diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 83f3eda4e..79254092a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -140,22 +140,6 @@ sub display {
);
}
- # # 1.4 Brute-Force attack detected
- # elsif ( $req->{error} == PE_WAIT ) {
- # $self->logger->debug('Display: waiting before retrying authentication');
- # $self->logger->debug('Hidden values -> '. Dumper( $req->{portalHiddenFormValues}));
- # $skinfile = 'info';
- # %templateParams = (
- # AUTH_ERROR => $self->error,
- # AUTH_ERROR_TYPE => $req->error_type,
- # MSG => '{error}" . '">">' . "PE$req->{error}" . '',
- # URL => $req->{urldc},
- # HIDDEN_INPUTS => $self->buildHiddenForm($req),
- # ACTIVE_TIMER => $req->data->{activeTimer},
- # FORM_METHOD => $self->conf->{infoFormMethod},
- # );
- # }
-
# 1.4 OpenID menu page
elsif ($req->{error} == PE_OPENID_EMPTY
or $req->{error} == PE_OPENID_BADID )
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
index f57508e5b..0a8a51f15 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/BruteForceProtection.pm
@@ -1,5 +1,6 @@
package Lemonldap::NG::Portal::Plugins::BruteForceProtection;
+use Data::Dumper;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_WAIT);
@@ -56,7 +57,7 @@ sub run {
unless ( $delta <= $self->conf->{bruteForceProtectionTempo} );
# Account locked
- shift @{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
+ #shift @{ $req->sessionInfo->{_loginHistory}->{failedLogin} };
return PE_WAIT;
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
index 5650bd10f..83b6e1529 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
@@ -1,6 +1,5 @@
package Lemonldap::NG::Portal::Plugins::History;
-use Data::Dumper;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(PE_INFO PE_OK);
@@ -22,8 +21,8 @@ sub run {
my ( $self, $req ) = @_;
if ( $req->param('checkLogins') ) {
$self->logger->debug('History asked');
- $self->logger->debug(' successLogins -> ' . Dumper($req->sessionInfo->{_loginHistory}->{successLogin} ));
- $self->logger->debug(' failedLogins -> ' . Dumper($req->sessionInfo->{_loginHistory}->{failedLogin} ));
+ #$self->logger->debug(' successLogins -> ' . Dumper($req->sessionInfo->{_loginHistory}->{successLogin} ));
+ #$self->logger->debug(' failedLogins -> ' . Dumper($req->sessionInfo->{_loginHistory}->{failedLogin} ));
$req->info(
(
$req->sessionInfo->{_loginHistory}->{successLogin}
diff --git a/lemonldap-ng-portal/t/61-BruteForceAttackProtection.t.old b/lemonldap-ng-portal/t/61-BruteForceAttackProtection.t.old
deleted file mode 100644
index a100091f1..000000000
--- a/lemonldap-ng-portal/t/61-BruteForceAttackProtection.t.old
+++ /dev/null
@@ -1,100 +0,0 @@
-use Test::More;
-use strict;
-use IO::String;
-
-BEGIN {
- require 't/test-lib.pm';
-}
-
-my $res;
-
-my $client = LLNG::Manager::Test->new(
- {
- ini => {
- logLevel => 'error',
- authentication => 'Demo',
- userDB => 'Same',
- loginHistoryEnabled => 1,
- brutForceProtection => 1,
- }
- }
-);
-
-## First successful connection
-ok(
- $res = $client->_post(
- '/',
- IO::String->new('user=dwho&password=dwho'),
- length => 23,
- accept => 'text/html',
- ),
- 'Auth query'
-);
-count(1);
-my $id1 = expectCookie($res);
-expectRedirection( $res, 'http://auth.example.com/' );
-
-$client->logout($id1);
-
-## Second successful connection
-ok(
- $res = $client->_post(
- '/',
- IO::String->new('user=dwho&password=dwho'),
- length => 23,
- accept => 'text/html',
- ),
- 'Auth query'
-);
-count(1);
-$id1 = expectCookie($res);
-expectRedirection( $res, 'http://auth.example.com/' );
-
-$client->logout($id1);
-
-
-## First failed connection
-ok(
- $res = $client->_post(
- '/',
- IO::String->new('user=dwho&password=ohwd'),
- length => 23
- ),
- 'Auth query'
-);
-count(1);
-expectReject($res);
-
-## Second failed connection
-ok(
- $res = $client->_post(
- '/',
- IO::String->new('user=dwho&password=ohwd'),
- length => 23
- ),
- 'Auth query'
-);
-count(1);
-expectReject($res);
-
-## Third failed connection
-my $start = time;
-ok(
- $res = $client->_post(
- '/',
- IO::String->new('user=dwho&password=ohwd'),
- length => 23,
- accept => 'text/html',
- ),
- 'Auth query'
-);
-my $stop = time;
-count(1);
-
-my $wait = $stop - $start;
-ok($wait > 29 && $wait < 32, "Waiting time = $wait");
-count(1);
-
-clean_sessions();
-
-done_testing( count() );
diff --git a/lemonldap-ng-portal/t/61-BruteForceProtection.t b/lemonldap-ng-portal/t/61-BruteForceProtection.t
new file mode 100644
index 000000000..f47bd6dbe
--- /dev/null
+++ b/lemonldap-ng-portal/t/61-BruteForceProtection.t
@@ -0,0 +1,147 @@
+use Test::More;
+use strict;
+use IO::String;
+use Data::Dumper;
+
