From 8b6ab584cf2a39d309e920decdde60c3e6c5ba14 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 27 Aug 2020 14:38:11 +0200 Subject: [PATCH] WIP: Update langs & append conf test (#2276) --- .../lib/Lemonldap/NG/Manager/Conf/Tests.pm | 50 +++++-------------- .../site/htdocs/static/languages/ar.json | 5 +- .../site/htdocs/static/languages/de.json | 5 +- .../site/htdocs/static/languages/en.json | 5 +- .../site/htdocs/static/languages/fr.json | 5 +- .../site/htdocs/static/languages/it.json | 5 +- .../site/htdocs/static/languages/pl.json | 5 +- .../site/htdocs/static/languages/tr.json | 5 +- .../site/htdocs/static/languages/vi.json | 5 +- .../site/htdocs/static/languages/zh.json | 5 +- .../NG/Portal/Plugins/BruteForceProtection.pm | 25 +++++----- 11 files changed, 61 insertions(+), 59 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm index d534db39d..9c0b96710 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm @@ -254,8 +254,6 @@ sub tests { return ( 1, "Cookie TTL should be higher or equal than one hour" ) unless ( $conf->{cookieExpiration} >= 3600 || $conf->{cookieExpiration} == 0 ); - - # Return return 1; }, @@ -265,8 +263,6 @@ sub tests { return ( -1, "Session timeout should be higher than ten minutes" ) unless ( $conf->{timeout} > 600 || $conf->{timeout} == 0 ); - - # Return return 1; }, @@ -278,8 +274,6 @@ sub tests { ) unless ( $conf->{timeoutActivity} > 59 || $conf->{timeoutActivity} == 0 ); - - # Return return 1; }, @@ -292,8 +286,6 @@ sub tests { if ( $conf->{timeoutActivity} and $conf->{timeoutActivity} <= $conf->{timeoutActivityInterval} ); - - # Return return 1; }, @@ -338,8 +330,6 @@ sub tests { return ( 1, "SMTP authentication failed" ) unless $smtp->auth( $conf->{SMTPAuthUser}, $conf->{SMTPAuthPass} ); - - # Return return 1; }, @@ -441,8 +431,6 @@ sub tests { unless ( $conf->{combination} ); return ( 0, 'userDB must be set to "Same" to enable Combination' ) unless ( $conf->{userDB} eq "Same" ); - - # Return return 1; }, @@ -482,8 +470,6 @@ sub tests { "Auth::Yubikey_WebClient module is required to enable Yubikey" ) if ($@); } - - # Return return 1; }, @@ -521,8 +507,6 @@ sub tests { unless ( $conf->{totp2fRange} ); return ( 1, "TOTP interval should be higher than 10s" ) unless ( $conf->{totp2fInterval} > 10 ); - - # Return return 1; }, @@ -570,7 +554,6 @@ sub tests { || $conf->{'totp2fSelfRegistration'} ); $msg = "A self registrable module should be enabled to require 2FA" unless ($ok); - return ( 1, $msg ); }, @@ -583,8 +566,6 @@ sub tests { return ( 0, "External 2F Validate command must be set" ) unless ( defined $conf->{ext2FValidateCommand} ); } - - # Return return 1; }, @@ -595,8 +576,6 @@ sub tests { unless ( $conf->{formTimeout} > 30 ); return ( 1, "XSRF form token TTL should not be higher than 2mn" ) if ( $conf->{formTimeout} > 120 ); - - # Return return 1; }, @@ -607,8 +586,6 @@ sub tests { unless ( $conf->{issuersTimeout} > 30 ); return ( 1, "Issuers token TTL should not be higher than 2mn" ) if ( $conf->{issuersTimeout} > 120 ); - - # Return return 1; }, @@ -617,8 +594,6 @@ sub tests { return 1 unless ( $conf->{portalDisplayResetPassword} ); return ( 1, "Number of reset password retries should not be null" ) unless ( $conf->{passwordResetAllowedRetries} ); - - # Return return 1; }, @@ -641,8 +616,18 @@ sub tests { return ( 1, 'Number of failed logins must be higher than 2 to enable "BruteForceProtection" plugin' ) unless ( $conf->{failedLoginNumber} > 2 ); - - # Return + return ( 1, +'Number of failed logins history must be higher than allowed failed logins plus lock time values' + ) + if ( $conf->{bruteForceProtectionIncrementalTempo} + && $conf->{failedLoginNumber} <= + $conf->{bruteForceProtectionMaxFailed} + + $conf->{bruteForceProtectionLockTimes} ); + return ( 