WIP: Update langs & append conf test (#2276)

2020-08-27 14:38:11 +02:00 · 2020-08-27 14:38:11 +02:00 · 8b6ab584cf
commit 8b6ab584cf
parent 4d52fedfe5
11 changed files with 61 additions and 59 deletions
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
@ -254,8 +254,6 @@ sub tests {
            return ( 1, "Cookie TTL should be higher or equal than one hour" )
              unless ( $conf->{cookieExpiration} >= 3600
                || $conf->{cookieExpiration} == 0 );
-
-            # Return
            return 1;
        },

@ -265,8 +263,6 @@ sub tests {
            return ( -1, "Session timeout should be higher than ten minutes" )
              unless ( $conf->{timeout} > 600
                || $conf->{timeout} == 0 );
-
-            # Return
            return 1;
        },

@ -278,8 +274,6 @@ sub tests {
              )
              unless ( $conf->{timeoutActivity} > 59
                || $conf->{timeoutActivity} == 0 );
-
-            # Return
            return 1;
        },

@ -292,8 +286,6 @@ sub tests {
              if (  $conf->{timeoutActivity}
                and $conf->{timeoutActivity} <=
                $conf->{timeoutActivityInterval} );
-
-            # Return
            return 1;
        },

@ -338,8 +330,6 @@ sub tests {
            return ( 1, "SMTP authentication failed" )
              unless $smtp->auth( $conf->{SMTPAuthUser},
                $conf->{SMTPAuthPass} );
-
-            # Return
            return 1;
        },

@ -441,8 +431,6 @@ sub tests {
              unless ( $conf->{combination} );
            return ( 0, 'userDB must be set to "Same" to enable Combination' )
              unless ( $conf->{userDB} eq "Same" );
-
-            # Return
            return 1;
        },

@ -482,8 +470,6 @@ sub tests {
 "Auth::Yubikey_WebClient module is required to enable Yubikey"
                ) if ($@);
            }
-
-            # Return
            return 1;
        },

@ -521,8 +507,6 @@ sub tests {
              unless ( $conf->{totp2fRange} );
            return ( 1, "TOTP interval should be higher than 10s" )
              unless ( $conf->{totp2fInterval} > 10 );
-
-            # Return
            return 1;
        },

@ -570,7 +554,6 @@ sub tests {
                || $conf->{'totp2fSelfRegistration'} );
            $msg = "A self registrable module should be enabled to require 2FA"
              unless ($ok);
-
            return ( 1, $msg );
        },

@ -583,8 +566,6 @@ sub tests {
                return ( 0, "External 2F Validate command must be set" )
                  unless ( defined $conf->{ext2FValidateCommand} );
            }
-
-            # Return
            return 1;
        },

@ -595,8 +576,6 @@ sub tests {
              unless ( $conf->{formTimeout} > 30 );
            return ( 1, "XSRF form token TTL should not be higher than 2mn" )
              if ( $conf->{formTimeout} > 120 );
-
-            # Return
            return 1;
        },

@ -607,8 +586,6 @@ sub tests {
              unless ( $conf->{issuersTimeout} > 30 );
            return ( 1, "Issuers token TTL should not be higher than 2mn" )
              if ( $conf->{issuersTimeout} > 120 );
-
-            # Return
            return 1;
        },

@ -617,8 +594,6 @@ sub tests {
            return 1 unless ( $conf->{portalDisplayResetPassword} );
            return ( 1, "Number of reset password retries should not be null" )
              unless ( $conf->{passwordResetAllowedRetries} );
-
-            # Return
            return 1;
        },