+BEGIN {
+ require 't/test-lib.pm';
+}
+
+my $res;
+
+my $client = LLNG::Manager::Test->new(
+ { ini => {
+ logLevel => 'error',
+ authentication => 'Demo',
+ userDB => 'Same',
+ loginHistoryEnabled => 1,
+ bruteForceProtection => 1,
+ bruteForceProtectionTempo => 5,
+ }
+ }
+);
+
+## First successful connection
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=dwho'),
+ length => 23,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+my $id1 = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+$client->logout($id1);
+
+## Second successful connection
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=dwho'),
+ length => 23,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+$id1 = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+$client->logout($id1);
+
+## First failed connection
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=ohwd'),
+ length => 23
+ ),
+ 'Auth query'
+);
+count(1);
+expectReject($res);
+
+## Second failed connection
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=ohwd'),
+ length => 23
+ ),
+ 'Auth query'
+);
+count(1);
+expectReject($res);
+
+## Third failed connection -> rejected
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=ohwd'),
+ length => 23,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+
+ok( $res->[2]->[0] =~ /<\/span>/, 'Protection enabled' );
+count(1);
+sleep 1;
+
+## Fourth failed connection -> Rejected
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=ohwd'),
+ length => 23,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+
+ok( $res->[2]->[0] =~ /<\/span>/, 'Protection enabled' );
+count(1);
+sleep 2;
+
+## Third successful connection -> Rejected
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=dwho'),
+ length => 23,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+
+ok( $res->[2]->[0] =~ /<\/span>/, 'Protection enabled' );
+count(1);
+sleep 3;
+
+## Fourth successful connection -> Accepted
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=dwho&checkLogins=1'),
+ length => 37,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+$id1 = expectCookie($res);
+
+ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )
+ or print STDERR Dumper( $res->[2]->[0] );
+
+my @c = ( $res->[2]->[0] =~ /| 127.0.0.1/gs );
+my @cf = ( $res->[2]->[0] =~ /PE5<\/td>/gs );
+
+# History with 5 entries
+ok( @c == 7, ' -> Seven entries found' );
+ok( @cf == 4, " -> Four 'failedLogin' entries found" );
+count(3);
+
+$client->logout($id1);
+clean_sessions();
+
+done_testing( count() );
diff --git a/lemonldap-ng-portal/t/63-History.t b/lemonldap-ng-portal/t/63-History.t
index af3d60e17..4bce96cb7 100644
--- a/lemonldap-ng-portal/t/63-History.t
+++ b/lemonldap-ng-portal/t/63-History.t
@@ -9,20 +9,18 @@ BEGIN {
my $res;
my $client = LLNG::Manager::Test->new(
- {
- ini => {
+ { ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
loginHistoryEnabled => 1,
- brutForceProtection => 1,
+ brutForceProtection => 0,
}
}
);
## First successful connection
-ok(
- $res = $client->_post(
+ok( $res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho&checkLogins=1'),
length => 37,
@@ -34,7 +32,7 @@ count(1);
expectOK($res);
my $id1 = expectCookie($res);
ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )
- or explain( $res->[2]->[0], 'trspan="noHistory"' );
+ or explain( $res->[2]->[0], 'trspan="noHistory"' );
my @c = ( $res->[2]->[0] =~ / | 127.0.0.1/gs );
# History with 1 successLogin
@@ -49,8 +47,7 @@ expectOK($res);
$client->logout($id1);
## Second successful connection
-ok(
- $res = $client->_post(
+ok( $res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho&checkLogins=1'),
length => 37,
@@ -72,8 +69,7 @@ count(2);
$client->logout($id1);
## First failed connection
-ok(
- $res = $client->_post(
+ok( $res = $client->_post(
'/',
IO::String->new('user=dwho&password=ohwd'),
length => 23
@@ -84,8 +80,7 @@ count(1);
expectReject($res);
## Second failed connection
-ok(
- $res = $client->_post(
+ok( $res = $client->_post(
'/',
IO::String->new('user=dwho&password=ohwd'),
length => 23
@@ -96,8 +91,7 @@ count(1);
expectReject($res);
## Third successful connection
-ok(
- $res = $client->_post(
+ok( $res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho&checkLogins=1'),
length => 37,
@@ -113,8 +107,8 @@ ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' );
@c = ( $res->[2]->[0] =~ / | 127.0.0.1/gs );
my @cf = ( $res->[2]->[0] =~ /PE5<\/td>/gs );
-# History with 5 success
-ok( @c == 5, ' -> Five entries found' );
+# History with 5 entries
+ok( @c == 5, ' -> Five entries found' );
ok( @cf == 2, " -> Two 'failedLogin' entries found" );
count(3);
|