1, +'Number of failed logins history must be higher than allowed failed logins' + ) + unless ( $conf->{failedLoginNumber} > + $conf->{bruteForceProtectionMaxFailed} ); return 1; }, @@ -654,8 +639,6 @@ sub tests { ) unless ( $conf->{requireToken} or $conf->{captcha_mail_enabled} ); - - # Return return 1; }, @@ -666,8 +649,6 @@ sub tests { ) if ( $conf->{impersonationRule} && $conf->{contextSwitchingRule} ); - - # Return return 1; }, @@ -691,8 +672,6 @@ sub tests { return ( 1, "BruteForceProtection plugin enabled WITHOUT persistent session storage" ) if ( $conf->{bruteForceProtection} ); - - # Return return 1; }, @@ -707,8 +686,6 @@ sub tests { return ( 1, "XML::LibXSLT module is required to enable old format notifications" ) if ($@); - - # Return return 1; }, @@ -722,8 +699,6 @@ sub tests { return ( 1, "DateTime::Format::RFC3339 module is required to enable CertificateResetByMail plugin" ) if ($@); - - # Return return 1; }, @@ -867,7 +842,6 @@ sub tests { and $conf->{portal} !~ /^https:/ ); return 1; }, - }; } diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 330f919cf..6bd7753db 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -106,7 +106,10 @@ "browseTree":"تصفح الهيكل", "bruteForceProtection":"تفعيل", "bruteForceAttackProtection":"Brute-force attack protection", -"bruteForceProtectionIncrementalTempo":"Incremental lock times", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"إلغاء", "captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول", "captcha_mail_enabled":"التفعيل في إعادة تعيين كلمة المرور بواسطة استمارة البريد", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index b7dfa0214..1396dff9d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -106,7 +106,10 @@ "browseTree":"Browse tree", "bruteForceProtection":"Activation", "bruteForceAttackProtection":"Brute-force attack protection", -"bruteForceProtectionIncrementalTempo":"Incremental lock times", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"Abbrechen", "captcha_login_enabled":"Activation in login form", "captcha_mail_enabled":"Activation in password reset by mail form", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index d7462e23e..00565f930 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -106,7 +106,10 @@ "browseTree":"Browse tree", "bruteForceProtection":"Activation", "bruteForceAttackProtection":"Brute-force attack protection", -"bruteForceProtectionIncrementalTempo":"Incremental lock times", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"Cancel", "captcha_login_enabled":"Activation in login form", "captcha_mail_enabled":"Activation in password reset by mail form", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index f8b36c3bc..09132df9d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -106,7 +106,10 @@ "browseTree":"Parcourir l'arbre", "bruteForceProtection":"Activation", "bruteForceAttackProtection":"Protection contre les attaques par force brute", -"bruteForceProtectionIncrementalTempo":"Temps de verrouillage incrémentiels", +"bruteForceProtectionIncrementalTempo":"Verrouillage incrémentiel", +"bruteForceProtectionLockTimes":"Temps de verrouillage incrémentiel", +"bruteForceProtectionMaxFailed":"Nombre d'échecs de connexion autorisés", +"bruteForceProtectionTempo":"Temps de verrouillage", "cancel":"Annuler", "captcha_login_enabled":"Activation dans le formulaire d'authentification", "captcha_mail_enabled":"Activation dans le formulaire de réinitialisation par mail", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index e93981a3c..80fca771a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -106,7 +106,10 @@ "browseTree":"Naviga albero", "bruteForceProtection":"Attivazione", "bruteForceAttackProtection":"Brute-force attack protection", -"bruteForceProtectionIncrementalTempo":"Incremental