@ -641,8 +616,18 @@ sub tests {
            return ( 1,
 'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin'
            ) unless ( $conf->{failedLoginNumber} > 2 );
-
-            # Return
+            return ( 1,
+'Number of failed logins history must be higher than allowed failed logins plus lock time values'
+              )
+              if ( $conf->{bruteForceProtectionIncrementalTempo}
+                && $conf->{failedLoginNumber} <=
+                $conf->{bruteForceProtectionMaxFailed} +
+                $conf->{bruteForceProtectionLockTimes} );
+            return ( 1,
+'Number of failed logins history must be higher than allowed failed logins'
+              )
+              unless ( $conf->{failedLoginNumber} >
+                $conf->{bruteForceProtectionMaxFailed} );
            return 1;
        },

@ -654,8 +639,6 @@ sub tests {
              )
              unless ( $conf->{requireToken}
                or $conf->{captcha_mail_enabled} );
-
-            # Return
            return 1;
        },

@ -666,8 +649,6 @@ sub tests {
              )
              if ( $conf->{impersonationRule}
                && $conf->{contextSwitchingRule} );
-
-            # Return
            return 1;
        },

@ -691,8 +672,6 @@ sub tests {
            return ( 1,
 "BruteForceProtection plugin enabled WITHOUT persistent session storage"
            ) if ( $conf->{bruteForceProtection} );
-
-            # Return
            return 1;
        },

@ -707,8 +686,6 @@ sub tests {
            return ( 1,
 "XML::LibXSLT module is required to enable old format notifications"
            ) if ($@);
-
-            # Return
            return 1;
        },

@ -722,8 +699,6 @@ sub tests {
            return ( 1,
 "DateTime::Format::RFC3339 module is required to enable CertificateResetByMail plugin"
            ) if ($@);
-
-            # Return
            return 1;
        },

@ -867,7 +842,6 @@ sub tests {
                and $conf->{portal} !~ /^https:/ );
            return 1;
        },
-
    };
 }

