worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

BruteForceProtection plugin disable by default

Browse Source
environments/ppa-mbqj77/deployments/386
Christophe Maudoux 7 years ago
parent d06a6fc9ff
commit c2da030b95
6 changed files with 76 additions and 80 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
  2. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
  3. 2
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
  4. 2
      lemonldap-ng-manager/site/htdocs/static/struct.json
  5. 83
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
  6. 4
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm

1
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
Unescape View File

@ -19,7 +19,6 @@ sub defaultValues {
'authentication' => 'Demo',
'available2F' => 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey',
'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
'bruteForceProtection' => 1,
'bruteForceProtectionMaxAge' => 300,
'bruteForceProtectionTempo' => 30,
'captcha_mail_enabled' => 1,

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
Unescape View File

@ -608,7 +608,7 @@ sub attributes {
'type' => 'text'
},
'bruteForceProtection' => {
'default' => 1,
'default' => 0,
'type' => 'bool'
},
'bruteForceProtectionMaxAge' => {

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
Unescape View File

@ -574,7 +574,7 @@ sub attributes {
'Maximun interval in seconds since last authentifcation to force reauthentication',
},
bruteForceProtection => {
default => 1,
default => 0,
type => 'bool',
documentation => 'Enable brute force attack protection',
},

2
lemonldap-ng-manager/site/htdocs/static/struct.json vendored
View File

File diff suppressed because one or more lines are too long

83
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
Unescape View File

@ -16,7 +16,8 @@ sub displayInit {
my ($self) = @_;
$self->skinRules( [] );
if ( $self->conf->{portalSkinRules} ) {
foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } )
{
my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
if ($sub) {
push @{ $self->skinRules },
@ -54,8 +55,7 @@ sub display {
AUTH_URL => $req->{data}->{_url},
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->data->{_authChoice},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -83,8 +83,7 @@ sub display {
ASK_LOGINS => $req->param('checkLogins') || 0,
CONFIRMKEY => $self->stamp(),
REMEMBER => $req->data->{confirmRemember},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -112,8 +111,7 @@ sub display {
CONFIRMKEY => $self->stamp(),
LIST => $req->data->{list} || [],
REMEMBER => $req->data->{confirmRemember},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -123,7 +121,8 @@ sub display {
# 1.3 There is a message to display
elsif ( my $info = $req->info ) {
$self->logger->debug('Display: info detected');
$self->logger->debug('Hidden values -> '. Dumper( $req->{portalHiddenFormValues}));
$self->logger->debug(
'Hidden values -> ' . Dumper( $req->{portalHiddenFormValues} ) );
$skinfile = 'info';
%templateParams = (
MAIN_LOGO => $self->conf->{portalMainLogo},
@ -136,8 +135,7 @@ sub display {
FORM_METHOD => $self->conf->{infoFormMethod},
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->data->{_authChoice},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -159,8 +157,7 @@ sub display {
AUTH_ERROR_TYPE => $req->error_type,
PROVIDERURI => $p,
MSG => $req->info(),
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -177,8 +174,7 @@ sub display {
URL => $req->{urldc},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
FORM_METHOD => $req->data->{redirectFormMethod} || 'get',
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -192,7 +188,8 @@ sub display {
#utf8::decode($auth_user);
%templateParams = (
MAIN_LOGO => $self->conf->{portalMainLogo},
AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
AUTH_USER =>
$req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
@ -200,8 +197,7 @@ sub display {
REQUIRE_OLDPASSWORD => $self->conf->{portalRequireOldPassword},
HIDE_OLDPASSWORD => 0,
$self->menu->params($req),
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -216,8 +212,7 @@ sub display {
CONFIRMKEY => $self->stamp,
PORTAL => $self->conf->{portal},
