dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert 652d8ba9bc

Browse Source 
See #2482
This commit is contained in:
Maxime Besson 2021-04-23 15:36:16 +02:00
parent 469d2a40aa
commit 63cd5ffb40
3 changed files with 20 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
View File

@ -396,7 +396,7 @@ sub authenticate {
$req->steps( [
'setSessionInfo', 'setMacros',
'setPersistentSessionInfo', 'storeHistory',
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
]
);
@ -475,13 +475,12 @@ sub setGroups {
}
sub setPersistentSessionInfo {
# $user passed by BruteForceProtection plugin
my ( $self, $req, $user ) = @_;
my ( $self, $req ) = @_;
# Do not restore infos if session already opened
unless ( $req->id ) {
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} } || $user;
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
return PE_OK unless ( $key and length($key) );
my $persistentSession = $self->getPersistentSession($key);
@ -620,9 +619,9 @@ sub secondFactor {
}
sub storeHistory {
my ( $self, $req, $uid ) = @_; # $uid passed by BruteForceProtection plugin
my ( $self, $req ) = @_;
if ( $self->conf->{loginHistoryEnabled} ) {
$self->registerLogin( $req, $uid );
$self->registerLogin($req);
}
PE_OK;
}

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -1049,9 +1049,7 @@ sub tplParams {
}
sub registerLogin {
# $user passed by BruteForceProtection plugin
my ( $self, $req, $uid ) = @_;
my ( $self, $req ) = @_;
return
unless ( $self->conf->{loginHistoryEnabled}
and defined $req->authResult );
@ -1081,8 +1079,7 @@ sub registerLogin {
}
}
}
$self->updatePersistentSession( $req, { 'loginHistory' => undef },
$uid );
$self->updatePersistentSession( $req, { 'loginHistory' => undef } );
delete $req->sessionInfo->{loginHistory};
}
@ -1107,7 +1104,7 @@ sub registerLogin {
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
# Save into persistent session
$self->updatePersistentSession( $req, { _loginHistory => $history }, $uid );
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
PE_OK;
}

24
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
View File

@ -12,7 +12,7 @@ our $VERSION = '2.0.10';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
use constant aroundSub => { authenticate => 'check' };
use constant afterSub => { setPersistentSessionInfo => 'run' };
has lockTimes => (
is => 'rw',
@ -61,7 +61,9 @@ sub init {
sort { $a <=> $b }
map {
$_ =~ s/\D//;
abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? abs $_ : ()
abs $_ < $self->conf->{bruteForceProtectionMaxLockTime}
? abs $_
: ()
}
grep { /\d+/ }
split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes};
@ -99,13 +101,9 @@ sub init {
}
# RUNNING METHOD
sub check {
my ( $self, $sub, $req ) = @_;
my $now = time;
$self->p->setSessionInfo($req);
$self->logger->debug("Retrieve $req->{user} logins history");
$self->p->setPersistentSessionInfo( $req, $req->{user} );
sub run {
my ( $self, $req ) = @_;
my $now = time;
my $countFailed = my @failedLogins =
map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () }
@{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
@ -115,7 +113,7 @@ sub check {
my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef;
if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
return $sub->($req) unless $lastFailedLoginEpoch;
return PE_OK unless $lastFailedLoginEpoch;
# Delta between current attempt and last failed login
my $delta = $now - $lastFailedLoginEpoch;
@ -148,10 +146,10 @@ sub check {
$req->lockTime( $waitingTime - $delta );
return PE_WAIT;
}
return $sub->($req);
return PE_OK;
}
return $sub->($req)
return PE_OK
if ( $countFailed < $self->maxFailed );
# Delta between current attempt and last failed login
@ -159,7 +157,7 @@ sub check {
$self->logger->debug(" -> Delta = $delta");
# Delta < Tempo => wait
return $sub->($req)
return PE_OK
unless ( $delta < $self->conf->{bruteForceProtectionTempo}
&& $countFailed );