Rename BruteForceProtection plugin (#1506)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -19,7 +19,7 @@ sub defaultValues {
         'authentication'              => 'Demo',
         'available2F'                 => 'UTOTP,TOTP,U2F,REST,Ext2F,Yubikey',
         'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
-        'brutForceProtection'         => 1,
+        'bruteForceProtection'        => 1,
         'captcha_mail_enabled'        => 1,
         'captcha_register_enabled'    => 1,
         'captcha_size'                => 6,

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -607,7 +607,7 @@ sub attributes {
             'default' => 'TOTP,U2F,Yubikey',
             'type'    => 'text'
         },
-        'brutForceProtection' => {
+        'bruteForceProtection' => {
             'default' => 1,
             'type'    => 'bool'
         },

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -609,10 +609,10 @@ sub attributes {
             type          => 'bool',
             documentation => 'Display login history checkbox in portal',
         },
-        brutForceProtection => {
+        bruteForceProtection => {
             default       => 1,
             type          => 'bool',
-            documentation => 'Prevent brut force attack after two failed logins',
+            documentation => 'Prevent brute-force attack',
         },
         portalForceAuthnInterval => {
             type    => 'int',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -727,7 +727,7 @@ sub tree {
                                 'trustedDomains',
                                 'useSafeJail',
                                 'checkXSS',
-                                'brutForceProtection',
+                                'bruteForceProtection',
                                 'lwpOpts',
                                 'lwpSslOpts',
                                 {

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -102,7 +102,7 @@
 "browserIdSiteName":"Site name",
 "browserIdVerificationURL":"Verification URL",
 "browseTree":"Browse tree",
-"brutForceProtection":"Brut force attack protection",
+"bruteForceProtection":"Brute-force attack protection",
 "cancel":"Cancel",
 "captcha_login_enabled":"Activation in login form",
 "captcha_mail_enabled":"Activation in password reset by mail form",

lemonldap-ng-portal/MANIFEST

@@ -474,7 +474,7 @@ t/43-MailReset-with-token.t
 t/43-MailReset.t
 t/50-IssuerGet.t
 t/60-Status.t
-t/61-BrutForceProtection.t
+t/61-BruteForceAttackProtection.t
 t/61-GrantSession.t
 t/62-SingleSession.t
 t/63-History.t

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm

@@ -19,7 +19,7 @@ our @pList = (
     notification               => '::Plugins::Notifications',
     portalCheckLogins          => '::Plugins::History',
     stayConnected              => '::Plugins::StayConnected',
-    brutForceProtection        => '::Plugins::BrutForceProtection',
+    bruteForceProtection       => '::Plugins::BruteForceProtection',
     grantSessionRule           => '::Plugins::GrantSession',
     upgradeSession             => '::Plugins::Upgrade',
     autoSigninRules            => '::Plugins::AutoSignin',

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm

@@ -1,4 +1,4 @@
-package Lemonldap::NG::Portal::Plugins::BrutForceProtection;
+package Lemonldap::NG::Portal::Plugins::BruteForceProtection;
 
 use Data::Dumper;
 use strict;

lemonldap-ng-portal/t/61-BruteForceAttackProtection.t

@@ -0,0 +1,100 @@
+use Test::More;
+use strict;
+use IO::String;
+
+BEGIN {
+    require 't/test-lib.pm';
+}
+
+my $res;
+
+my $client = LLNG::Manager::Test->new(
+    {
+        ini => {
+            logLevel            => 'error',
+            authentication      => 'Demo',
+            userDB              => 'Same',
+            loginHistoryEnabled => 1,
+            brutForceProtection => 1,
+        }
+    }
+);
+
+## First successful connection
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=dwho'),
+        length => 23,
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+count(1);
+my $id1 = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+$client->logout($id1);
+
+## Second successful connection
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=dwho'),
+        length => 23,
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+count(1);
+$id1 = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+$client->logout($id1);
+
+
+## First failed connection
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=ohwd'),
+        length => 23
+    ),
+    'Auth query'
+);
+count(1);
+expectReject($res);
+
+## Second failed connection
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=ohwd'),
+        length => 23
+    ),
+    'Auth query'
+);
+count(1);
+expectReject($res);
+
+## Third failed connection
+my $start = time;
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=ohwd'),
+        length => 23,
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+my $stop = time;
+count(1);
+
+my $wait = $stop - $start;
+ok($wait > 29 &&  $wait < 32, "Waiting time = $wait");
+count(1);
+
+clean_sessions();
+
+done_testing( count() );