lock times", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"Cancella", "captcha_login_enabled":"Attivazione nel modulo di login", "captcha_mail_enabled":"Attivazione della reimpostazione della password tramite modulo di posta", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index 1b14d1695..4dff6ddff 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -106,7 +106,10 @@ "browseTree":"Przeglądaj drzewo", "bruteForceProtection":"Aktywacja", "bruteForceAttackProtection":"Ochrona przed atakiem siłowym", -"bruteForceProtectionIncrementalTempo":"Przyrostowe czasy blokady", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"Anuluj", "captcha_login_enabled":"Aktywacja w formularzu logowania", "captcha_mail_enabled":"Aktywacja przy resetowaniu hasła za pomocą formularza pocztowego", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index f8da5748f..94f72e9dd 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -106,7 +106,10 @@ "browseTree":"Ağaca göz at", "bruteForceProtection":"Aktivasyon", "bruteForceAttackProtection":"Kaba kuvvet saldırı koruması", -"bruteForceProtectionIncrementalTempo":"Artan gecikme zamanı", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"İptal Et", "captcha_login_enabled":"Giriş formunda aktivasyon", "captcha_mail_enabled":"E-posta formu tarafından parola sıfırlamada aktivasyon", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index 882dd9da1..659e8cfa3 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -106,7 +106,10 @@ "browseTree":"Duyệt cây", "bruteForceProtection":"Kích hoạt", "bruteForceAttackProtection":"Brute-force attack protection", -"bruteForceProtectionIncrementalTempo":"Incremental lock times", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"Hủy", "captcha_login_enabled":"Kích hoạt ở dạng đăng nhập", "captcha_mail_enabled":"Kích hoạt đặt lại mật khẩu bằng biểu mẫu thư", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index cdb38566f..8566bc516 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -106,7 +106,10 @@ "browseTree":"浏览树", "bruteForceProtection":"激活", "bruteForceAttackProtection":"Brute-force attack protection", -"bruteForceProtectionIncrementalTempo":"Incremental lock times", +"bruteForceProtectionIncrementalTempo":"Incremental lock", +"bruteForceProtectionLockTimes":"Incremental lock times", +"bruteForceProtectionMaxFailed":"Allowed failed logins", +"bruteForceProtectionTempo":"Lock time", "cancel":"取消", "captcha_login_enabled":" 登录激活", "captcha_mail_enabled":"通过邮件进行密码重置 激活", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm index 09dab76fa..8a474c459 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm @@ -38,9 +38,9 @@ sub init { unless ( $self->conf->{failedLoginNumber} > $self->conf->{bruteForceProtectionMaxFailed} ) { - $self->logger->error( 'failedLoginNumber(' + $self->logger->error( 'Number of failed logins history (' . $self->conf->{failedLoginNumber} - . ') must be higher than bruteForceProtectionMaxFailed(' + . ') must be higher than allowed failed logins attempt (' . $self->conf->{bruteForceProtectionMaxFailed} . ')' ); return 0; @@ -57,18 +57,19 @@ sub init { $lockTimes = 5; } - # for ( - # my $i = 1 ; - # $i <= $self->conf->{bruteForceProtectionMaxFailed} ; - # $i++ - # ) - # { - # unshift @{ $self->lockTimes }, 0; - # $lockTimes++; - # } + for ( + my $i = 1 ; + $i <= $self->conf->{bruteForceProtectionMaxFailed} ; + $i++ + ) + { + unshift @{ $self->lockTimes }, 0; + $lockTimes++; + } if ( $lockTimes > $self->conf->{failedLoginNumber} ) { - $self->logger->warn( 'Number of incremental lock time values (' + $self->logger->warn( +'Number of incremental lock time values plus allowed failed logins attempt(' . "$lockTimes) is higher than failed logins history (" . $self->conf->{failedLoginNumber} . ')' );