' => {
'default' => 1, 'default' => 0,
'type' => 'bool' 'type' => 'bool'
}, },
'bruteForceProtectionMaxAge' => { 'bruteForceProtectionMaxAge' => {

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
Unescape View File

@ -574,7 +574,7 @@ sub attributes {
'Maximun interval in seconds since last authentifcation to force reauthentication', 'Maximun interval in seconds since last authentifcation to force reauthentication',
}, },
bruteForceProtection => { bruteForceProtection => {
default => 1, default => 0,
type => 'bool', type => 'bool',
documentation => 'Enable brute force attack protection', documentation => 'Enable brute force attack protection',
}, },

2
lemonldap-ng-manager/site/htdocs/static/struct.json vendored
View File

File diff suppressed because one or more lines are too long

83
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
Unescape View File

@ -16,7 +16,8 @@ sub displayInit {
my ($self) = @_; my ($self) = @_;
$self->skinRules( [] ); $self->skinRules( [] );
if ( $self->conf->{portalSkinRules} ) { if ( $self->conf->{portalSkinRules} ) {
foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) { foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } )
{
my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) ); my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
if ($sub) { if ($sub) {
push @{ $self->skinRules }, push @{ $self->skinRules },
@ -54,8 +55,7 @@ sub display {
AUTH_URL => $req->{data}->{_url}, AUTH_URL => $req->{data}->{_url},
CHOICE_PARAM => $self->conf->{authChoiceParam}, CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->data->{_authChoice}, CHOICE_VALUE => $req->data->{_authChoice},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -83,8 +83,7 @@ sub display {
ASK_LOGINS => $req->param('checkLogins') || 0, ASK_LOGINS => $req->param('checkLogins') || 0,
CONFIRMKEY => $self->stamp(), CONFIRMKEY => $self->stamp(),
REMEMBER => $req->data->{confirmRemember}, REMEMBER => $req->data->{confirmRemember},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -112,8 +111,7 @@ sub display {
CONFIRMKEY => $self->stamp(), CONFIRMKEY => $self->stamp(),
LIST => $req->data->{list} || [], LIST => $req->data->{list} || [],
REMEMBER => $req->data->{confirmRemember}, REMEMBER => $req->data->{confirmRemember},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -123,7 +121,8 @@ sub display {
# 1.3 There is a message to display # 1.3 There is a message to display
elsif ( my $info = $req->info ) { elsif ( my $info = $req->info ) {
$self->logger->debug('Display: info detected'); $self->logger->debug('Display: info detected');
$self->logger->debug('Hidden values -> '. Dumper( $req->{portalHiddenFormValues})); $self->logger->debug(
'Hidden values -> ' . Dumper( $req->{portalHiddenFormValues} ) );
$skinfile = 'info'; $skinfile = 'info';
%templateParams = ( %templateParams = (
MAIN_LOGO => $self->conf->{portalMainLogo}, MAIN_LOGO => $self->conf->{portalMainLogo},
@ -136,8 +135,7 @@ sub display {
FORM_METHOD => $self->conf->{infoFormMethod}, FORM_METHOD => $self->conf->{infoFormMethod},
CHOICE_PARAM => $self->conf->{authChoiceParam}, CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->data->{_authChoice}, CHOICE_VALUE => $req->data->{_authChoice},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -159,8 +157,7 @@ sub display {
AUTH_ERROR_TYPE => $req->error_type, AUTH_ERROR_TYPE => $req->error_type,
PROVIDERURI => $p, PROVIDERURI => $p,
MSG => $req->info(), MSG => $req->info(),
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -177,8 +174,7 @@ sub display {
URL => $req->{urldc}, URL => $req->{urldc},
HIDDEN_INPUTS => $self->buildHiddenForm($req), HIDDEN_INPUTS => $self->buildHiddenForm($req),
FORM_METHOD => $req->data->{redirectFormMethod} || 'get', FORM_METHOD => $req->data->{redirectFormMethod} || 'get',
