parent
469d2a40aa
commit
63cd5ffb40
|
@ -396,7 +396,7 @@ sub authenticate {
|
||||||
$req->steps( [
|
$req->steps( [
|
||||||
'setSessionInfo', 'setMacros',
|
'setSessionInfo', 'setMacros',
|
||||||
'setPersistentSessionInfo', 'storeHistory',
|
'setPersistentSessionInfo', 'storeHistory',
|
||||||
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -475,13 +475,12 @@ sub setGroups {
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setPersistentSessionInfo {
|
sub setPersistentSessionInfo {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
# $user passed by BruteForceProtection plugin
|
|
||||||
my ( $self, $req, $user ) = @_;
|
|
||||||
|
|
||||||
# Do not restore infos if session already opened
|
# Do not restore infos if session already opened
|
||||||
unless ( $req->id ) {
|
unless ( $req->id ) {
|
||||||
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} } || $user;
|
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||||
|
|
||||||
return PE_OK unless ( $key and length($key) );
|
return PE_OK unless ( $key and length($key) );
|
||||||
|
|
||||||
my $persistentSession = $self->getPersistentSession($key);
|
my $persistentSession = $self->getPersistentSession($key);
|
||||||
|
@ -620,9 +619,9 @@ sub secondFactor {
|
||||||
}
|
}
|
||||||
|
|
||||||
sub storeHistory {
|
sub storeHistory {
|
||||||
my ( $self, $req, $uid ) = @_; # $uid passed by BruteForceProtection plugin
|
my ( $self, $req ) = @_;
|
||||||
if ( $self->conf->{loginHistoryEnabled} ) {
|
if ( $self->conf->{loginHistoryEnabled} ) {
|
||||||
$self->registerLogin( $req, $uid );
|
$self->registerLogin($req);
|
||||||
}
|
}
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1049,9 +1049,7 @@ sub tplParams {
|
||||||
}
|
}
|
||||||
|
|
||||||
sub registerLogin {
|
sub registerLogin {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
# $user passed by BruteForceProtection plugin
|
|
||||||
my ( $self, $req, $uid ) = @_;
|
|
||||||
return
|
return
|
||||||
unless ( $self->conf->{loginHistoryEnabled}
|
unless ( $self->conf->{loginHistoryEnabled}
|
||||||
and defined $req->authResult );
|
and defined $req->authResult );
|
||||||
|
@ -1081,8 +1079,7 @@ sub registerLogin {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$self->updatePersistentSession( $req, { 'loginHistory' => undef },
|
$self->updatePersistentSession( $req, { 'loginHistory' => undef } );
|
||||||
$uid );
|
|
||||||
delete $req->sessionInfo->{loginHistory};
|
delete $req->sessionInfo->{loginHistory};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1107,7 +1104,7 @@ sub registerLogin {
|
||||||
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
||||||
|
|
||||||
# Save into persistent session
|
# Save into persistent session
|
||||||
$self->updatePersistentSession( $req, { _loginHistory => $history }, $uid );
|
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ our $VERSION = '2.0.10';
|
||||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
use constant aroundSub => { authenticate => 'check' };
|
use constant afterSub => { setPersistentSessionInfo => 'run' };
|
||||||
|
|
||||||
has lockTimes => (
|
has lockTimes => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
|
@ -61,7 +61,9 @@ sub init {
|
||||||
sort { $a <=> $b }
|
sort { $a <=> $b }
|
||||||
map {
|
map {
|
||||||
$_ =~ s/\D//;
|
$_ =~ s/\D//;
|
||||||
abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? abs $_ : ()
|
abs $_ < $self->conf->{bruteForceProtectionMaxLockTime}
|
||||||
|
? abs $_
|
||||||
|
: ()
|
||||||
}
|
}
|
||||||
grep { /\d+/ }
|
grep { /\d+/ }
|
||||||
split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes};
|
split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes};
|
||||||
|
@ -99,13 +101,9 @@ sub init {
|
||||||
}
|
}
|
||||||
|
|
||||||
# RUNNING METHOD
|
# RUNNING METHOD
|
||||||
sub check {
|
sub run {
|
||||||
my ( $self, $sub, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $now = time;
|
my $now = time;
|
||||||
$self->p->setSessionInfo($req);
|
|
||||||
$self->logger->debug("Retrieve $req->{user} logins history");
|
|
||||||
$self->p->setPersistentSessionInfo( $req, $req->{user} );
|
|
||||||
|
|
||||||
my $countFailed = my @failedLogins =
|
my $countFailed = my @failedLogins =
|
||||||
map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () }
|
map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () }
|
||||||
@{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
|
@{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
|
||||||
|
@ -115,7 +113,7 @@ sub check {
|
||||||
my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef;
|
my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef;
|
||||||
|
|
||||||
if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
|
if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
|
||||||
return $sub->($req) unless $lastFailedLoginEpoch;
|
return PE_OK unless $lastFailedLoginEpoch;
|
||||||
|
|
||||||
# Delta between current attempt and last failed login
|
# Delta between current attempt and last failed login
|
||||||
my $delta = $now - $lastFailedLoginEpoch;
|
my $delta = $now - $lastFailedLoginEpoch;
|
||||||
|
@ -148,10 +146,10 @@ sub check {
|
||||||
$req->lockTime( $waitingTime - $delta );
|
$req->lockTime( $waitingTime - $delta );
|
||||||
return PE_WAIT;
|
return PE_WAIT;
|
||||||
}
|
}
|
||||||
return $sub->($req);
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $sub->($req)
|
return PE_OK
|
||||||
if ( $countFailed < $self->maxFailed );
|
if ( $countFailed < $self->maxFailed );
|
||||||
|
|
||||||
# Delta between current attempt and last failed login
|
# Delta between current attempt and last failed login
|
||||||
|
@ -159,7 +157,7 @@ sub check {
|
||||||
$self->logger->debug(" -> Delta = $delta");
|
$self->logger->debug(" -> Delta = $delta");
|
||||||
|
|
||||||
# Delta < Tempo => wait
|
# Delta < Tempo => wait
|
||||||
return $sub->($req)
|
return PE_OK
|
||||||
unless ( $delta < $self->conf->{bruteForceProtectionTempo}
|
unless ( $delta < $self->conf->{bruteForceProtectionTempo}
|
||||||
&& $countFailed );
|
&& $countFailed );
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user