--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -106,7 +106,10 @@
 "browseTree":"تصفح الهيكل",
 "bruteForceProtection":"تفعيل",
 "bruteForceAttackProtection":"Brute-force attack protection",
-"bruteForceProtectionIncrementalTempo":"Incremental lock times",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"إلغاء",
 "captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول",
 "captcha_mail_enabled":"التفعيل في إعادة تعيين كلمة المرور بواسطة استمارة البريد",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -106,7 +106,10 @@
 "browseTree":"Browse tree",
 "bruteForceProtection":"Activation",
 "bruteForceAttackProtection":"Brute-force attack protection",
-"bruteForceProtectionIncrementalTempo":"Incremental lock times",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"Abbrechen",
 "captcha_login_enabled":"Activation in login form",
 "captcha_mail_enabled":"Activation in password reset by mail form",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -106,7 +106,10 @@
 "browseTree":"Browse tree",
 "bruteForceProtection":"Activation",
 "bruteForceAttackProtection":"Brute-force attack protection",
-"bruteForceProtectionIncrementalTempo":"Incremental lock times",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"Cancel",
 "captcha_login_enabled":"Activation in login form",
 "captcha_mail_enabled":"Activation in password reset by mail form",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -106,7 +106,10 @@
 "browseTree":"Parcourir l'arbre",
 "bruteForceProtection":"Activation",
 "bruteForceAttackProtection":"Protection contre les attaques par force brute",
-"bruteForceProtectionIncrementalTempo":"Temps de verrouillage incrémentiels",
+"bruteForceProtectionIncrementalTempo":"Verrouillage incrémentiel",
+"bruteForceProtectionLockTimes":"Temps de verrouillage incrémentiel",
+"bruteForceProtectionMaxFailed":"Nombre d'échecs de connexion autorisés",
+"bruteForceProtectionTempo":"Temps de verrouillage",
 "cancel":"Annuler",
 "captcha_login_enabled":"Activation dans le formulaire d'authentification",
 "captcha_mail_enabled":"Activation dans le formulaire de réinitialisation par mail",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -106,7 +106,10 @@
 "browseTree":"Naviga albero",
 "bruteForceProtection":"Attivazione",
 "bruteForceAttackProtection":"Brute-force attack protection",
-"bruteForceProtectionIncrementalTempo":"Incremental lock times",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"Cancella",
 "captcha_login_enabled":"Attivazione nel modulo di login",
 "captcha_mail_enabled":"Attivazione della reimpostazione della password tramite modulo di posta",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@ -106,7 +106,10 @@
 "browseTree":"Przeglądaj drzewo",
 "bruteForceProtection":"Aktywacja",
 "bruteForceAttackProtection":"Ochrona przed atakiem siłowym",
-"bruteForceProtectionIncrementalTempo":"Przyrostowe czasy blokady",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"Anuluj",
 "captcha_login_enabled":"Aktywacja w formularzu logowania",
 "captcha_mail_enabled":"Aktywacja przy resetowaniu hasła za pomocą formularza pocztowego",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -106,7 +106,10 @@
 "browseTree":"Ağaca göz at",
 "bruteForceProtection":"Aktivasyon",
 "bruteForceAttackProtection":"Kaba kuvvet saldırı koruması",
-"bruteForceProtectionIncrementalTempo":"Artan gecikme zamanı",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"İptal Et",
 "captcha_login_enabled":"Giriş formunda aktivasyon",
 "captcha_mail_enabled":"E-posta formu tarafından parola sıfırlamada aktivasyon",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -106,7 +106,10 @@
 "browseTree":"Duyệt cây",
 "bruteForceProtection":"Kích hoạt",
 "bruteForceAttackProtection":"Brute-force attack protection",
-"bruteForceProtectionIncrementalTempo":"Incremental lock times",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"Hủy",
 "captcha_login_enabled":"Kích hoạt ở dạng đăng nhập",
 "captcha_mail_enabled":"Kích hoạt đặt lại mật khẩu bằng biểu mẫu thư",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -106,7 +106,10 @@
 "browseTree":"浏览树",
 "bruteForceProtection":"激活",
 "bruteForceAttackProtection":"Brute-force attack protection",
-"bruteForceProtectionIncrementalTempo":"Incremental lock times",
+"bruteForceProtectionIncrementalTempo":"Incremental lock",
+"bruteForceProtectionLockTimes":"Incremental lock times",
+"bruteForceProtectionMaxFailed":"Allowed failed logins",
+"bruteForceProtectionTempo":"Lock time",
 "cancel":"取消",
 "captcha_login_enabled":" 登录激活",
 "captcha_mail_enabled":"通过邮件进行密码重置 激活",
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
@ -38,9 +38,9 @@ sub init {
    unless ( $self->conf->{failedLoginNumber} >
        $self->conf->{bruteForceProtectionMaxFailed} )
    {
-        $self->logger->error( 'failedLoginNumber('
+        $self->logger->error( 'Number of failed logins history ('
              . $self->conf->{failedLoginNumber}
-              . ') must be higher than bruteForceProtectionMaxFailed('
+              . ') must be higher than allowed failed logins attempt ('
              . $self->conf->{bruteForceProtectionMaxFailed}
              . ')' );
        return 0;
@ -57,18 +57,19 @@ sub init {
            $lockTimes = 5;
        }

-        # for (
-        #     my $i = 1 ;
-        #     $i <= $self->conf->{bruteForceProtectionMaxFailed} ;
-        #     $i++
-        #   )
-        # {
-        #     unshift @{ $self->lockTimes }, 0;
-        #     $lockTimes++;
-        # }
+        for (
+            my $i = 1 ;
+            $i <= $self->conf->{bruteForceProtectionMaxFailed} ;
+            $i++
+          )
+        {
+            unshift @{ $self->lockTimes }, 0;
+            $lockTimes++;
+        }

        if ( $lockTimes > $self->conf->{failedLoginNumber} ) {
-            $self->logger->warn( 'Number of incremental lock time values ('
+            $self->logger->warn(
+'Number of incremental lock time values plus allowed failed logins attempt('
                  . "$lockTimes) is higher than failed logins history ("
                  . $self->conf->{failedLoginNumber}
                  . ')' );