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -192,7 +188,8 @@ sub display {
#utf8::decode($auth_user); #utf8::decode($auth_user);
%templateParams = ( %templateParams = (
MAIN_LOGO => $self->conf->{portalMainLogo}, MAIN_LOGO => $self->conf->{portalMainLogo},
AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} }, AUTH_USER =>
$req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow}, NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
LOGOUT_URL => $self->conf->{portal} . "?logout=1", LOGOUT_URL => $self->conf->{portal} . "?logout=1",
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'}, APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
@ -200,8 +197,7 @@ sub display {
REQUIRE_OLDPASSWORD => $self->conf->{portalRequireOldPassword}, REQUIRE_OLDPASSWORD => $self->conf->{portalRequireOldPassword},
HIDE_OLDPASSWORD => 0, HIDE_OLDPASSWORD => 0,
$self->menu->params($req), $self->menu->params($req),
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -216,8 +212,7 @@ sub display {
CONFIRMKEY => $self->stamp, CONFIRMKEY => $self->stamp,
PORTAL => $self->conf->{portal}, PORTAL => $self->conf->{portal},
URL => $req->data->{_url}, URL => $req->data->{_url},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -232,8 +227,7 @@ sub display {
CONFIRMKEY => $self->stamp, CONFIRMKEY => $self->stamp,
PORTAL => $self->conf->{portal}, PORTAL => $self->conf->{portal},
URL => $req->data->{_url}, URL => $req->data->{_url},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -253,8 +247,7 @@ sub display {
MAIN_LOGO => $self->conf->{portalMainLogo}, MAIN_LOGO => $self->conf->{portalMainLogo},
AUTH_ERROR => $req->error, AUTH_ERROR => $req->error,
AUTH_ERROR_TYPE => $req->error_type, AUTH_ERROR_TYPE => $req->error_type,
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -274,14 +267,14 @@ sub display {
LOGIN => $login, LOGIN => $login,
CHECK_LOGINS => $self->conf->{portalCheckLogins}, CHECK_LOGINS => $self->conf->{portalCheckLogins},
ASK_LOGINS => $req->param('checkLogins') || 0, ASK_LOGINS => $req->param('checkLogins') || 0,
DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword}, DISPLAY_RESETPASSWORD =>
$self->conf->{portalDisplayResetPassword},
DISPLAY_REGISTER => $self->conf->{portalDisplayRegister}, DISPLAY_REGISTER => $self->conf->{portalDisplayRegister},
MAIL_URL => $self->conf->{mailUrl}, MAIL_URL => $self->conf->{mailUrl},
REGISTER_URL => $self->conf->{registerUrl}, REGISTER_URL => $self->conf->{registerUrl},
HIDDEN_INPUTS => $self->buildHiddenForm($req), HIDDEN_INPUTS => $self->buildHiddenForm($req),
STAYCONNECTED => $self->conf->{stayConnected}, STAYCONNECTED => $self->conf->{stayConnected},
( ( $req->data->{customScript}
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} ) ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: () : ()
), ),
@ -375,15 +368,17 @@ sub display {
# Choose what form to display if not in a loop # Choose what form to display if not in a loop
else { else {
my $displayType = my $displayType
eval { $self->_authentication->getDisplayType($req) }; = eval { $self->_authentication->getDisplayType($req) };
$self->logger->debug("Display type $displayType "); $self->logger->debug("Display type $displayType ");
%templateParams = ( %templateParams = (
%templateParams, %templateParams,
DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1 : 0, DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1
DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/ ? 1 : 0,
DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/
? 1
: 0, : 0,
DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/ DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/
? 1 ? 1
@ -394,8 +389,9 @@ sub display {
? $self->getModule( $req, 'auth' ) ? $self->getModule( $req, 'auth' )
