parent
469d2a40aa
commit
63cd5ffb40
|
@ -396,7 +396,7 @@ sub authenticate {
|
|||
$req->steps( [
|
||||
'setSessionInfo', 'setMacros',
|
||||
'setPersistentSessionInfo', 'storeHistory',
|
||||
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
||||
@{ $self->afterData }, sub { PE_BADCREDENTIALS }
|
||||
]
|
||||
);
|
||||
|
||||
|
@ -475,13 +475,12 @@ sub setGroups {
|
|||
}
|
||||
|
||||
sub setPersistentSessionInfo {
|
||||
|
||||
# $user passed by BruteForceProtection plugin
|
||||
my ( $self, $req, $user ) = @_;
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
# Do not restore infos if session already opened
|
||||
unless ( $req->id ) {
|
||||
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} } || $user;
|
||||
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||
|
||||
return PE_OK unless ( $key and length($key) );
|
||||
|
||||
my $persistentSession = $self->getPersistentSession($key);
|
||||
|
@ -620,9 +619,9 @@ sub secondFactor {
|
|||
}
|
||||
|
||||
sub storeHistory {
|
||||
my ( $self, $req, $uid ) = @_; # $uid passed by BruteForceProtection plugin
|
||||
my ( $self, $req ) = @_;
|
||||
if ( $self->conf->{loginHistoryEnabled} ) {
|
||||
$self->registerLogin( $req, $uid );
|
||||
$self->registerLogin($req);
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
@ -1049,9 +1049,7 @@ sub tplParams {
|
|||
}
|
||||
|
||||
sub registerLogin {
|
||||
|
||||
# $user passed by BruteForceProtection plugin
|
||||
my ( $self, $req, $uid ) = @_;
|
||||
my ( $self, $req ) = @_;
|
||||
return
|
||||
unless ( $self->conf->{loginHistoryEnabled}
|
||||
and defined $req->authResult );
|
||||
|
@ -1081,8 +1079,7 @@ sub registerLogin {
|
|||
}
|
||||
}
|
||||
}
|
||||
$self->updatePersistentSession( $req, { 'loginHistory' => undef },
|
||||
$uid );
|
||||
$self->updatePersistentSession( $req, { 'loginHistory' => undef } );
|
||||
delete $req->sessionInfo->{loginHistory};
|
||||
}
|
||||
|
||||
|
@ -1107,7 +1104,7 @@ sub registerLogin {
|
|||
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
||||
|
||||
# Save into persistent session
|
||||
$self->updatePersistentSession( $req, { _loginHistory => $history }, $uid );
|
||||
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ our $VERSION = '2.0.10';
|
|||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
# INITIALIZATION
|
||||
use constant aroundSub => { authenticate => 'check' };
|
||||
use constant afterSub => { setPersistentSessionInfo => 'run' };
|
||||
|
||||
has lockTimes => (
|
||||
is => 'rw',
|
||||
|
@ -61,7 +61,9 @@ sub init {
|
|||
sort { $a <=> $b }
|
||||
map {
|
||||
$_ =~ s/\D//;
|
||||
abs $_ < $self->conf->{bruteForceProtectionMaxLockTime} ? abs $_ : ()
|
||||
abs $_ < $self->conf->{bruteForceProtectionMaxLockTime}
|
||||
? abs $_
|
||||
: ()
|
||||
}
|
||||
grep { /\d+/ }
|
||||
split /\s*,\s*/, $self->conf->{bruteForceProtectionLockTimes};
|
||||
|
@ -99,13 +101,9 @@ sub init {
|
|||
}
|
||||
|
||||
# RUNNING METHOD
|
||||
sub check {
|
||||
my ( $self, $sub, $req ) = @_;
|
||||
my $now = time;
|
||||
$self->p->setSessionInfo($req);
|
||||
$self->logger->debug("Retrieve $req->{user} logins history");
|
||||
$self->p->setPersistentSessionInfo( $req, $req->{user} );
|
||||
|
||||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
my $now = time;
|
||||
my $countFailed = my @failedLogins =
|
||||
map { ( $now - $_->{_utime} ) <= $self->maxAge ? $_ : () }
|
||||
@{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
|
||||
|
@ -115,7 +113,7 @@ sub check {
|
|||
my $lastFailedLoginEpoch = $failedLogins[0]->{_utime} || undef;
|
||||
|
||||
if ( $self->conf->{bruteForceProtectionIncrementalTempo} ) {
|
||||
return $sub->($req) unless $lastFailedLoginEpoch;
|
||||
return PE_OK unless $lastFailedLoginEpoch;
|
||||
|
||||
# Delta between current attempt and last failed login
|
||||
my $delta = $now - $lastFailedLoginEpoch;
|
||||
|
@ -148,10 +146,10 @@ sub check {
|
|||
$req->lockTime( $waitingTime - $delta );
|
||||
return PE_WAIT;
|
||||
}
|
||||
return $sub->($req);
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
return $sub->($req)
|
||||
return PE_OK
|
||||
if ( $countFailed < $self->maxFailed );
|
||||
|
||||
# Delta between current attempt and last failed login
|
||||
|
@ -159,7 +157,7 @@ sub check {
|
|||
$self->logger->debug(" -> Delta = $delta");
|
||||
|
||||
# Delta < Tempo => wait
|
||||
return $sub->($req)
|
||||
return PE_OK
|
||||
unless ( $delta < $self->conf->{bruteForceProtectionTempo}
|
||||
&& $countFailed );
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user