URL => $req->data->{_url},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -232,8 +227,7 @@ sub display {
CONFIRMKEY => $self->stamp,
PORTAL => $self->conf->{portal},
URL => $req->data->{_url},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -253,8 +247,7 @@ sub display {
MAIN_LOGO => $self->conf->{portalMainLogo},
AUTH_ERROR => $req->error,
AUTH_ERROR_TYPE => $req->error_type,
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -274,14 +267,14 @@ sub display {
LOGIN => $login,
CHECK_LOGINS => $self->conf->{portalCheckLogins},
ASK_LOGINS => $req->param('checkLogins') || 0,
DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword},
DISPLAY_RESETPASSWORD =>
$self->conf->{portalDisplayResetPassword},
DISPLAY_REGISTER => $self->conf->{portalDisplayRegister},
MAIL_URL => $self->conf->{mailUrl},
REGISTER_URL => $self->conf->{registerUrl},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
STAYCONNECTED => $self->conf->{stayConnected},
(
$req->data->{customScript}
( $req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
: ()
),
@ -375,15 +368,17 @@ sub display {
# Choose what form to display if not in a loop
else {
my $displayType =
eval { $self->_authentication->getDisplayType($req) };
my $displayType
= eval { $self->_authentication->getDisplayType($req) };
$self->logger->debug("Display type $displayType ");
%templateParams = (
%templateParams,
DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1 : 0,
DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/ ? 1
DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1
: 0,
DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/
? 1
: 0,
DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/
? 1
@ -394,8 +389,9 @@ sub display {
? $self->getModule( $req, 'auth' )
: "",
AUTH_LOOP => [],
PORTAL_URL =>
( $displayType eq "logo" ? $self->conf->{portal} : 0 ),
PORTAL_URL => (
$displayType eq "logo" ? $self->conf->{portal} : 0
),
MSG => $req->info(),
);
@ -406,7 +402,8 @@ sub display {
}
# Additional $req param
%templateParams = ( %templateParams, %{ $req->{customParameters} // {} }, );
%templateParams
= ( %templateParams, %{ $req->{customParameters} // {} }, );
$self->logger->debug("Skin returned: $skinfile");
return ( $skinfile, \%templateParams );
@ -422,15 +419,16 @@ sub staticFile {
require Plack::Util;
require Cwd;
require HTTP::Date;
open my $fh, '<:raw', $self->conf->{templatesDir} . "/$file"
open my $fh, '<:raw',
$self->conf->{templatesDir}
. "/$file"
or return $self->sendError( $req,
$self->conf->{templatesDir} . "/$file: $!", 403 );
my @stat = stat $file;
Plack::Util::set_io_path( $fh, Cwd::realpath($file) );
return [
200,
[
'Content-Type' => $type,
[ 'Content-Type' => $type,
'Content-Length' => $stat[7],
'Last-Modified' => HTTP::Date::time2str( $stat[9] )
],
@ -447,7 +445,8 @@ sub buildHiddenForm {
# Check XSS attacks
next
if $self->checkXSSAttack( $_, $req->{portalHiddenFormValues}->{$_} );
if $self->checkXSSAttack( $_,
$req->{portalHiddenFormValues}->{$_} );
# Build hidden input HTML code
$val .= qq{<input type="hidden" name="$_" id="$_" value="}
@ -527,8 +526,7 @@ sub mkSessionArray {
sessions => [
map {
my $session = $_;
{
user => $session->{user},
{ user => $session->{user},
utime => $session->{_utime},
ip => $session->{ipAddr},
values => [ map { { v => $session->{$_} } } @fields ],
@ -576,8 +574,8 @@ sub mkOidcConsent {
$self->logger->debug("RP { $rp } Consent found");
$consents->{$rp}->{epoch} = $_->{epoch};
$consents->{$rp}->{scope} = $_->{scope};
$consents->{$rp}->{displayName} =
$self->conf->{oidcRPMetaDataOptions}->{$rp}
$consents->{$rp}->{displayName}
= $self->conf->{oidcRPMetaDataOptions}->{$rp}
->{oidcRPMetaDataOptionsDisplayName};
}
}
@ -588,8 +586,7 @@ sub mkOidcConsent {
params => {
partners => [
map {
{
name => $_,
{ name => $_,
epoch => $consents->{$_}->{epoch},
scope => $consents->{$_}->{scope},
displayName => $consents->{$_}->{displayName}

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
Unescape View File

@ -15,9 +15,9 @@ use constant afterData => 'run';
sub init {
my ($self) = @_;
unless ( $self->conf->{loginHistoryEnabled} ) {
$self->logger->warn(
$self->logger->error(
'"History" plugin is required for "BruteForceProtection" plugin');
#return 0;
return 0;
}
return 1;
}

Write Preview
Loading…
Cancel
Save