: "", : "",
AUTH_LOOP => [], AUTH_LOOP => [],
PORTAL_URL => PORTAL_URL => (
( $displayType eq "logo" ? $self->conf->{portal} : 0 ), $displayType eq "logo" ? $self->conf->{portal} : 0
),
MSG => $req->info(), MSG => $req->info(),
); );
@ -406,7 +402,8 @@ sub display {
} }
# Additional $req param # Additional $req param
%templateParams = ( %templateParams, %{ $req->{customParameters} // {} }, ); %templateParams
= ( %templateParams, %{ $req->{customParameters} // {} }, );
$self->logger->debug("Skin returned: $skinfile"); $self->logger->debug("Skin returned: $skinfile");
return ( $skinfile, \%templateParams ); return ( $skinfile, \%templateParams );
@ -422,15 +419,16 @@ sub staticFile {
require Plack::Util; require Plack::Util;
require Cwd; require Cwd;
require HTTP::Date; require HTTP::Date;
open my $fh, '<:raw', $self->conf->{templatesDir} . "/$file" open my $fh, '<:raw',
$self->conf->{templatesDir}
. "/$file"
or return $self->sendError( $req, or return $self->sendError( $req,
$self->conf->{templatesDir} . "/$file: $!", 403 ); $self->conf->{templatesDir} . "/$file: $!", 403 );
my @stat = stat $file; my @stat = stat $file;
Plack::Util::set_io_path( $fh, Cwd::realpath($file) ); Plack::Util::set_io_path( $fh, Cwd::realpath($file) );
return [ return [
200, 200,
[ [ 'Content-Type' => $type,
'Content-Type' => $type,
'Content-Length' => $stat[7], 'Content-Length' => $stat[7],
'Last-Modified' => HTTP::Date::time2str( $stat[9] ) 'Last-Modified' => HTTP::Date::time2str( $stat[9] )
], ],
@ -447,7 +445,8 @@ sub buildHiddenForm {
# Check XSS attacks # Check XSS attacks
next next
if $self->checkXSSAttack( $_, $req->{portalHiddenFormValues}->{$_} ); if $self->checkXSSAttack( $_,
$req->{portalHiddenFormValues}->{$_} );
# Build hidden input HTML code # Build hidden input HTML code
$val .= qq{<input type="hidden" name="$_" id="$_" value="} $val .= qq{<input type="hidden" name="$_" id="$_" value="}
@ -527,8 +526,7 @@ sub mkSessionArray {
sessions => [ sessions => [
map { map {
my $session = $_; my $session = $_;
{ { user => $session->{user},
user => $session->{user},
utime => $session->{_utime}, utime => $session->{_utime},
ip => $session->{ipAddr}, ip => $session->{ipAddr},
values => [ map { { v => $session->{$_} } } @fields ], values => [ map { { v => $session->{$_} } } @fields ],
@ -576,8 +574,8 @@ sub mkOidcConsent {
$self->logger->debug("RP { $rp } Consent found"); $self->logger->debug("RP { $rp } Consent found");
$consents->{$rp}->{epoch} = $_->{epoch}; $consents->{$rp}->{epoch} = $_->{epoch};
$consents->{$rp}->{scope} = $_->{scope}; $consents->{$rp}->{scope} = $_->{scope};
$consents->{$rp}->{displayName} = $consents->{$rp}->{displayName}
$self->conf->{oidcRPMetaDataOptions}->{$rp} = $self->conf->{oidcRPMetaDataOptions}->{$rp}
->{oidcRPMetaDataOptionsDisplayName}; ->{oidcRPMetaDataOptionsDisplayName};
} }
} }
@ -588,8 +586,7 @@ sub mkOidcConsent {
params => { params => {
partners => [ partners => [
map { map {
{ { name => $_,
name => $_,
epoch => $consents->{$_}->{epoch}, epoch => $consents->{$_}->{epoch},
scope => $consents->{$_}->{scope}, scope => $consents->{$_}->{scope},
displayName => $consents->{$_}->{displayName} displayName => $consents->{$_}->{displayName}

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
Unescape View File

@ -15,9 +15,9 @@ use constant afterData => 'run';
sub init { sub init {
my ($self) = @_; my ($self) = @_;
unless ( $self->conf->{loginHistoryEnabled} ) { unless ( $self->conf->{loginHistoryEnabled} ) {
$self->logger->warn( $self->logger->error(
'"History" plugin is required for "BruteForceProtection" plugin'); '"History" plugin is required for "BruteForceProtection" plugin');
#return 0; return 0;
} }
return 1; return 1;
} }

Write Preview
Loading…
Cancel
Save